|
logfiles auswertung von silent runners "Silent Runners.vbs", revision 64, hxxp://www.silentrunners.org/ Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} AVP = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [Kaspersky Lab ZAO] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject -> {HKLM…CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] {73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject -> {HKLM…CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin -> {HKLM…CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM…CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject -> {HKLM…Wow…CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] {73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject -> {HKLM…Wow…CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin -> {HKLM…Wow…CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] {AA609D72-8482-4076-8991-8CDAE5B93BCB}\(Default) = Samsung BHO Helper -> {HKLM…Wow…CLSID} = Samsung BHO Class \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM…Wow…CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated] {dd230880-495a-11d1-b064-008048ec2fc5} = Scan with Kaspersky Anti-Virus -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {E99987AC-6311-4686-B095-EB30B69F9258} = Samsung AnyWeb Print Clipbook - shell extension module of desk band -> {HKLM…Wow…CLSID} = Samsung AnyWeb Print \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {dd230880-495a-11d1-b064-008048ec2fc5} = Scan with Kaspersky Anti-Virus -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll [Kaspersky Lab ZAO] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider -> {HKLM…CLSID} = WLIDCredentialProvider \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM…CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ Media+Player10PlayDVDMovieOnArrival\ Provider = Media+ Player 10 InvokeProgID = DVD InvokeVerb = PlayWithMedia+Player10 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithMedia+Player10\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe" "%L" [CyberLink Corp.] MShowDVFilesArrival\ Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video dv HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MShowPictureFilesArrival\ Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104 InvokeProgID = Picture InvokeVerb = PlayWithMediaShow HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" photo import "%L" [CyberLink Corp.] MShowVideoFilesArrival\ Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104 InvokeProgID = VideoFiles InvokeVerb = PlayWithMediaShow HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video import "%L" [CyberLink Corp.] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] PStarterBlankCDArrival\ Provider = Media Suite InvokeProgID = BlankCD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] PStarterDVDBurningOnArrival\ Provider = Media Suite InvokeProgID = BlankDVD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] PStarterMixedCDArrival\ Provider = Media Suite InvokeProgID = MixedContent InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] PStarterMusicFilesArrival\ Provider = Media Suite InvokeProgID = MusicFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] PStarterPicturesArrival\ Provider = Media Suite InvokeProgID = Picture InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] PStarterVideoFilesArrival\ Provider = Media Suite InvokeProgID = VideoFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] WIA_WPDArrival\ Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe photo import wpd %1 %2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] |
Zitat:
Statt einer Problembeschreibung knalls du hier einfach ein Log von einem Tool rein, welches schon seit Jahren hier nicht mehr verwendet wird! :headbang: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board