Unten rechts in der Leiste gibt es jetzt ein neues Symbol was fast so aussieht wie das von Windows!! und es kommen alls paar sec "You have a Secruity Problem"
Bitte um Hilfe bomber09
[COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color]
Fehlermeldung"You have a secruity problem"
- geschlossen
- bomber09
- 1679 Aufrufe 22 Antworten
Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen
-
Icg habe seit gestern Abend dieses Problem !
Unten rechts in der Leiste gibt es jetzt ein neues Symbol was fast so aussieht wie das von Windows!! und es kommen alls paar sec "You have a Secruity Problem"
Bitte um Hilfe bomber09 -
hihi,
...mehr infos wären nicht schlecht!!was für proggis. im spez. kommen bei dir zum einsatz ??
es handelt sich um ne meldung vom sicherheitscenter,irgendwas stimmt nicht mit deinem virenscanner,nehme ich mal stark an.
lizens abgelaufen,?
key blacklisted,?
firewall checken.?usw. alles eben was mit der sicherheit zu tun hat!!
geh mal ins menue vom virenscanner und check deine einstellungen,meistens bekommst du hier auch schon die antwort durch ein pop fenster selbst.
greets jo
.... wenn du abends in den himmel schaust,dann denke an ihn....
User helfen Usern: die FSB-Tutoren!(Zum Chat) mit den Tutoren
Haltet euch an den Ehrencodex hier im Board -
ne das is noch alles in ordnung das is ne fake wenn ich darauf klicke zeigt der mir an ich soll nen antiwvirus programm installieren aba dann zeit mein richtiger virus scanner an das das was ich installieren soll nen virus is!![COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color]
-
Hört sich ganz nach Spyware an. Lass mal Spybot - Search and Destroy (ist kostenlos) drüberlaufen !
Gruss
Wolf_57 -
-
ja hatte ich auch mal
musste das betriebssystem neu installieren um es wegzubekommen -
Wolf_57 schrieb:
Hört sich ganz nach Spyware an. Lass mal Spybot - Search and Destroy (ist kostenlos) drüberlaufen !
...und auch mit hyjackthis nen logfile erstellen und auf der webseite überprüfen lassen,junge hast dir irgendwas eingefangen.
da handelt es sich um einen veränderten regestryeintrag der geändert werden muss!!
zudem mal die autostarteintäge kontrollieren!!
....und dann würd ich mal deinen virenscanner schärfer einstellen ,oder nen anderen besorgen der was taugt ,-sonst wäre es ja nicht erst soweit gekommen.
greets jo .... wenn du abends in den himmel schaust,dann denke an ihn....
User helfen Usern: die FSB-Tutoren!(Zum Chat) mit den Tutoren
Haltet euch an den Ehrencodex hier im Board -
eindeutig was eingefangen.... ich hoffe, du bist schlau genug, die angebotene SW (sie müssen unbedingt dies & das installieren) abzulehnen
===> verschoben zu den Kollegen der Krankenabteilung, nach Viren, Würmer & Trojaner
gute Besserung, NeHe• Da, wo die Neurosen blüh'n, da möcht' ich Landschaftsgärtner sein! •
Rechteübersicht * Forenregeln * F.A.Q. * Lexikon
Suchfunktion * Chat * User helfen User
Der Minister nimmt flüsternd den Bischof beim Arm: »Halt' du sie dumm, ich halt' sie arm!« (R. Mey) -
Das ist MALWARE versuck mal HiJackThis
es ist ratsam aber den PC zu Formatieren und XP neu draufzumachen
hatte mal den gleichen Fehler beim Kumpel
naja Viel Glück
mfg -
Hallo bomber09,
für dein Problem gibt es hier Hilfe wie du das wieder los wirst. Lese dir die Seite durch und gehe die einzelnen Schritte durch, dann sollte das lästige Zeug wieder weg sein Gruß Fotoprinz -
1.) Poste ein (neues) Hijackthis Logfile
HijackThis Logfileauswertung
2.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.
3.) Führe dieses MBR-Tool aus und poste die Ausgabe.Hier ist es Downzuloaden.
rootkit in master boot record
4.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten
F-Secure Blacklight > Rootkit Elimination Technology
Malwarebytes.org
5.) Führe Silentrunners nach dieser Anleitung aus und poste das Logfile
Silentrunner
Oder mach einfach Format C :
Wer sich solche Sachen auf dem PC einfängt,sollte sich wirklich mal Gedanken über seine Sicherheitstools machen.
Der PC ist irgendwo ungenügend geschützt.Sonst würden solche Malware Programme sich nicht auf dem PC einnisten können.
Also nach einer Neuinstallation des Systems,dieses richtig absichern.
Virenscanner,Firewall,Popup Blocker,Adware Scanner,sind Pflicht in der Heutigen Zeit.
Wer ohne Schutz ins Internet geht,ist selber Schuld.
Greetz[COLOR="Blue"][SIZE="3"]Das Problem ist nicht der Computer,das Problem sitzt davor.[/SIZE][/color]Dieser Beitrag wurde bereits 1 mal editiert, zuletzt von Firecat ()
-
wie kann ich die log datei posten?
mein antivir Probgramm is Avira AntiVir Personal-Free Antivirus
das durch die installation von Blacklight grade deinstalliert wurde[COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color]Dieser Beitrag wurde bereits 3 mal editiert, zuletzt von bomber09 ()
-
Sorry forget it.
Ein komprimittiertes System kriegst Du nicht mehr sauber.
1) Avira Free ist mE Müll
2) Sollten Deine Daten nicht gesichtert sein, kannst von einer RettungsCD booten und versuchen die Daten extern zu sichern
3)Dann wird neu aufgesetzt (incl. Neupartitionierung zuvor), voll geupdatet und ein ordentlicher Virenscann installiert
4)Dann werden die zuvor gesicherten Daten mit dem Virenscan vollständig geprüft und gereinigt
5)Was bei 4 übrig bleibt kannst Du zurück auf Dein System kopieren
mfg
Miraculix -
bomber09 schrieb:
wie kann ich die log datei posten?
mein antivir Probgramm is Avira AntiVir Personal-Free Antivirus
das durch die installation von Blacklight grade deinstalliert wurde
du markierst und kopierst einfach den Text vom Logfile und fügst den hier ein
Gruß FotoprinzGruß Fotoprinz -
HijackThisAlles anzeigen
PHP-Quellcode
- Logfile of Trend Micro HijackThis v2.0.2
- Scan saved at 20:34:41, on 13.12.2008
- Platform: Windows Vista (WinNT 6.00.1904)
- MSIE: Internet Explorer v7.00 (7.00.6000.16386)
- Boot mode: Normal
- Running processes:
- C:\Windows\system32\taskeng.exe
- C:\Windows\system32\Dwm.exe
- C:\Windows\Explorer.EXE
- C:\Program Files\Windows Defender\MSASCui.exe
- C:\hp\support\hpsysdrv.exe
- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
- C:\WINDOWS\RtHDVCpl.exe
- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
- C:\Program Files\Java\jre6\bin\jusched.exe
- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
- C:\Program Files\Winamp\winampa.exe
- C:\WINDOWS\System32\rundll32.exe
- C:\WINDOWS\PixArt\PAC207\Monitor.exe
- C:\WINDOWS\System32\svhost.exe
- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
- C:\Program Files\Windows Sidebar\sidebar.exe
- C:\Program Files\Valve\Steam\Steam.exe
- C:\Program Files\Skype\Phone\Skype.exe
- C:\Windows\System32\mobsync.exe
- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
- C:\Program Files\ICQ6.5\ICQ.exe
- C:\Users\marcel\AppData\Local\Temp\yyy1542.exe
- C:\Program Files\Windows Sidebar\sidebar.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
- C:\Program Files\Skype\Plugin Manager\skypePM.exe
- C:\Windows\system32\wuauclt.exe
- C:\Windows\system32\SearchFilterHost.exe
- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
- R3 - URLSearchHook: (no name) - - (no file)
- R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
- O1 - Hosts: ::1 localhost
- O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
- O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
- O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
- O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
- O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
- O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
- O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
- O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
- O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
- O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
- O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
- O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
- O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
- O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
- O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
- O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
- O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
- O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
- O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
- O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
- O4 - HKLM\..\Run: [svhost] C:\WINDOWS\system32\svhost.exe
- O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
- O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
- O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
- O4 - HKCU\..\Run: [{11BF71CA-F5C0-AE98-09CB-11AAFA56CE30}] C:\Users\marcel\AppData\Roaming:winupd.exe
- O4 - HKCU\..\Run: [winupd.exe] C:\Users\marcel\AppData\Roaming:winupd.exe
- O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
- O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
- O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
- O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SA19B.tmp" /EF "HKCU"
- O4 - HKCU\..\Run: [{B1F199CC-C2D4-6D78-F49D-69FD404D74E2}] C:\Users\marcel\AppData\Roaming\svchost.exe
- O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
- O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
- O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
- O4 - HKCU\..\Run: [Cognac] C:\Users\marcel\AppData\Local\Temp\~tmpb.exe
- O4 - HKCU\..\Run: [MSFox] C:\Users\marcel\AppData\Local\Temp\yyy1542.exe
- O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
- O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
- O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
- O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
- O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
- O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
- O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
- O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
- O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
- O13 - Gopher Prefix:
- O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
- O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
- O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
- O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
- O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
- O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
- O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
- O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
- O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
- O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
- O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
- O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
- O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
- O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
- O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
- O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
- O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software GmbH - C:\Windows\System32\TUProgSt.exe
- --
- End of file - 10301 bytes
Mbr
Blacklight
Malware
SilentrunnerAlles anzeigenQuellcode
- "Silent Runners.vbs", revision 59, http://www.silentrunners.org/
- Operating System: Windows Vista
- Output limited to non-default values, except where indicated by "{++}"
- Startup items buried in registry:
- ---------------------------------
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
- "Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
- "{11BF71CA-F5C0-AE98-09CB-11AAFA56CE30}" = "C:\Users\marcel\AppData\Roaming:winupd.exe" [** WMI GetObject error **]
- "winupd.exe" = "C:\Users\marcel\AppData\Roaming:winupd.exe" [** WMI GetObject error **]
- "Steam" = ""c:\program files\valve\steam\steam.exe" -silent" ['Valve Corporation']
- "Tunebite" = "C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray" [file not found]
- "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ['Skype Technologies S.A.']
- "EPSON Stylus DX4400 Series" = "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SA19B.tmp" /EF "HKCU"" ['SEIKO EPSON CORPORATION']
- "{B1F199CC-C2D4-6D78-F49D-69FD404D74E2}" = "C:\Users\marcel\AppData\Roaming\svchost.exe" [file not found]
- "PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ['Nokia']
- "Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ['Time Information Services Ltd.']
- "ICQ" = ""C:\Program Files\ICQ6.5\ICQ.exe" silent" ['ICQ, Inc.']
- "Cognac" = "C:\Users\marcel\AppData\Local\Temp\~tmpb.exe" [null data]
- "MSFox" = "C:\Users\marcel\AppData\Local\Temp\yyy1542.exe" [null data]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
- "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
- "hpsysdrv" = "c:\hp\support\hpsysdrv.exe" ['Hewlett-Packard Company']
- "OsdMaestro" = ""C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"" ['OsdMaestro']
- "RtHDVCpl" = "RtHDVCpl.exe" ['Realtek Semiconductor']
- "(Default)" = "(empty string)" [file not found]
- "avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ['Avira GmbH']
- "WinSys2" = "C:\Windows\system32\startup.exe" [null data]
- "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ['Sun Microsystems, Inc.']
- "ProfilerU" = "C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" ['Saitek']
- "SaiMfd" = "C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" ['Saitek']
- "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
- "NapsterShell" = "C:\Program Files\Napster\napster.exe /systray" [file not found]
- "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
- "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
- "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
- "Monitor" = "C:\Windows\PixArt\PAC207\Monitor.exe" ['PixArt Imaging Incorporation']
- "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ['Apple Inc.']
- "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ['Adobe Systems Incorporated']
- "svhost" = "C:\WINDOWS\system32\svhost.exe" [null data]
- "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
- "Launcher" = "C:\Windows\SMINST\launcher.exe"
- HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
- >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
- \StubPath = "C:\Windows\system32\ie4uinit.exe -UserIconConfig" [MS]
- {44BBA840-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Windows Mail 7"
- \StubPath = ""C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE" [MS]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
- {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
- \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ['Yahoo! Inc.']
- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Adobe PDF Reader"
- \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ['Adobe Systems Incorporated']
- {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "IsoBuster Toolbar"
- \InProcServer32\(Default) = "C:\Program Files\IsoBuster\tbIsoB.dll" ['Conduit Ltd.']
- {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Groove GFS Browser Helper"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
- \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ['Sun Microsystems, Inc.']
- {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
- \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ['Google Inc.']
- {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
- \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ['Sun Microsystems, Inc.']
- {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
- \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ['IniCom Networks, Inc.']
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
- "{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
- -> {HKLM...CLSID} = "Microsoft Office Outlook"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
- "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
- -> {HKLM...CLSID} = "DesktopContext Class"
- \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ['NVIDIA Corporation']
- "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
- -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
- \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ['RealNetworks, Inc.']
- "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
- -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]
- "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
- -> {HKLM...CLSID} = (no title provided)
- \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
- "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
- -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
- "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
- -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
- "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
- -> {HKLM...CLSID} = "ShellViewRTF"
- \InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ['XSS']
- "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
- -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
- \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ['Avira GmbH']
- "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
- "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
- -> {HKLM...CLSID} = "TuneUp Theme Extension"
- \InProcServer32\(Default) = "C:\Windows\System32\uxtuneup.dll" ['TuneUp Software GmbH']
- "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
- -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ['TuneUp Software GmbH']
- "{4838CD50-7E5D-4811-9B17-C47A85539F28}" = "TuneUp Disk Space Explorer Shell Extension"
- -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ['TuneUp Software GmbH']
- "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
- -> {HKLM...CLSID} = "Nokia Phone Browser"
- \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ['Nokia']
- "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
- -> {HKLM...CLSID} = "Groove GFS Browser Helper"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
- -> {HKLM...CLSID} = "Groove Folder Synchronization"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
- -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
- -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
- -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
- -> {HKLM...CLSID} = "Groove XML Icon Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
- -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
- -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
- -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
- -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
- -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
- -> {HKLM...CLSID} = "Outlook File Icon Extension"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
- <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
- -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
- <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
- -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
- HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
- {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
- -> {HKLM...CLSID} = "PDF Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ['Adobe Systems, Inc.']
- HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
- EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
- -> {HKLM...CLSID} = (no title provided)
- \InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ['SEIKO EPSON CORPORATION']
- Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
- -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
- \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ['Avira GmbH']
- TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
- -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ['TuneUp Software GmbH']
- WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
- XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
- -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
- TuneUp Disk Space Explorer Shell Extension\(Default) = "{4838CD50-7E5D-4811-9B17-C47A85539F28}"
- -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ['TuneUp Software GmbH']
- TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
- -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ['TuneUp Software GmbH']
- WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
- XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
- -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
- Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
- -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
- \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ['Avira GmbH']
- WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
- XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
- -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
- XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
- -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- Group Policies {GPedit.msc branch and setting}:
- -----------------------------------------------
- Note: detected settings may not have any effect.
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
- "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
- "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Behavior Of The Elevation Prompt For Standard Users}
- "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Detect Application Installations And Prompt For Elevation}
- "EnableLUA" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Run All Administrators In Admin Approval Mode}
- "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Only elevate UIAccess applications that are installed in secure locations}
- "EnableVirtualization" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Virtualize file and registry write failures to per-user locations}
- "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Switch to the secure desktop when prompting for elevation}
- "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- Shutdown: Allow system to be shut down without having to log on}
- "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- Devices: Allow undock without having to log on}
- "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Admin Approval Mode for the Built-in Administrator Account}
- Active Desktop and Wallpaper:
- -----------------------------
- Active Desktop may be disabled at this entry:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
- Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
- HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
- "Wallpaper" = "C:\Windows\web\wallpaper\img24.jpg"
- Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
- HKCU\Control Panel\Desktop\
- "Wallpaper" = "C:\Windows\web\wallpaper\img24.jpg"
- Enabled Screen Saver:
- ---------------------
- HKCU\Control Panel\Desktop\
- "SCRNSAVE.EXE" = "C:\Windows\Snow3.scr" [null data]
- Windows Portable Device AutoPlay Handlers
- -----------------------------------------
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
- EpsonCreativitySuite\
- "Provider" = "FileManager"
- "InvokeProgID" = "EpsonCreativitySuite"
- "InvokeVerb" = "Play"
- HKLM\SOFTWARE\Classes\EpsonCreativitySuite\shell\Play\DropTarget\CLSID = "{7720BCC1-4F11-4f17-A80F-0BB69EF9788F}"
- -> {HKLM...CLSID} = (no title provided)
- \LocalServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\File Manager\eppqcom.exe" [null data]
- HPAutoplayPSE\
- "Provider" = "HP Photosmart Essential 2.0"
- "InvokeProgID" = "HpqPSApl.Autoplay"
- "InvokeVerb" = "Play"
- HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"
- -> {HKLM...CLSID} = (no title provided)
- \LocalServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ['Hewlett-Packard']
- LightScribeOnArrivalAP\
- "Provider" = "LightScribe Direct Disc Labeling"
- "InvokeProgID" = "LightScribe.AutoPlayHandler"
- "InvokeVerb" = "LabelLightScribeDisc"
- HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "c:\Program Files\Common Files\LightScribe\LsLauncher.exe" ['Hewlett-Packard Company']
- MediaCapture9Music\
- "Provider" = "Media Import"
- "InvokeProgID" = "RoxioMediaCapture9"
- "InvokeVerb" = "Audio"
- HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Audio\command\(Default) = "c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -audio %L" ['Sonic Solutions']
- MediaCapture9Photos\
- "Provider" = "Media Import"
- "InvokeProgID" = "RoxioMediaCapture9"
- "InvokeVerb" = "Photo"
- HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Photo\command\(Default) = "c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -photo %L" ['Sonic Solutions']
- MediaCapture9VideoCamera\
- "Provider" = "Media Import"
- "ProgID" = "Shell.HWEventHandlerShellExecute"
- "InitCmdLine" = "c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe"
- HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
- -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
- \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
- MediaCapture9Videos\
- "Provider" = "Media Import"
- "InvokeProgID" = "RoxioMediaCapture9"
- "InvokeVerb" = "Video"
- HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Video\command\(Default) = "c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -video %L" ['Sonic Solutions']
- NMMPlayCDAudioOnArrival\
- "Provider" = "Nokia Music Manager"
- "InvokeProgID" = "NokiaMusicManager"
- "InvokeVerb" = "NMMPlayCD"
- HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ['Nokia']
- NMMRipCDAudioOnArrival\
- "Provider" = "Nokia Music Manager"
- "InvokeProgID" = "NokiaMusicManager"
- "InvokeVerb" = "NMMRipCD"
- HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ['Nokia']
- RoxioSCAudioCDTask33\
- "Provider" = "Roxio Creator Audio"
- "InvokeProgID" = "Roxio.RoxioCentral33"
- "InvokeVerb" = "AudioCDTask"
- HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]
- RoxioSCCopyCD33\
- "Provider" = "Roxio Creator Copy"
- "InvokeProgID" = "Roxio.RoxioCentral33"
- "InvokeVerb" = "ExactCopyJob"
- HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]
- RoxioSCCopyDisc33\
- "Provider" = "Roxio Creator Copy"
- "InvokeProgID" = "Roxio.RoxioCentral33"
- "InvokeVerb" = "ExactCopyJob"
- HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]
- RoxioSCDataProject33\
- "Provider" = "Roxio Creator Data"
- "InvokeProgID" = "Roxio.RoxioCentral33"
- "InvokeVerb" = "DataGuide"
- HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]
- RoxioSCDataTask33\
- "Provider" = "Roxio Creator Data"
- "InvokeProgID" = "Roxio.RoxioCentral33"
- "InvokeVerb" = "DataTask"
- HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]
- VLCPlayCDAudioOnArrival\
- "Provider" = "VideoLAN VLC media player"
- "InvokeProgID" = "VLC.CDAudio"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ['VideoLAN Team']
- VLCPlayDVDMovieOnArrival\
- "Provider" = "VideoLAN VLC media player"
- "InvokeProgID" = "VLC.DVDMovie"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ['VideoLAN Team']
- WinampMTPHandler\
- "Provider" = "Winamp"
- "ProgID" = "Shell.HWEventHandlerShellExecute"
- "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
- HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
- -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
- \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
- WinampPlayMediaOnArrival\
- "Provider" = "Winamp"
- "InvokeProgID" = "Winamp.File"
- "InvokeVerb" = "Play"
- HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ['Nullsoft']
- HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
- -> {HKLM...CLSID} = (no title provided)
- \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ['Nullsoft']
- Winsock2 Service Provider DLLs:
- -------------------------------
- Namespace Service Providers
- HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
- 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
- 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
- 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
- 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
- 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
- 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
- Transport Service Providers
- HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
- 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
- %SystemRoot%\system32\mswsock.dll [MS], 01 - 22
- Toolbars, Explorer Bars, Extensions:
- ------------------------------------
- Toolbars
- HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
- "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"
- -> {HKLM...CLSID} = "IsoBuster Toolbar"
- \InProcServer32\(Default) = "C:\Program Files\IsoBuster\tbIsoB.dll" ['Conduit Ltd.']
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
- "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
- -> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker"
- \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ['Yahoo! Inc.']
- "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}" = "IsoBuster Toolbar"
- -> {HKLM...CLSID} = "IsoBuster Toolbar"
- \InProcServer32\(Default) = "C:\Program Files\IsoBuster\tbIsoB.dll" ['Conduit Ltd.']
- Explorer Bars
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
- HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
- Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
- InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]
- HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
- Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
- InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
- Extensions (Tools menu items, main toolbar menu buttons)
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
- {2670000A-7350-4F3C-8081-5663EE0C6C49}\
- "ButtonText" = "An OneNote senden"
- "MenuText" = "An OneNote s&enden"
- "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
- -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]
- {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
- "ButtonText" = "Research"
- {E59EB121-F339-4851-A3BA-FE49C35617C2}\
- "ButtonText" = "ICQ6"
- "MenuText" = "ICQ6"
- "Exec" = "C:\Program Files\ICQ6.5\ICQ.exe" ['ICQ, Inc.']
- Miscellaneous IE Hijack Points
- ------------------------------
- HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
- <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
- -> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker"
- \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ['Yahoo! Inc.']
- <<H>> "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}" = (no title provided)
- -> {HKLM...CLSID} = "IsoBuster Toolbar"
- \InProcServer32\(Default) = "C:\Program Files\IsoBuster\tbIsoB.dll" ['Conduit Ltd.']
- Running Services (Display Name, Service Name, Path {Service DLL}):
- ------------------------------------------------------------------
- Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ['Avira GmbH']
- Avira AntiVir Personal - Free Antivirus Planer, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ['Avira GmbH']
- BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
- Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
- CyberGhost VPN Client, CGVPNCliSrvc, "C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe" ['mobile concepts GmbH']
- Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ['Google']
- LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ['Hewlett-Packard Company']
- NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ['NVIDIA Corporation']
- ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ['Nokia.']
- Steam Client Service, Steam Client Service, "C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService" ['Valve Corporation']
- Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
- Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
- Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}
- Print Monitors:
- ---------------
- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
- EPSON Stylus DX4400 Series 32MonitorBE\Driver = "E_FLBCAE.DLL" ['SEIKO EPSON CORPORATION']
- Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
- ---------- (launch time: 2008-12-13 20:47:22)
- <<!>>: Suspicious data at a malware launch point.
- <<H>>: Suspicious data at a browser hijack point.
- + This report excludes default entries except where indicated.
- + To see *everywhere* the script checks and *everything* it finds,
- launch it from a command prompt or a shortcut with the -all parameter.
- + To search all directories of local fixed drives for DESKTOP.INI
- DLL launch points, use the -supp parameter or answer "No" at the
- first message box and "Yes" at the second message box.
- ---------- (total run time: 74 seconds, including 14 seconds for message boxes)
Welches Antivir Programm könnt ihr mir empfehlen?[COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color] -
-
Jetzt müsste mir nur noch mal einer erklären, wieso Antivir Free mit einem Virenfund-Level von 100% ITW / 99,5% (glaub ich) Zooviren sooo schlecht sein soll. Nur weil es nicht viel Adware findet?
-
Also in deinem HijackThis Log sind einige Sachen drin die nicht hin gehören
beende im Taskmanager folgende Prozesse und lasse die Dateien bei VirusTotal
einmal scannen, poste dann das Ergebnis:
C:Windows\system32\taskeng.exe
C:Windows\system32\Dwm.exe
C:WINDOWS\PixArtPAC207\Monitor.exe
C:WINDOWS\System32\svhost.exe
C:Windows\system32\wuauclt.exe
PS: ich kann dir jetzt schon sagen das beste wird wohl eine Neuinstallation sein. Meine Vermutung gehen zu MYDOOMGruß Fotoprinz -
-
bomber09 schrieb:
hab gelöst
..vll. könntest kurz erläutern wie du es gemacht hast,meine wäre für die nachwelt ganz von vorteil.
..und präfix umstellen nicht vergessen
greets jo .... wenn du abends in den himmel schaust,dann denke an ihn....
User helfen Usern: die FSB-Tutoren!(Zum Chat) mit den Tutoren
Haltet euch an den Ehrencodex hier im Board -
oki ich hab einfach mal alle datei´n mit HijackThis gefixt die fehlerhaft waren un kaspersky installeiert
neustart von windows hat zwart über 5 min gedauert aber jzz geht alles ohne problem un fährt jzz auch wieder schneller hoch
ach und noch was nachdem ersten neustart waren die NETZWERKTREIBER deaktiviert also nich wundere´n wenn ihr kein Internet habt!!!
Gruß bomber09:blink:[COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color] -
bomber09 schrieb:
oki ich hab einfach mal alle datei´n mit HijackThis gefixt die fehlerhaft waren un kaspersky installeiert
Das war das beste was Du tun konntest.Kaspersky ist meiner meinung nach immer noch das beste Antiviren Programm was es gibt.
Freut mich das es Deinem System wieder besser geht.:)
Greetz[COLOR="Blue"][SIZE="3"]Das Problem ist nicht der Computer,das Problem sitzt davor.[/SIZE][/color] -
Freut mich auch sehr doll
un jzz geht Kaspersky auch ohne Probleme[COLOR="Blue"]Meine UP´s Kinder Hörspiele[/color] -
geschlossen
MfG xlemmingx
-
Teilen
- Facebook 0
- Twitter 0
- Google Plus 0
- Reddit 0