Windows startet nicht mehr wie gewohnt! ???

#0
08.12.2005, 22:43
Member

Beiträge: 18
#1 Hallo,

seit gestern ist es so, dass wenn ich Windows starte, dass der Laptop nicht wie immer direkt hochfährt, sondern jetzt immer verlangt, dass ich auf mein Benutzerkontobutton klicke, damit er richtig hochfährt. WIN xp!

Ausserdem ist es so, dass wenn der PC in den Bildschirmschoner geht und ich die Maus (oder ne andere Taste) drücke, sodass der Schoner wieder ausgeht, muss ich wieder erst mein Benutzerkonto einklicken.
(Quasi der Bildschirm, wenn man Benutzerkonten wechseln will oder abmelden...).

Ich schreibe hier ins Forum, da ich schon öfters mit Syps etc. zutun hatte, jedesmal konnte mir hier geholfen werden!

Da ich gestern auch ne Spy meldung hatte, vermute ich stark, dass es damit zusammen hängt! ODer mjuss ich einfach ne EInstellung in WIn ändern?

Bitte helft mir!!!

Vielen Vielen Dank!

Domi
Seitenanfang Seitenende
09.12.2005, 14:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Domi1

eine Glaskugel , in die wir flugs schauen koennen.....haben wir hier leider nicht ;)

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2005, 16:30
Member

Themenstarter

Beiträge: 18
#3 oh..ja, sorry. Hatte ich ganz vergessen:

Logfile of HijackThis v1.99.1
Scan saved at 16:28:46, on 10.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sony\vaio media music server\SSSvr.exe
C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint\Apntex.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\BT500\BTTray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\PowerPanel\Program\PcfMgr.exe
C:\Programme\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\BT500\BTStackServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Domink Rohde\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: RtlWake.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093005252250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Programme\Sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe



Vielen Dank für Deine Hilfsbereitschaft!!

Viele Grüße,

domi
Seitenanfang Seitenende
10.12.2005, 19:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ich kann nichts finden...

kopiere hier das Log vom Silentrunner
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2005, 20:10
Member

Themenstarter

Beiträge: 18
#5 Danke schonmal Sabina!

Ich hab das jetzt mit dem Prog. gemacht, achtung, kommt so einiges...:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programme\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"SigmaTel StacMon" = "C:\Programme\SigmaTel\C-Major Audio\stacmon.exe" [null data]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"HKSERV.EXE" = "C:\Programme\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"]
"ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]
"Drag'n Drop CD+DVD" = "C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp" [empty string]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Domink Rohde\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS]


Startup items in "Domink Rohde" & "All Users" startup folders:
--------------------------------------------------------------

C:\Dokumente und Einstellungen\Domink Rohde\Startmenü\Programme\Autostart
"Outlook Express" -> shortcut to: "C:\Programme\Outlook Express\msimn.exe" [MS]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"BTTray" -> shortcut to: "C:\Programme\BT500\BTTray.exe" ["WIDCOMM Inc."]
"PowerPanel" -> shortcut to: "C:\Programme\PowerPanel\Program\PcfMgr.exe /launch" ["Phoenix Technologies Ltd."]
"RtlWake" -> shortcut to: "C:\Programme\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" [file not found]
"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" [file not found]
"Norton AntiVirus - Meinen Computer prüfen" -> launches: "C:\PROGRA~1\NORTON~2\NAVW32.exe /task:C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 40
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
VAIO Media Music Server (Application), VAIOMediaPlatform-MusicServer-AppServer, ""C:\Programme\Sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application)"" ["Sony Corporation"]
VAIO Media Photo Server (Application), VAIOMediaPlatform-PhotoServer-AppServer, "C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe" [empty string]
VAIO Media Photo Server (HTTP), VAIOMediaPlatform-PhotoServer-HTTP, ""C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"" ["Sony Corporation"]
VAIO Media Photo Server (UPnP), VAIOMediaPlatform-PhotoServer-UPnP, "C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 39 seconds, including 6 seconds for message boxes)


Vielen Dank für die Hilfe!!!

Domi
Seitenanfang Seitenende
10.12.2005, 21:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 also, es ist wirklich nichts zu finden....allerdings sollen sich zwei aktive Virenscanner nicht vertragen und die hast du. entscheide dich fuer einen

dann:

kopiere hier die 4 Textdateien
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2005, 21:19
Member

Themenstarter

Beiträge: 18
#7 ach danke Sabina, aber ich hab den Fehler jetzt selbst gefunden. Da hat sich irgendwie so ein "Schatten" Benutzerkonto (von selber? - Spy?) installiert (ich hab es jedenfalls nicht angelegt). Hab es in der Systemsteuerung nun gelöscht. Jetzt ist wieder alles normal.

Aber sehr serh seltam, denn ich konnte es nicht anwählen, beim Auswählen des Benutzerkontos.

Aber vielen Dank fürs professionelle Prüfen meiner LOGs (es wurde ja auch mal wieder langsam Zeit bei meinem Laptop..:-))

Gruß,

Domi (ich weiss, ich kann mich hier immer auch Euch verlassen..)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: