Bildschirmschoner fehlt |
||
---|---|---|
#0
| ||
23.03.2006, 08:19
...neu hier
Beiträge: 2 |
||
|
||
23.03.2006, 15:47
Ehrenmitglied
Beiträge: 29434 |
#2
hormar5
hier ist noch einiges zu bereinigen, wie mir scheint.... 1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. poste das log (komplett) vom Silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.03.2006, 20:04
...neu hier
Themenstarter Beiträge: 2 |
#3
Bei den CleanUp Optionen lässt sich die Position Delete Prefech files nicht anhaken. Der Rest erbrachte folgendes Ergebnis.
Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Datentr„gernummer: 3CF2-D412 Verzeichnis von C:\WINNT\system32 23.03.2006 19:07 16.384 Perflib_Perfdata_240.dat 22.03.2006 08:06 16.384 Perflib_Perfdata_244.dat 17.03.2006 18:47 16.384 Perflib_Perfdata_23c.dat 16.03.2006 00:40 16.384 Perflib_Perfdata_234.dat 15.03.2006 13:45 16.384 Perflib_Perfdata_248.dat 15.03.2006 13:44 174.672 FNTCACHE.DAT 15.03.2006 11:53 16.384 Perflib_Perfdata_238.dat 15.03.2006 10:30 16.384 Perflib_Perfdata_24c.dat 15.03.2006 10:07 3.003 config.nt 09.03.2006 16:21 4.799.320 MRT.exe 14.02.2006 09:20 550.120 LegitCheckControl.DLL 31.01.2006 15:04 98.304 dfrg.msc 27.01.2006 23:38 503.296 aswBoot.exe 27.01.2006 23:30 90.112 AVASTSS.scr 07.01.2006 16:31 9.872 printmon.PNF 30.12.2005 17:15 233.744 GDI32.DLL 20.12.2005 19:17 16.832 amcompat.tlb 20.12.2005 19:17 23.392 nscompat.tlb 20.12.2005 19:15 21.817 folder.htt 20.12.2005 19:15 271 desktop.ini 20.12.2005 19:13 525 mapisvc.inf 19.12.2005 19:30 4.730.880 wmp.dll 19.12.2005 18:50 343.012 PerfStringBackup_003.INI 19.12.2005 18:50 343.012 PerfStringBackup_002.INI Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Datentr„gernummer: 3CF2-D412 Verzeichnis von C:\DOKUME~1\Horbach\LOKALE~1\Temp 23.03.2006 19:33 0 Twunk002.MTX 23.03.2006 19:33 219 TWAIN.LOG 23.03.2006 19:33 2 Twain001.Mtx 23.03.2006 19:33 156 Twunk001.MTX 23.03.2006 19:33 1.288 wcesmgr.log 23.03.2006 19:31 1.685 WCESCOMM.LOG 23.03.2006 19:31 222 jusched.log 23.01.2006 15:36 429 datFind.bat 8 Datei(en) 4.001 Bytes 0 Verzeichnis(se), 4.469.259.264 Bytes frei Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Datentr„gernummer: 3CF2-D412 Verzeichnis von C:\WINNT 23.03.2006 19:30 1.305.754 WindowsUpdate.log 23.03.2006 19:28 32.604 SchedLgU.Txt 23.03.2006 19:27 310.412 ShellIconCache 23.03.2006 08:23 67.057 MKDEMSG.LOG 23.03.2006 08:23 2.560 MKDEWE.TRN 22.03.2006 09:15 2.021 KB885492Uninst.log 22.03.2006 09:15 354.715 comsetup.log 22.03.2006 09:15 972.131 iis5.log 22.03.2006 09:15 1.410 imsins.log 22.03.2006 09:14 281.252 ocgen.log 22.03.2006 09:14 25.094 ockodak.log 16.03.2006 14:21 201.812 wmsetup.log 16.03.2006 02:21 115.584 ntbtlog.txt 15.03.2006 13:44 5.869 spupdsvc.log 15.03.2006 13:39 1.429 imsins.BAK 15.03.2006 13:39 18.223 KB911564.log 15.03.2006 13:39 18.314 KB911565.log 15.03.2006 13:38 19.428 KB908519.log 15.03.2006 13:37 41.246 KB912919.log 15.03.2006 13:37 68.184 updspapi.log 15.03.2006 13:37 39.131 KB905915-IE6SP1-20051122.175908.log 15.03.2006 13:35 50.465 KB908523.log 15.03.2006 13:34 46.702 KB896424.log 15.03.2006 13:34 49.774 KB902400.log 15.03.2006 13:32 13.154 KB905495-IE6SP1-20050805.184113.log 15.03.2006 13:32 30.309 KB905749.log 15.03.2006 13:32 32.257 KB900725.log 15.03.2006 13:31 9.923 KB904706.log 15.03.2006 13:31 25.616 KB901017.log 15.03.2006 13:30 26.291 KB899589.log 15.03.2006 13:30 26.584 KB905414.log 15.03.2006 10:29 1.099 ODBC.INI 15.03.2006 07:41 862 win.ini 14.03.2006 12:06 449 Ulead32.ini 23.02.2006 09:55 65 brmx2001.ini 22.02.2006 14:44 1.097.434 setupapi.log 30.01.2006 07:51 79 E 30.01.2006 07:27 485 brwmark.ini 29.01.2006 23:53 141 BRVIDEO.INI 29.01.2006 23:53 39 BRDIAG.INI 29.01.2006 23:53 11.568 HL-1230.INI 29.01.2006 23:53 23 Brownie.ini 29.01.2006 23:53 52 BRPP2KA.INI 29.01.2006 23:52 43 BROWNIE1.LOG 29.01.2006 23:25 1.838 KB894320Uninst.log 29.01.2006 23:25 1.266 KB893756Uninst.log 29.01.2006 23:24 1.737 KB890046Uninst.log 29.01.2006 23:24 1.980 KB883939-IE6SP1-20050428.125228Uninst.log 29.01.2006 23:23 24.659 KB905414Uninst.log 29.01.2006 23:23 1.678 KB901214Uninst.log 29.01.2006 23:22 20.492 KB899589Uninst.log 29.01.2006 23:22 19.466 KB901017Uninst.log 29.01.2006 23:21 20.189 KB904706Uninst.log 29.01.2006 23:21 17.547 KB900725Uninst.log 29.01.2006 23:20 17.539 KB905495-IE6SP1-20050805.184113Uninst.log 29.01.2006 23:19 16.602 KB902400Uninst.log 29.01.2006 23:18 8.750 KB904368Uninst.log 29.01.2006 23:17 7.862 KB896424Uninst.log 29.01.2006 23:16 6.156 KB905915-IE6SP1-20051122.175908Uninst.log 29.01.2006 23:16 3.883 KB908523Uninst.log 29.01.2006 23:14 2.223 KB905749Uninst.log 29.01.2006 23:07 2.245 KB912919Uninst.log 15.01.2006 16:55 1.669 ModemLog_Lucent Technologies Soft Modem AMR.txt 08.01.2006 18:53 3.310 tm.ini 29.12.2005 19:01 21 pcbh32.INI 28.12.2005 19:39 14.694 KB904368.log 28.12.2005 19:37 92.180 UpdateRollupPack.log 28.12.2005 19:36 4.104 updcustom.dll.log 28.12.2005 19:35 27.364 KB893756.log 28.12.2005 19:35 13.144 dahotfix.log 28.12.2005 19:35 2.089 vminst.log 24.12.2005 09:17 84 ? 21.12.2005 16:28 250 system.ini 21.12.2005 13:21 70.861 hpoins05.dat 21.12.2005 11:34 3.124 OEWABLog.txt 20.12.2005 19:26 272.052 setuplog.txt 20.12.2005 19:25 79.910 setupact.log 20.12.2005 19:24 8.329 setuperr.log 20.12.2005 19:19 4.267 ODBCINST.INI 20.12.2005 19:15 271 desktop.ini 20.12.2005 19:15 21.817 folder.htt 20.12.2005 19:13 344 DtcInstall.log 20.12.2005 19:10 266 ModemDet.txt 20.12.2005 19:10 161 mmdet.log 19.12.2005 18:39 337.753 WINNT32.LOG Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger Datentr„gernummer: 3CF2-D412 Verzeichnis von C:\ 23.03.2006 19:41 0 sys.txt 23.03.2006 19:41 14.683 system.txt 23.03.2006 19:40 669 systemtemp.txt 23.03.2006 19:38 100.615 system32.txt 23.03.2006 19:29 133.677.056 hiberfil.sys 23.03.2006 19:29 201.326.592 pagefile.sys 20.03.2006 09:27 172 LxDasi.Log 16.03.2006 02:27 478 rapport.txt 16.03.2006 02:21 3.704 smitfiles.txt "Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "AtiPTA" = "Atiptaxx.exe" ["ATI Technologies, Inc."] "LTSMMSG" = "LTSMMSG.exe" [file not found] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "LaunchAp" = "C:\Programme\FnUtil\Launch Manager\LaunchAp.exe" [empty string] "AcerPowerkey" = ""C:\Programme\Acer\Powerkey\Powerkey.exe"" ["Acer"] "KEYMAP" = "C:\WINNT\System32\Keymap.exe" [null data] "Winupdate" = "regedit /s C:\Winnt\Discover.reg" [MS] "PRPCMonitor" = "PRPCUI.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data] "DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! nwprovau\DLLName = "nwprovau.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "mh" & "All Users" startup folders: ---------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "HPpromotions journeysoftware" -> launches: "C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINNT\system32\msjava.dll" [MS] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Mobilen Favoriten erstellen" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL = "http://www.msn.de" [Strings]: SEARCH_PAGE_URL = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [Strings]: SAFESITE_VALUE = "ie.search.msn.de" [Strings]: MS_START_PAGE_URL = "http://www.msn.de" Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line [Strings]: 4 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] HotkeyService, HotkeyService, "C:\Programme\FnUtil\Launch Manager\hotkeyex.exe" ["Acer"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINNT\system32\HPZipm12.exe" ["HP"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 117 seconds, including 18 seconds for message boxes) "Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "AtiPTA" = "Atiptaxx.exe" ["ATI Technologies, Inc."] "LTSMMSG" = "LTSMMSG.exe" [file not found] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "LaunchAp" = "C:\Programme\FnUtil\Launch Manager\LaunchAp.exe" [empty string] "AcerPowerkey" = ""C:\Programme\Acer\Powerkey\Powerkey.exe"" ["Acer"] "KEYMAP" = "C:\WINNT\System32\Keymap.exe" [null data] "Winupdate" = "regedit /s C:\Winnt\Discover.reg" [MS] "PRPCMonitor" = "PRPCUI.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data] "DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! nwprovau\DLLName = "nwprovau.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "mh" & "All Users" startup folders: ---------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "HPpromotions journeysoftware" -> launches: "C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINNT\system32\msjava.dll" [MS] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Mobilen Favoriten erstellen" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL = "http://www.msn.de" [Strings]: SEARCH_PAGE_URL = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [Strings]: SAFESITE_VALUE = "ie.search.msn.de" [Strings]: MS_START_PAGE_URL = "http://www.msn.de" Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line [Strings]: 4 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] HotkeyService, HotkeyService, "C:\Programme\FnUtil\Launch Manager\hotkeyex.exe" ["Acer"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINNT\system32\HPZipm12.exe" ["HP"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 116 seconds, including 10 seconds for message boxes) "Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "AtiPTA" = "Atiptaxx.exe" ["ATI Technologies, Inc."] "LTSMMSG" = "LTSMMSG.exe" [file not found] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "LaunchAp" = "C:\Programme\FnUtil\Launch Manager\LaunchAp.exe" [empty string] "AcerPowerkey" = ""C:\Programme\Acer\Powerkey\Powerkey.exe"" ["Acer"] "KEYMAP" = "C:\WINNT\System32\Keymap.exe" [null data] "Winupdate" = "regedit /s C:\Winnt\Discover.reg" [MS] "PRPCMonitor" = "PRPCUI.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data] "DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "Systemsteuerungserweiterung für die Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! nwprovau\DLLName = "nwprovau.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "mh" & "All Users" startup folders: ---------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "HPpromotions journeysoftware" -> launches: "C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINNT\system32\msjava.dll" [MS] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Mobilen Favoriten erstellen" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL = "http://www.msn.de" [Strings]: SEARCH_PAGE_URL = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [Strings]: SAFESITE_VALUE = "ie.search.msn.de" [Strings]: MS_START_PAGE_URL = "http://www.msn.de" Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line [Strings]: 4 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] HotkeyService, HotkeyService, "C:\Programme\FnUtil\Launch Manager\hotkeyex.exe" ["Acer"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINNT\system32\HPZipm12.exe" ["HP"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 79 seconds, including 6 seconds for message boxes) |
|
|
||
23.03.2006, 20:24
Ehrenmitglied
Beiträge: 29434 |
#4
abgesehen von
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm sind keine Hinweise auf Virenbefall zu sehen.. Du solltest dich nun an ein Soft/Hardware-Forum wenden. Oder googeln... http://www.administrator.de/Bildschirmschoner_deaktiviert_Desktop-Hintergrundbild.html http://www.supportnet.de/discussion/listmessages.asp?autoid=137614 http://www.windows-tweaks.info/html/controlpanelsecurity1.html Leider kann ich dir bei Hard/Software-Problem nicht weiter helfen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Entfernen von Hardware und Bildschirmschoner nicht mehr aktivieren.
verwendet wird ein Laptop mit win2000profesional.
Beim mechanischen Entfernen der Hardware (Ausschalten eines USB Druckers mit Kartenleser) erscheint der Hinweis vor dem Entfernen der Hardware diese zu deaktivieren. Unzulössiges entfernen des Gerätes Gerät mit Hardwareasistent in der Systemsteuerung deaktivieren. Das Gerät wird jedoch in der Systemsteuerung nicht aufgeführt, und beim Durchsuchen auch nicht gefunden. Ein Anzeigen in der Taskleiste ist nicht möglich.
Der Bildschirmschoner lässt sich ebensowenig einstellen, wobei jedoch die Abschaltung des Gerätes durch die Energieverwaltung aktivieren lässt. Auch hier ist eine Anzeige in der Taskleiste nicht mehr möglich.
Logfile of HijackThis v1.99.1
Scan saved at 08:02:08, on 23.03.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\FnUtil\Launch Manager\hotkeyex.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\FnUtil\Launch Manager\LaunchAp.exe
C:\Programme\Acer\Powerkey\Powerkey.exe
C:\WINNT\System32\Keymap.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\HORBACH\EIGENE~1\SOFTWARE\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Horbach\Lokale Einstellungen\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\FnUtil\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programme\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [KEYMAP] C:\WINNT\System32\Keymap.exe
O4 - HKLM\..\Run: [Winupdate] regedit /s C:\Winnt\Discover.reg
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122202378907
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122202339230
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: HotkeyService - Acer - C:\Programme\FnUtil\Launch Manager\hotkeyex.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe