Home » Viren, Trojaner & Malware Forum » Systemwiederherstellung/Abgesicherter M. gehen nicht, Avast! funktioniert nicht » Themenansicht
Systemwiederherstellung/Abgesicherter M. gehen nicht, Avast! funktioniert nicht |
||
|---|---|---|
| #0
| ||
|
18.02.2008, 23:20
Member
Themenstarter Beiträge: 66 |
||
 
|
|
|
|
18.02.2008, 23:43
Ehrenmitglied
 Beiträge: 1441 |
#32
also noch was aus dem Ärmel zaubern
 poste bitte das log vom Silentruner http://virus-protect.org/silentrunner.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
18.02.2008, 23:59
Member
Themenstarter Beiträge: 66 |
#33
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINXP\system32\ctfmon.exe" [MS] "CCleaner" = ""C:\Programme\CCleaner\CCleaner.exe" /AUTO" ["Piriform Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "EPSON Stylus C62 Series" = "C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"" ["SEIKO EPSON CORPORATION"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "KernelFaultCheck" = "C:\WINXP\system32\dumprep 0 -k" "NVMixerTray" = ""C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINXP\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINXP\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINXP\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINXP\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINXP\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINXP\system32\nvshell.dll" ["NVIDIA Corporation"] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINXP\system32\upnpui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINXP\system32\nvcpl.dll" ["NVIDIA Corporation"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINXP\system32\mmfinfo.dll" [null data] "{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page" -> {HKLM...CLSID} = "Haali Matroska Shell Property Page" \InProcServer32\(Default) = "C:\WINXP\system32\mmfinfo.dll" [null data] "{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Exctractor" -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor" \InProcServer32\(Default) = "C:\WINXP\system32\mmfinfo.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINXP\system32\wpdshserviceobj.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\WINXP\system32\mmfinfo.dll" [null data] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Uli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINXP\system32\sspipes.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\WINXP\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "C:\WINXP\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Einfache TCP/IP-Dienste, SimpTcp, "C:\WINXP\system32\tcpsvcs.exe" [MS] EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"] IPv6-Hilfsdienst, 6to4, "C:\WINXP\system32\svchost.exe -k netsvcs" {"C:\WINXP\System32\6to4svc.dll" [MS]} NVIDIA Display Driver Service, NVSvc, "C:\WINXP\system32\nvsvc32.exe" ["NVIDIA Corporation"] RIP-Überwachung, Iprip, "C:\WINXP\System32\svchost.exe -k netsvcs" {"C:\WINXP\System32\iprip.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"] LPR Port\Driver = "lprmon.dll" [MS] ---------- (launch time: 2008-02-18 23:48:36) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 202 seconds. ---------- (total run time: 584 seconds) |
|
|
|
|
|
|
19.02.2008, 01:14
Ehrenmitglied
Beiträge: 1441 |
#34
das Log ist in Ordnung...
«« Start > Ausführen --> reinschreiben --> cmd und ok. kopiere rein Zitat dir /s /a "c:\sndvol32*.*" > c:\find.txt & start notepad c:\find.txtposte, was erscheint ««««««««««««««« p_s : aus dem Net gefischt: Sound Control installieren, dann sehe, ob die Originale Anwendung wieder funktioniert, neben dem free-Proggie http://www.softlist.net/program/sound_control-download.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
19.02.2008, 01:22
Member
Themenstarter Beiträge: 66 |
#35
Datenträger in Laufwerk C: ist POWERPACK!
Volumeseriennummer: 841F-FFF9 Verzeichnis von c:\WINXP\Help 23.08.2001 13:00 23.919 sndvol32.chm 15.02.2008 07:28 17.959 sndvol32.chw 23.08.2001 13:00 11.375 sndvol32.hlp 3 Datei(en) 53.253 Bytes Verzeichnis von c:\WINXP\system32 23.08.2001 13:00 139.776 sndvol32.exe 1 Datei(en) 139.776 Bytes Anzahl der angezeigten Dateien: 4 Datei(en) 193.029 Bytes 0 Verzeichnis(se), 130.596.417.536 Bytes frei |
|
|
|
|
|
|
19.02.2008, 10:29
Ehrenmitglied
Beiträge: 1441 |
#36
das ist o.k.
versuche e noch mal mit dem free-proggie + berichte __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
|
19.02.2008, 11:50
Member
Themenstarter Beiträge: 66 |
#37
Freies Programm? Du meinst einen Virenscanner?
Ich glaube das ist eher ein Problem von Hard/Software-Zusammenstellung. Hatte zum Beispiel mal den Avast abgestellt und neu gebootet, da war das Symbol dann da. Das kommt auch ungfähr jedes 10 mal, denke. Ist also dann nach dem Booten aktiv. Und dann ist es irgendwann wieder weg. |
|
|
|
|
|
|
19.02.2008, 13:11
Ehrenmitglied
Beiträge: 1441 |
#38
«««««««««««««««
p_s : aus dem Net gefischt: Sound Control installieren, dann sehe, ob die Originale Anwendung wieder funktioniert, neben dem free-Proggie http://www.softlist.net/program/sound_control-download.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ist auch in der 'Msconfig' eingetragen.
Aber eben nach Neustart nicht da.