Windows Explorer schließt sich |
||
---|---|---|
#0
| ||
18.05.2005, 19:38
Member
Beiträge: 16 |
||
|
||
19.05.2005, 23:35
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Asti
Du scheinst keinen Virenscanner zu haben. Beginnen wir damit. 1. Lade Antivirus (free), gehe in den abgesicherten Modus und scanne (poste dann das Log vom Scann) http://virus-protect.org/antivirenfree.html 2.Lade AdAware, scanne+ poste den Report http://virus-protect.org/antispywaretools.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.05.2005, 00:53
Member
Themenstarter Beiträge: 16 |
#3
AdAware-VX2 Cleaner
oder Ad-aware SE Personal downloaden?oder ist das egal? aber danke schonmal! ich hatte vorher McAfee aber nach der formatierung wars weg und ich weiß nun nicht mehr wo ichs free herkriege mcafee war ganz okay! THX schonmal für deinen ratschlag sabrina! werd ich die kommenden tage so machen! |
|
|
||
20.05.2005, 10:02
Ehrenmitglied
Beiträge: 29434 |
#4
Ad-aware SE Personal reicht fuer den Anfang+ Antivirus (poste dann alle Reports)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2005, 18:09
Member
Themenstarter Beiträge: 16 |
#5
Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 21. Mai 2005 17:57:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R46 17.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie(TAC index:3):10 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 21.05.2005 17:57:45 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 460 ThreadCreationTime : 21.05.2005 14:00:29 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 524 ThreadCreationTime : 21.05.2005 14:00:31 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 548 ThreadCreationTime : 21.05.2005 14:00:31 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 592 ThreadCreationTime : 21.05.2005 14:00:31 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 604 ThreadCreationTime : 21.05.2005 14:00:31 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 21.05.2005 14:00:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 21.05.2005 14:00:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 876 ThreadCreationTime : 21.05.2005 14:00:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 928 ThreadCreationTime : 21.05.2005 14:00:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 996 ThreadCreationTime : 21.05.2005 14:00:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1328 ThreadCreationTime : 21.05.2005 14:00:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1448 ThreadCreationTime : 21.05.2005 14:00:33 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:13 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1536 ThreadCreationTime : 21.05.2005 14:00:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:14 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1544 ThreadCreationTime : 21.05.2005 14:00:34 BasePriority : Normal FileVersion : 1, 0, 1, 1 ProductVersion : 1, 0, 1, 1 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright (C) 2002-03 OriginalFilename : CtHelper.EXE #:15 [lvcomsx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1572 ThreadCreationTime : 21.05.2005 14:00:34 BasePriority : Normal FileVersion : 8.3.0.1096 ProductVersion : 8.3.0.1096 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:16 [logitray.exe] FilePath : C:\Programme\Logitech\Video\ ProcessID : 1588 ThreadCreationTime : 21.05.2005 14:00:34 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : LogiTray.exe #:17 [pstrip.exe] FilePath : C:\programme\powerstrip\ ProcessID : 1612 ThreadCreationTime : 21.05.2005 14:00:34 BasePriority : Normal FileVersion : 4.10.03.59 CompanyName : EnTech Taiwan FileDescription : PowerStrip for Windows InternalName : PowerStrip LegalCopyright : Copyright © EnTech Taiwan 1995-2005 OriginalFilename : pstrip.exe #:18 [fxsvr2.exe] FilePath : C:\Programme\Logitech\Video\ ProcessID : 1788 ThreadCreationTime : 21.05.2005 14:00:35 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : QuickCam Framework Server InternalName : FxSvr.EXE LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : FxSvr.EXE #:19 [ctsvccda.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 484 ThreadCreationTime : 21.05.2005 14:00:42 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:20 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 21.05.2005 14:00:42 BasePriority : Normal FileVersion : 6.14.10.7189 ProductVersion : 6.14.10.7189 ProductName : NVIDIA Driver Helper Service, Version 71.89 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 71.89 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:21 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1344 ThreadCreationTime : 21.05.2005 14:00:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1424 ThreadCreationTime : 21.05.2005 14:00:45 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [mspmspsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1560 ThreadCreationTime : 21.05.2005 14:00:45 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft (R) DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:24 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2188 ThreadCreationTime : 21.05.2005 14:00:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:25 [firefox.exe] FilePath : C:\Programme\Mozilla Firefox\ ProcessID : 1716 ThreadCreationTime : 21.05.2005 14:31:00 BasePriority : Normal #:26 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 3860 ThreadCreationTime : 21.05.2005 14:36:50 BasePriority : Normal #:27 [avguard.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 2224 ThreadCreationTime : 21.05.2005 14:37:41 BasePriority : Normal #:28 [avgnt.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 2480 ThreadCreationTime : 21.05.2005 14:37:42 BasePriority : Normal #:29 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 2016 ThreadCreationTime : 21.05.2005 15:57:38 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@atdmt[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:administrator@atdmt.com/ Expires : 05.05.2010 02:00:00 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@adtech[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@adtech.de/ Expires : 17.05.2015 21:21:44 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@tradedoubler[1].txt Category : Data Miner Comment : Hits:10 Value : Cookie:administrator@tradedoubler.com/ Expires : 21.05.2005 04:21:26 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@valueclick[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@valueclick.com/ Expires : 30.04.2030 16:34:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@2o7[2].txt Category : Data Miner Comment : Hits:100 Value : Cookie:administrator@2o7.net/ Expires : 19.05.2010 21:41:28 LastSync : Hits:100 UseCount : 0 Hits : 100 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@as1.falkag[1].txt Category : Data Miner Comment : Hits:41 Value : Cookie:administrator@as1.falkag.de/ Expires : 13.06.2005 14:49:18 LastSync : Hits:41 UseCount : 0 Hits : 41 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@weborama[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:administrator@weborama.fr/ Expires : 07.05.2007 00:06:42 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@doubleclick[2].txt Category : Data Miner Comment : Hits:15 Value : Cookie:administrator@doubleclick.net/ Expires : 05.05.2008 15:09:40 LastSync : Hits:15 UseCount : 0 Hits : 15 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@serving-sys[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:administrator@serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@mediaplex[1].txt Category : Data Miner Comment : Hits:8 Value : Cookie:administrator@mediaplex.com/ Expires : 22.06.2009 02:00:00 LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 10 Objects found so far: 10 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 10 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 18:03:43 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:57.671 Objects scanned:98264 Objects identified:10 Objects ignored:0 New critical objects:10 |
|
|
||
22.05.2005, 11:04
Ehrenmitglied
Beiträge: 29434 |
#6
welche "bestimmte Ordner" sind es denn, bei denen sich der WindowsExplorer bei anklicken schliesst ?
silentrunners http://www.silentrunners.org/sr_download.html gehe auf: Zitat: Click here to download a zip file. hier die Erklaerung: http://www.silentrunners.org/sr_scriptuse.html klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor--> und poste alles, was angezeigt wird. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.05.2005, 21:50
Member
Themenstarter Beiträge: 16 |
#7
ich hab zwar schon nen Virusscan mit AntiVirus gemacht...hat aber nix angezeigt an viren...war aber auch nicht im abgesicherten modus! bin nich so der profi^^ wie komm ich denn in den abgesicherten modus?
die ordner : E:\Marcel\Movies\counterstrike E:\Marcel\Movies\Best Cs file : "Silent Runners.vbs", revision 37, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LogitechSoftwareUpdate" = "C:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."] "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "Steam" = ""d:\steam\steam.exe" -silent" ["Valve Corporation"] "MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe" ["MyWebSearch.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = "C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe" [empty string] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe" ["Logitech Inc."] "LogitechVideoTray" = "C:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "Mirabilis ICQ" = "C:\PROGRA~1\ICQ\ICQNet.exe" [null data] "PowerStrip" = "c:\programme\powerstrip\pstrip.exe" ["EnTech Taiwan"] "AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe" ["MyWebSearch.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL" ["MyWebSearch.com"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL" ["MyWebSearch.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Eigene Logitech-Bilder" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] Enabled Active Desktop and Wallpaper: ------------------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart "MyWebSearch Email Plugin" -> shortcut to: "C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE" ["MyWebSearch.com"] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "MyWebSearch Email Plugin" -> shortcut to: "C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE" ["MyWebSearch.com"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\ (Default) = "My Web Search Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ (Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {6224F700-CBA3-4071-B251-47CB894244CD}\ "ButtonText" = "ICQ Pro" "MenuText" = "ICQ" "Exec" = "C:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\Programme\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] iPod Service, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- |
|
|
||
24.05.2005, 22:43
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@Asti
gehe in die Registry Start-->Ausfuehren-->regedit (reinschreiben) HKLM\Software\Classes\CLSID\ loeschen (mit rechtsklick) {1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\ (Default) = "My Web Search Quick View" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ loeschen: {07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO" loesche mit der Killbox: http://virus-protect.org/killbox.html C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL C:\Programme\MyWebSearch\bar\5.bin\MWSOEPLG.DLL PC neustarten C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart loeschen: "MyWebSearch Email Plugin" mache einen Onlinescan mit panda (wenn dein Antivirus "meckert"--> nicht beachten) http://virus-protect.org/onlinescan.html berichte vom Scan + HijackThis http://www.downloads.subratam.org/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Lade/entpacke HijackThis in einem Ordner -->None of the above, just start the program --> Save--> Savelog -->es öffnet sich der Editor --> oder: Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.05.2005, 14:50
Member
Themenstarter Beiträge: 16 |
#9
hm es fängt schon damit an, dass ich HKEY Local Machine Software\Classes\CLSID
nich finden kann bis classes komm ich schon...aber "CLSID" steht bei mir niergends?! o.Ò |
|
|
||
26.05.2005, 15:19
Ehrenmitglied
Beiträge: 29434 |
#10
HKey_Lokal_Machine-->Software-->Classes-->CLSID HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} --------------------------------------------------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ loeschen: {07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.05.2005, 17:39
Member
Themenstarter Beiträge: 16 |
||
|
||
27.05.2005, 23:44
Ehrenmitglied
Beiträge: 29434 |
#12
loesche mit der Killbox:
http://virus-protect.org/killbox.html C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL C:\Programme\MyWebSearch\bar\5.bin\MWSOEPLG.DLL PC neustarten C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart loeschen: "MyWebSearch Email Plugin" mache einen Onlinescan mit panda (wenn dein Antivirus "meckert"--> nicht beachten) http://virus-protect.org/onlinescan.html berichte vom Scan •Ad-aware SE Personal 1.05 Updated http://virus-protect.org/antispywaretools.html Laden--> Updaten-->Konfigurieren http://virus-protect.org/adaware.html #VOR jedem Scanvorgang das Programm Updaten! waehrend des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein! scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.05.2005, 13:35
Member
Themenstarter Beiträge: 16 |
#13
panda geht nicht!
"Error on downloading Panda ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again" ich konnte alles löschen mit der killbox AUßER : C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL |
|
|
||
29.05.2005, 13:48
Ehrenmitglied
Beiträge: 29434 |
#14
•Ad-aware SE Personal 1.05 Updated
http://virus-protect.org/antispywaretools.html Laden--> Updaten-->Konfigurieren http://virus-protect.org/adaware.html #VOR jedem Scanvorgang das Programm Updaten! waehrend des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein! scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.05.2005, 15:37
Member
Themenstarter Beiträge: 16 |
#15
Ad-Aware SE Build 1.06r1
Logfile Created on:Sonntag, 29. Mai 2005 15:32:47 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R47 24.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):26 total references Tracking Cookie(TAC index:3):12 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 29.05.2005 15:32:47 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-515967899-1214440339-839522115-500\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 460 ThreadCreationTime : 29.05.2005 13:32:07 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 524 ThreadCreationTime : 29.05.2005 13:32:09 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 548 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 592 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 604 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 876 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 928 ThreadCreationTime : 29.05.2005 13:32:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1072 ThreadCreationTime : 29.05.2005 13:32:11 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1356 ThreadCreationTime : 29.05.2005 13:32:11 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1464 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:13 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1544 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:14 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1556 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 1, 0, 1, 1 ProductVersion : 1, 0, 1, 1 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright (C) 2002-03 OriginalFilename : CtHelper.EXE #:15 [lvcomsx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1580 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 8.3.0.1096 ProductVersion : 8.3.0.1096 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:16 [logitray.exe] FilePath : C:\Programme\Logitech\Video\ ProcessID : 1600 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : LogiTray.exe #:17 [pstrip.exe] FilePath : C:\programme\powerstrip\ ProcessID : 1628 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 4.10.03.59 CompanyName : EnTech Taiwan FileDescription : PowerStrip for Windows InternalName : PowerStrip LegalCopyright : Copyright © EnTech Taiwan 1995-2005 OriginalFilename : pstrip.exe #:18 [avgnt.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 1636 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal #:19 [ituneshelper.exe] FilePath : C:\Programme\iTunes\ ProcessID : 1660 ThreadCreationTime : 29.05.2005 13:32:12 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:20 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_01\bin\ ProcessID : 1768 ThreadCreationTime : 29.05.2005 13:32:13 BasePriority : Normal #:21 [fxsvr2.exe] FilePath : C:\Programme\Logitech\Video\ ProcessID : 1932 ThreadCreationTime : 29.05.2005 13:32:13 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : QuickCam Framework Server InternalName : FxSvr.EXE LegalCopyright : (c) 1996-2004 Logitech. All rights reserved. OriginalFilename : FxSvr.EXE #:22 [avguard.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 508 ThreadCreationTime : 29.05.2005 13:32:19 BasePriority : Normal #:23 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 660 ThreadCreationTime : 29.05.2005 13:32:19 BasePriority : Normal #:24 [ctsvccda.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 712 ThreadCreationTime : 29.05.2005 13:32:19 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:25 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 908 ThreadCreationTime : 29.05.2005 13:32:20 BasePriority : Normal FileVersion : 6.14.10.7189 ProductVersion : 6.14.10.7189 ProductName : NVIDIA Driver Helper Service, Version 71.89 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 71.89 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:26 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1460 ThreadCreationTime : 29.05.2005 13:32:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:27 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1000 ThreadCreationTime : 29.05.2005 13:32:23 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:28 [mspmspsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1736 ThreadCreationTime : 29.05.2005 13:32:23 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft (R) DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:29 [ipodservice.exe] FilePath : C:\Programme\iPod\bin\ ProcessID : 280 ThreadCreationTime : 29.05.2005 13:32:25 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:30 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1276 ThreadCreationTime : 29.05.2005 13:32:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:31 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2648 ThreadCreationTime : 29.05.2005 13:32:41 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:administrator@atdmt.com/ Expires : 05.05.2010 02:00:00 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@adtech[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@adtech.de/ Expires : 17.05.2015 21:21:44 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@tradedoubler[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:12 Value : Cookie:administrator@tradedoubler.com/ Expires : 28.05.2005 00:42:44 LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@valueclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@valueclick.com/ Expires : 30.04.2030 16:34:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:140 Value : Cookie:administrator@2o7.net/ Expires : 28.05.2010 13:36:28 LastSync : Hits:140 UseCount : 0 Hits : 140 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@servedby.advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@servedby.advertising.com/ Expires : 27.06.2005 15:47:48 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@as1.falkag[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:41 Value : Cookie:administrator@as1.falkag.de/ Expires : 13.06.2005 14:49:18 LastSync : Hits:41 UseCount : 0 Hits : 41 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@weborama[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:administrator@weborama.fr/ Expires : 07.05.2007 00:06:42 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:16 Value : Cookie:administrator@doubleclick.net/ Expires : 05.05.2008 15:09:40 LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:administrator@serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:17 Value : Cookie:administrator@mediaplex.com/ Expires : 22.06.2009 02:00:00 LastSync : Hits:17 UseCount : 0 Hits : 17 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@advertising.com/ Expires : 27.05.2010 15:47:48 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 12 Objects found so far: 38 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 38 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 15:36:42 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:03:54.828 Objects scanned:102001 Objects identified:12 Objects ignored:0 New critical objects:12 |
|
|
||
mein Windows Explorer schließt sich immer automatisch, sobald ich bestimmte ordner öffne! kann mir jem helfen?
Log file :
Logfile of HijackThis v1.99.1
Scan saved at 19:30:59, on 18.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\programme\powerstrip\pstrip.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
D:\steam\steam.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Winamp\winamp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.937\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.themisters.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
thx schonmal
Mfg
Asti