F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe |
||
---|---|---|
#0
| ||
29.05.2005, 17:48
Ehrenmitglied
Beiträge: 29434 |
||
|
||
31.05.2005, 12:53
Member
Themenstarter Beiträge: 11 |
#17
hi, hier der log:
Ad-Aware SE Build 1.06r1 Logfile Created on:Montag, 30. Mai 2005 13:49:26 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R47 24.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):49 total references SecretCrush(TAC index:3):1 total references Tracking Cookie(TAC index:3):1 total references VX2(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R47 24.05.2005 Internal build : 55 File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 476246 Bytes Total size : 1439523 Bytes Signature data size : 1408291 Bytes Reference data size : 30720 Bytes Signatures total : 40174 CSI Fingerprints total : 886 CSI data size : 30371 Bytes Target categories : 15 Target families : 679 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Non Intel Memory available:29 % Total physical memory:523764 kb Available physical memory:149772 kb Total page file size:1280780 kb Available on page file:1003880 kb Total virtual memory:2097024 kb Available virtual memory:2046792 kb OS:Microsoft Windows XP Home Edition (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk Thread Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 30.05.2005 13:49:26 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Tobi`\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\adobe\photoshop\7.0\visiteddirs Description : adobe photoshop 7 recent work folders MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\clip organizer\search\last query Description : last query in microsoft clip organizer MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\office\10.0\word\recent templates Description : list of recent templates used by microsoft word MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-602162358-1292428093-725345543-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 512 ThreadCreationTime : 30.05.2005 06:42:00 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 568 ThreadCreationTime : 30.05.2005 06:42:03 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 592 ThreadCreationTime : 30.05.2005 06:42:04 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 636 ThreadCreationTime : 30.05.2005 06:42:04 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 648 ThreadCreationTime : 30.05.2005 06:42:04 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 816 ThreadCreationTime : 30.05.2005 06:42:05 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 968 ThreadCreationTime : 30.05.2005 06:42:05 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1180 ThreadCreationTime : 30.05.2005 06:42:06 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1204 ThreadCreationTime : 30.05.2005 06:42:06 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1396 ThreadCreationTime : 30.05.2005 06:42:06 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1540 ThreadCreationTime : 30.05.2005 06:42:10 BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:12 [directcd.exe] ModuleName : C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe Command Line : "C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe" ProcessID : 1640 ThreadCreationTime : 30.05.2005 06:42:12 BasePriority : Normal FileVersion : 5.10 (126) ProductVersion : 5.10 (126) ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001, Roxio, Inc. OriginalFilename : Directcd.exe #:13 [mbm5.exe] ModuleName : C:\Program Files\Motherboard Monitor 5\MBM5.EXE Command Line : "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" ProcessID : 1656 ThreadCreationTime : 30.05.2005 06:42:12 BasePriority : Normal FileVersion : 5.3.4.0 ProductVersion : 5.0 ProductName : Motherboard Monitor 5 CompanyName : Alex van Kaam FileDescription : MBM 5 Core EXE InternalName : MBM5.EXE LegalCopyright : 2000-2002 Alex van Kaam OriginalFilename : MBM5.EXE #:14 [mcvsshld.exe] ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" ProcessID : 1700 ThreadCreationTime : 30.05.2005 06:42:12 BasePriority : Normal FileVersion : 8, 0, 0, 15 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsshld.exe Comments : McAfee VirusScan ActiveShield Resource #:15 [mcagent.exe] ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe" ProcessID : 1708 ThreadCreationTime : 30.05.2005 06:42:12 BasePriority : Normal FileVersion : 5, 1, 0, 2 ProductVersion : 5, 1, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : mcagent.exe #:16 [mpftray.exe] ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe Command Line : "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ProcessID : 1732 ThreadCreationTime : 30.05.2005 06:42:13 BasePriority : Normal FileVersion : 5.0.1.5 ProductVersion : 5.0.1.5 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Tray Monitor InternalName : MpfTray LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFTRAY.EXE Comments : Tray Icon for McAfee Personal Firewall #:17 [qttask.exe] ModuleName : C:\Programme\QuickTime\qttask.exe Command Line : "C:\Programme\QuickTime\qttask.exe" -atboottime ProcessID : 1748 ThreadCreationTime : 30.05.2005 06:42:13 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:18 [opware32.exe] ModuleName : C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe Command Line : "C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe" ProcessID : 1756 ThreadCreationTime : 30.05.2005 06:42:13 BasePriority : Normal FileVersion : 11.0 ProductVersion : 11.0 ProductName : OmniPage Pro CompanyName : ScanSoft, Inc FileDescription : OCR Aware (32-bit) InternalName : Opware32.exe LegalCopyright : Copyright © 1995-2000 ScanSoft, Inc OriginalFilename : Opware32.exe #:19 [mcvsescn.exe] ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled ProcessID : 1788 ThreadCreationTime : 30.05.2005 06:42:13 BasePriority : Normal FileVersion : 8, 0, 0, 30 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:20 [em_exec.exe] ModuleName : C:\Programme\Logitech\MouseWare\system\em_exec.exe Command Line : "C:\Programme\Logitech\MouseWare\system\em_exec.exe" ProcessID : 1824 ThreadCreationTime : 30.05.2005 06:42:13 BasePriority : Normal FileVersion : 9.76.046 ProductVersion : 9.76.046 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:21 [mpfagent.exe] ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding ProcessID : 144 ThreadCreationTime : 30.05.2005 06:42:16 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Agent Interface InternalName : MpfAgent LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFAGENT.EXE Comments : McAfee Personal Firewall Security Center Module #:22 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 1528 ThreadCreationTime : 30.05.2005 06:43:15 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:23 [avwupsrv.exe] ModuleName : C:\Programme\AVPersonal\AVWUPSRV.EXE Command Line : "C:\Programme\AVPersonal\AVWUPSRV.EXE" ProcessID : 1592 ThreadCreationTime : 30.05.2005 06:43:15 BasePriority : Normal #:24 [mcvsrte.exe] ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding ProcessID : 1692 ThreadCreationTime : 30.05.2005 06:43:15 BasePriority : Normal FileVersion : 8, 0, 0, 12 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsrte.exe Comments : McAfee VirusScan Real-time Engine #:25 [mpfservice.exe] ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe ProcessID : 1632 ThreadCreationTime : 30.05.2005 06:43:16 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall CompanyName : McAfee Corporation FileDescription : McAfee Personal Firewall Service InternalName : MPFService LegalCopyright : Copyright © 2000,2001 OriginalFilename : MpfService.exe Comments : McAfee Personal Firewall Service #:26 [nvsvc32.exe] ModuleName : C:\WINDOWS\System32\nvsvc32.exe Command Line : C:\WINDOWS\System32\nvsvc32.exe ProcessID : 1800 ThreadCreationTime : 30.05.2005 06:43:16 BasePriority : Normal FileVersion : 6.13.10.4109 ProductVersion : 6.13.10.4109 ProductName : NVIDIA Driver Helper Service, Version 41.09 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 41.09 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:27 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 1820 ThreadCreationTime : 30.05.2005 06:43:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:28 [mspmspsv.exe] ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe Command Line : C:\WINDOWS\System32\MsPMSPSv.exe ProcessID : 1884 ThreadCreationTime : 30.05.2005 06:43:17 BasePriority : Normal FileVersion : 7.01.00.3055 ProductVersion : 7.01.00.3055 ProductName : Microsoft (R) DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:29 [mcshield.exe] ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe ProcessID : 876 ThreadCreationTime : 30.05.2005 06:43:30 BasePriority : High #:30 [winamp.exe] ModuleName : C:\Programme\Winamp\winamp.exe Command Line : "C:\Programme\Winamp\winamp.exe" ProcessID : 2536 ThreadCreationTime : 30.05.2005 11:44:34 BasePriority : Normal FileVersion : 2.91 ProductVersion : 2.91 ProductName : Winamp CompanyName : Nullsoft FileDescription : Winamp InternalName : WINAMP LegalCopyright : Copyright © 1997-2003, Nullsoft, Inc. LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc. OriginalFilename : Winamp.exe Comments : Visit http://www.winamp.com/ for updates. #:31 [firefox.exe] ModuleName : C:\Programme\Mozilla Firefox\firefox.exe Command Line : "C:\Programme\Mozilla Firefox\firefox.exe" ProcessID : 1124 ThreadCreationTime : 30.05.2005 11:44:41 BasePriority : Normal #:32 [ad-aware.exe] ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2184 ThreadCreationTime : 30.05.2005 11:46:27 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:33 [icq.exe] ModuleName : C:\Programme\ICQ\Icq.exe Command Line : "C:\Programme\ICQ\Icq.exe" ProcessID : 2872 ThreadCreationTime : 30.05.2005 11:48:51 BasePriority : Normal FileVersion : 5,5,6,3916 ProductVersion : 2003b ProductName : ICQ CompanyName : ICQ Inc. FileDescription : ICQ InternalName : ICQ LegalCopyright : Copyright © 1996 - 2001 ICQ Inc. All Rights Reserved. OriginalFilename : ICQ.exe Comments : ICQ V2003b Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : tobi`@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookie:tobi`@2o7.net/ Expires : 29.05.2010 12:26:08 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 50 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : File Data : A0050897.exe TAC Rating : 10 Category : Malware Comment : Object : C:\System Volume Information\_restore{05552995-187E-4DB2-8334-C9295057C079}\RP425\ SecretCrush Object Recognized! Type : File Data : A0050898.exe TAC Rating : 3 Category : Malware Comment : Object : C:\System Volume Information\_restore{05552995-187E-4DB2-8334-C9295057C079}\RP425\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 52 Deep scanning and examining files (F »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for F:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 52 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 52 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 52 14:17:11 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:27:44.437 Objects scanned:203805 Objects identified:3 Objects ignored:0 New critical objects:3 |
|
|
||
01.06.2005, 12:52
Ehrenmitglied
Beiträge: 29434 |
#18
Hallo@t0b1
loesche mit der Killbox: C:\WINDOWS\qhelkj.exe C:\WINDOWS\system32\nbggc1.exe C:\WINDOWS\system32\nbggcndw30103lib.dll C:\WINDOWS\webhdll.dll_tobedeleted C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL C:\!Submit\Nail.exe C:\!Submit\nbggc.exe C:\WINDOWS\system32\xmlparse.dll C:\WINDOWS\system32\xmltok.dll PC neustarten loesche: C:\Programme\MyWay C:\Programme\srng nun poste bitte das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.06.2005, 18:52
Member
Themenstarter Beiträge: 11 |
#19
hi, den post vom hijack this editier ich gleich hier rein, nur eine frage: kann ich eigentlich den kompletten "!Submit!" ordner löschen?
|
|
|
||
01.06.2005, 19:26
Ehrenmitglied
Beiträge: 29434 |
||
|
||
04.06.2005, 13:21
Member
Themenstarter Beiträge: 11 |
#21
tut mir leid für die späte antwort, aber ich konnte nicht früher antworten. Von den oben genannten dateien waren leider keiner mehr vorhanden und somit konnte ich auch keine löschen
Habe jetzt trotzdem noch den kompletten !Submit! ordner gelöscht, und hier der HJT log: Logfile of HijackThis v1.99.1 Scan saved at 13:28:44, on 04.06.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\AVPersonal\AVWUPSRV.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Programme\Canon\CanoScan Toolbox Ver4.1\CSTBox.exe C:\Programme\Adobe\Photoshop 7.0\Photoshop.exe C:\Programme\Winamp\winamp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Tobi`\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\WinOnCD\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://express.bilderservice.de/static/download/iedropupload.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/acontix.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/1119/defaults/activex/ImageUploader3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{31EF41DE-1FDA-4636-BAAE-55D3EDEE64BA}: NameServer = 217.237.148.49 217.237.148.65 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: DefWatch - Unknown owner - C:\Programme\NavNT\defwatch.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe |
|
|
||
04.06.2005, 15:37
Ehrenmitglied
Beiträge: 29434 |
#22
Hallo@t0b1
Du musst unbedingt die WindowsUpdates machen (SP2 laden) Fixe mit dem HijackThis: O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/acontix.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: DefWatch - Unknown owner - C:\Programme\NavNT\defwatch.exe (file missing) PC neustarten arbeite das bitte ab und poste alles L2mfix http://virus-protect.org/L2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Webhancer ist ein Programm mit einem WinsockVirus und wenn man den so einfach loescht, ist die Internetverbindung "floeten"
Da die dll jedoch nicht im LSPfix.exe
auftaucht, kannst du sie manuell oder mit der Killbox loeschen
__________
MfG Sabina
rund um die PC-Sicherheit