| |
| |||||||
Log-Analyse und Auswertung: explorer.exe stürzt ab/lädt neuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2008, 13:15
| #16 |
 |  explorer.exe stürzt ab/lädt neu Nummer 2 Code:
ATTFilter ----- Root -----------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\
17.06.2008 11:56 1.560.281.088 pagefile.sys
11.05.2008 01:14 250.048 ntldr
06.01.2007 16:25 223 boot.ini
06.01.2007 16:10 0 MSDOS.SYS
06.01.2007 16:10 0 IO.SYS
06.01.2007 16:10 0 CONFIG.SYS
06.01.2007 16:10 0 AUTOEXEC.BAT
28.02.2006 14:00 47.564 NTDETECT.COM
8 File(s) 1.560.578.923 bytes
0 Dir(s) 126.678.753.280 bytes free
----- System32 -------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\WINDOWS\system32
17.06.2008 13:09 0 nmp.log
17.06.2008 11:58 43.531 nvapps.xml
16.06.2008 20:06 13.646 wpa.dbl
16.06.2008 18:56 495.195 vwabaGgh.ini
16.06.2008 18:56 344 vwabaGgh.ini2
16.06.2008 17:18 497.003 vxybLRqr.ini
16.06.2008 17:18 496.774 vxybLRqr.ini2
16.06.2008 01:10 495.195 eKSCeMoq.ini
16.06.2008 01:09 344 eKSCeMoq.ini2
16.06.2008 00:57 597.154 wxadcccf.ini
16.06.2008 00:57 596.916 wxadcccf.ini2
05.06.2008 12:46 1.769.352 FNTCACHE.DAT
02.06.2008 22:56 16 servdat.slm
02.06.2008 22:56 355 lsprst7.tgz
02.06.2008 22:56 341 lsprst7.dll
02.06.2008 22:56 14 ssprs.tgz
30.05.2008 01:35 17.486.968 MRT.exe
25.05.2008 21:31 664 d3d9caps.dat
15.05.2008 02:06 0 nsprs.tgz
15.05.2008 02:04 1.025 sysprs7.tgz
11.05.2008 01:24 444.858 perfh009.dat
11.05.2008 01:24 72.356 perfc009.dat
11.05.2008 01:24 526.710 PerfStringBackup.INI
11.05.2008 01:22 249 spupdwxp.log
07.05.2008 07:12 1.288.192 quartz.dll
----- Windows --------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\WINDOWS
17.06.2008 13:11 1.288.310 WindowsUpdate.log
17.06.2008 11:57 0 0.log
17.06.2008 11:56 159 wiadebug.log
17.06.2008 11:56 49 wiaservc.log
17.06.2008 11:56 2.048 bootstat.dat
17.06.2008 01:02 32.598 SchedLgU.Txt
16.06.2008 18:19 385 wininit.ini
16.06.2008 17:40 225.422 ntbtlog.txt
16.06.2008 00:16 1.868 OEWABLog.txt
16.06.2008 00:16 421.709 setupapi.log
14.06.2008 11:52 243 TEXTWARE.INI
14.06.2008 10:28 1.409 QTFont.for
14.06.2008 10:28 54.156 QTFont.qfn
12.06.2008 19:14 123.848 wmsetup.log
11.06.2008 20:03 45.301 tabletoc.log
11.06.2008 20:03 302.778 comsetup.log
11.06.2008 20:03 976.439 iis6.log
11.06.2008 20:03 181.585 ntdtcsetup.log
11.06.2008 20:03 1.374 imsins.log
11.06.2008 20:03 407.006 tsoc.log
11.06.2008 20:03 48.584 ocmsn.log
11.06.2008 20:03 18.591 KB950759-IE7.log
11.06.2008 20:03 155.167 netfxocm.log
11.06.2008 20:03 61.369 MedCtrOC.log
11.06.2008 20:03 426.077 ocgen.log
11.06.2008 20:03 43.948 msgsocm.log
11.06.2008 20:03 883.335 FaxSetup.log
11.06.2008 20:03 274.320 msmqinst.log
11.06.2008 20:02 204.699 updspapi.log
11.06.2008 20:01 1.374 imsins.BAK
11.06.2008 20:01 11.622 KB951698.log
11.06.2008 20:01 6.712 KB950762.log
11.06.2008 20:01 6.187 KB950760.log
11.06.2008 20:01 7.130 KB951376.log
11.05.2008 01:22 40.874 spupdsvc.log
11.05.2008 01:22 359 DtcInstall.log
11.05.2008 01:22 9.627 setuplog.txt
11.05.2008 01:22 187 spupdsvc.log.1.log
11.05.2008 01:20 522.495 svcpack.log
11.05.2008 01:18 400 cmsetacl.log
11.05.2008 01:18 1.281 sessmgr.setup.log
11.05.2008 00:56 20.698 KB892130.log
----- Tasks ----------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\WINDOWS\tasks
17.06.2008 11:59 330 MP Scheduled Scan.job
17.06.2008 11:56 6 SA.DAT
12.06.2008 23:51 284 AppleSoftwareUpdate.job
06.06.2008 17:16 388 1-Click Maintenance.job
28.02.2006 14:00 65 desktop.ini
5 File(s) 1.073 bytes
0 Dir(s) 126.678.614.016 bytes free
----- Wintemp --------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\WINDOWS\temp
17.06.2008 13:56 255 WGAErrLog.txt
17.06.2008 12:17 4.114 MpCmdRun.log
16.06.2008 23:30 0 winA6.tmp
16.06.2008 23:30 0 winA5.tmp
16.06.2008 23:08 0 winA4.tmp
16.06.2008 23:08 0 winA3.tmp
16.06.2008 21:46 0 winA2.tmp
16.06.2008 21:46 0 winA1.tmp
16.06.2008 21:44 0 winA0.tmp
16.06.2008 21:44 0 win9F.tmp
16.06.2008 21:42 0 win9B.tmp
16.06.2008 21:42 0 win9C.tmp
16.06.2008 21:40 0 win99.tmp
16.06.2008 21:40 0 win9A.tmp
16.06.2008 21:38 0 win98.tmp
16.06.2008 21:38 0 win97.tmp
16.06.2008 21:36 0 win95.tmp
16.06.2008 21:36 0 win96.tmp
16.06.2008 21:34 0 win94.tmp
16.06.2008 21:34 0 win93.tmp
16.06.2008 21:32 0 win91.tmp
16.06.2008 21:32 0 win92.tmp
16.06.2008 21:30 0 win8F.tmp
16.06.2008 21:30 0 win90.tmp
16.06.2008 21:28 0 win8D.tmp
16.06.2008 21:28 0 win8E.tmp
16.06.2008 21:26 0 win8B.tmp
16.06.2008 21:26 0 win8C.tmp
16.06.2008 21:24 0 win8A.tmp
16.06.2008 21:24 0 win89.tmp
16.06.2008 21:22 0 win87.tmp
16.06.2008 21:22 0 win88.tmp
16.06.2008 21:20 0 win85.tmp
16.06.2008 21:20 0 win86.tmp
16.06.2008 21:18 0 win83.tmp
16.06.2008 21:18 0 win84.tmp
16.06.2008 21:16 0 win82.tmp
16.06.2008 21:16 0 win81.tmp
16.06.2008 21:14 0 win7F.tmp
16.06.2008 21:14 0 win80.tmp
16.06.2008 21:12 0 win7D.tmp
16.06.2008 21:12 0 win7E.tmp
16.06.2008 21:10 0 win7B.tmp
16.06.2008 21:10 0 win7C.tmp
16.06.2008 21:08 0 win79.tmp
16.06.2008 21:08 0 win7A.tmp
16.06.2008 21:06 0 win78.tmp
16.06.2008 21:06 0 win77.tmp
16.06.2008 21:04 0 win75.tmp
16.06.2008 21:04 0 win76.tmp
16.06.2008 21:02 0 win73.tmp
16.06.2008 21:02 0 win74.tmp
16.06.2008 21:00 0 win71.tmp
16.06.2008 21:00 0 win72.tmp
16.06.2008 20:58 0 win6F.tmp
16.06.2008 20:58 0 win70.tmp
16.06.2008 20:56 0 win6E.tmp
16.06.2008 20:56 0 win6D.tmp
16.06.2008 20:54 0 win6B.tmp
16.06.2008 20:54 0 win6C.tmp
16.06.2008 20:52 0 win69.tmp
16.06.2008 20:52 0 win6A.tmp
16.06.2008 20:50 0 win67.tmp
16.06.2008 20:50 0 win68.tmp
16.06.2008 20:48 0 win65.tmp
16.06.2008 20:48 0 win66.tmp
16.06.2008 20:46 0 win64.tmp
16.06.2008 20:46 0 win63.tmp
16.06.2008 20:44 0 win61.tmp
16.06.2008 20:44 0 win62.tmp
16.06.2008 20:42 0 win5F.tmp
16.06.2008 20:42 0 win60.tmp
16.06.2008 20:40 0 win5D.tmp
16.06.2008 20:40 0 win5E.tmp
16.06.2008 20:38 0 win5C.tmp
16.06.2008 20:38 0 win5B.tmp
16.06.2008 20:36 0 win5A.tmp
16.06.2008 20:36 0 win59.tmp
16.06.2008 20:34 0 win57.tmp
16.06.2008 20:34 0 win58.tmp
16.06.2008 20:32 0 win56.tmp
16.06.2008 20:32 0 win55.tmp
16.06.2008 20:30 0 win54.tmp
16.06.2008 20:30 0 win53.tmp
16.06.2008 20:28 0 win51.tmp
16.06.2008 20:28 0 win52.tmp
16.06.2008 20:26 0 win50.tmp
16.06.2008 20:26 0 win4F.tmp
16.06.2008 20:24 0 win4E.tmp
16.06.2008 20:24 0 win4D.tmp
16.06.2008 20:22 0 win4C.tmp
16.06.2008 20:22 0 win4B.tmp
16.06.2008 20:20 0 win4A.tmp
16.06.2008 20:20 0 win49.tmp
16.06.2008 20:18 0 win47.tmp
16.06.2008 20:18 0 win48.tmp
16.06.2008 20:16 0 win46.tmp
16.06.2008 20:16 0 win45.tmp
16.06.2008 20:14 0 win44.tmp
16.06.2008 20:14 0 win43.tmp
16.06.2008 20:12 0 win42.tmp
16.06.2008 20:12 0 win41.tmp
16.06.2008 20:10 0 win40.tmp
16.06.2008 20:10 0 win3F.tmp
16.06.2008 20:08 0 win3E.tmp
16.06.2008 20:08 0 win3D.tmp
16.06.2008 20:06 409 WGANotify.settings
16.06.2008 20:06 0 win3C.tmp
16.06.2008 20:06 0 win39.tmp
16.06.2008 20:04 0 win3B.tmp
16.06.2008 20:04 0 win3A.tmp
16.06.2008 18:22 0 win38.tmp
16.06.2008 18:22 0 win37.tmp
16.06.2008 18:20 0 win35.tmp
16.06.2008 18:20 0 win36.tmp
16.06.2008 17:38 0 win34.tmp
16.06.2008 17:38 0 win33.tmp
16.06.2008 17:36 0 win31.tmp
16.06.2008 17:36 0 win32.tmp
16.06.2008 17:34 0 win30.tmp
16.06.2008 17:34 0 win2F.tmp
16.06.2008 17:32 0 win2E.tmp
16.06.2008 17:32 0 win2D.tmp
16.06.2008 17:30 0 win2B.tmp
16.06.2008 17:30 0 win2C.tmp
16.06.2008 17:28 0 win2A.tmp
16.06.2008 17:28 0 win29.tmp
16.06.2008 17:26 0 win27.tmp
16.06.2008 17:26 0 win28.tmp
16.06.2008 17:24 0 win26.tmp
16.06.2008 17:24 0 win25.tmp
16.06.2008 17:22 0 win23.tmp
16.06.2008 17:22 0 win24.tmp
16.06.2008 17:20 0 win21.tmp
16.06.2008 17:20 0 win22.tmp
16.06.2008 17:18 0 win20.tmp
16.06.2008 17:18 0 win1F.tmp
16.06.2008 17:16 0 win1E.tmp
16.06.2008 17:16 0 win1.tmp
16.06.2008 17:15 0 win1D.tmp
16.06.2008 17:15 0 win1C.tmp
16.06.2008 17:15 0 win1B.tmp
16.06.2008 17:15 0 win1A.tmp
16.06.2008 17:14 0 win19.tmp
16.06.2008 17:14 0 win18.tmp
16.06.2008 17:11 0 win16.tmp
16.06.2008 17:11 0 win17.tmp
16.06.2008 17:09 0 win15.tmp
16.06.2008 17:09 0 win14.tmp
16.06.2008 17:07 0 win13.tmp
16.06.2008 17:07 0 win12.tmp
16.06.2008 17:05 0 win10.tmp
16.06.2008 17:05 0 win11.tmp
16.06.2008 17:03 0 winE.tmp
16.06.2008 17:03 0 winF.tmp
16.06.2008 17:01 0 winD.tmp
16.06.2008 17:01 0 winC.tmp
16.06.2008 16:59 0 winA.tmp
16.06.2008 16:59 0 winB.tmp
16.06.2008 16:58 0 win8.tmp
16.06.2008 16:58 0 win9.tmp
16.06.2008 16:56 0 win7.tmp
16.06.2008 16:56 0 win6.tmp
16.06.2008 16:54 0 win5.tmp
16.06.2008 16:54 0 win4.tmp
16.06.2008 16:52 0 win2.tmp
16.06.2008 16:52 0 win3.tmp
167 File(s) 4.778 bytes
0 Dir(s) 126.678.597.632 bytes free
----- Temp -----------------------------
Volume in drive C is HDD
Volume Serial Number is 84DD-5D4E
Directory of C:\DOCUME~1\Name\LOCALS~1\Temp
17.06.2008 14:03 143.547 filelist.txt
16.06.2008 02:18 46.080 ~e5d141.tmp
2 File(s) 189.627 bytes
0 Dir(s) 126.678.605.824 bytes free
|
|
17.06.2008, 13:19
| #17 |
| | explorer.exe stürzt ab/lädt neu ...und hier noch die Quarantäne von AntiVir XP:
__________________(leider etwas klein - tut mir Leid!)   |
|
17.06.2008, 13:30
| #18 |
| | explorer.exe stürzt ab/lädt neu Ich muss ehrlich sagen, dass ich schon ein ganz schlechtes Gewissen habe.
__________________ Ihr habt ja bestimmt auch andere Sachen zu tun. Deshalb habe ich mir folgendes überlegt: Ich komme ja nun wieder an meine Dateien ran. Wenn ich die 109 GB nun auf eine externe Festplatte ziehen (die selbstverständlich leer ist), kann ich ja so ziemlich ohne Sorge formatieren. Die Festplatte würde ich dann (irgendwie? mit Knoppicillin eventuell?) mehrmals scannen, damit sich kein Schädling an meinen Dateien vergriffen hat. Somit könnte ich doch alles wieder nach einer Neuinstallation aufspielen, oder? Mir ist das irgendwie unheimlich, wenn da noch Trojaner und Co auf meiner Platte "schlummer", sei es auch in "Quarantäne". Dazu sind mir meine Hausarbeiten und Seminarscheine zu wichtig...  |
|
17.06.2008, 13:30
| #19 |
| > MalwareDB   | explorer.exe stürzt ab/lädt neu Reboot im abgesicherten Modus. Benutze den Windows Explorer (um dahin zu kommen, mache einen Rechtsklick auf dem Start Button und klicke auf "Explorer"), bitte lösche diese Dateien (wenn vorhanden, stelle Windows ein wie hier beschrieben.): C:\WINDOWS\system32\nmp.log C:\WINDOWS\system32\vwabaGgh.ini C:\WINDOWS\system32\vwabaGgh.ini2 C:\WINDOWS\system32\vxybLRqr.ini C:\WINDOWS\system32\vxybLRqr.ini2 C:\WINDOWS\system32\eKSCeMoq.ini C:\WINDOWS\system32\eKSCeMoq.ini2 C:\WINDOWS\system32\wxadcccf.ini C:\WINDOWS\system32\wxadcccf.ini2 C:\WINDOWS\system32\servdat.slm C:\WINDOWS\system32\lsprst7.tgz C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.tgz C:\WINDOWS\system32\nsprs.tgz C:\WINDOWS\system32\ sysprs7.tgz Dann starte den Rechner im normalen Modus neu. Dann bitte ein DSS Log. Deckards System Scanner (DSS) Hier gibt es das Tool -> dss.exe * Schließe alle Anwendungen * Doppelklicke dss.exe um das Programm zu starten * Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt der main.txt öffnen. Ein weiteres Logfile, die extra.txt liegt im Verzeichnis c:\Deckard\SystemScanner\extra.txt * Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als [CODE][/CODE] Was Deckards System Scanner macht: * Es Erstellt einen System Wiederherstellungspunkt * es säubert die temporären Dateien, Downloaded Program Files, Internet Cache Dateien und es leert den Mülleimer auf allen Laufwerken.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.06.2008, 14:00
| #20 |
| | explorer.exe stürzt ab/lädt neu Hey!  Ich habe alle Dateien gefunden und mit Shift+DEL sofort gelöscht. Vielen Dank! Hier die .txt: Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Toni on 2008-06-17 14:54:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Toni.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:44, on 17.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Toni\Desktop\dss.exe C:\DOCUME~1\Toni\Desktop\Toni.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file) O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 8759 bytes -- Files created between 2008-05-17 and 2008-06-17 ----------------------------- 2027-09-14 15:29:06 0 d--h----- C:\WINDOWS\PIF 2008-06-17 14:53:35 0 dr-h----- C:\Documents and Settings\Toni\Recent 2008-06-16 23:27:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-06-16 18:20:19 0 d-------- C:\Documents and Settings\Toni\Application Data\Malwarebytes 2008-06-16 18:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-16 18:20:17 0 d-------- C:\Program Files\ Malwarebytes Anti-Malware 2008-06-16 01:44:44 0 d-------- C:\Program Files\Trend Micro 2008-06-16 00:41:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-13 00:16:34 0 d-------- C:\Program Files\PhotomatixPro3 2008-05-22 20:26:19 0 d-------- C:\Documents and Settings\Toni\Application Data\vlc 2008-05-22 20:02:05 0 d-------- C:\Program Files\VideoLAN 2008-05-20 17:41:52 0 d-------- C:\Program Files\Bonjour 2008-05-20 17:41:46 0 d-------- C:\Program Files\Airfoil Speakers -- Find3M Report --------------------------------------------------------------- 2008-06-14 12:12:15 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-06-14 11:52:36 0 d-------- C:\Program Files\OALD 2008-05-25 21:31:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-05-11 01:18:14 0 d-------- C:\Program Files\Messenger 2008-05-11 01:17:57 0 d-------- C:\Program Files\Movie Maker 2008-05-11 01:15:35 0 d-------- C:\Program Files\Windows NT 2008-05-07 18:53:42 0 d-------- C:\Documents and Settings\Toni\Application Data\ICQ 2008-05-07 15:13:51 0 d-------- C:\Program Files\ICQ6 2008-05-07 15:08:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-01 20:51:24 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-01 20:51:04 0 d-------- C:\Documents and Settings\Toni\Application Data\Adobe 2008-05-01 20:45:49 0 d-------- C:\Program Files\Common Files 2008-04-24 01:19:57 0 d-------- C:\Documents and Settings\Toni\Application Data\Mask Pro 4.0 2008-04-22 18:11:29 0 d-------- C:\Documents and Settings\Toni\Application Data\Launchy 2008-04-22 18:11:21 0 d-------- C:\Program Files\Launchy 2008-04-20 23:35:33 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 21:55:33 0 d-------- C:\Program Files\Langenscheidt 2008-04-12 16:04:31 268 -r-h----- C:\Documents and Settings\Toni\Application Data\Documentation -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39CEF1D5-A3CE-443C-A113-8CC473D46259}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487D319E-1BA7-48AE-84B9-D497984E7632}] C:\WINDOWS\system32\rqRLbyxv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A370A29-5206-448E-891F-C3C1749D0138}] C:\WINDOWS\system32\hgGabawv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24.01.2006 12:15] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.05.2005 03:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07.09.2005 16:35] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03.06.2004 10:51] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [14.04.2008 23:32] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 19:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28.03.2008 23:37] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 02:12] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [1/31/2006 12:23:15 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32] winrnt32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGabawv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart "E06DDXRC_2352296"="C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie\EDICT.EXE" -m "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" silent "Airfoil Speakers"="C:\Program Files\Airfoil Speakers\AirfoilSpeakers.exe" "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "ScanSoft OmniPage 16-reminder"="C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini" "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-06-17 14:56:26 ------------ |
|
17.06.2008, 14:02
| #21 |
| | explorer.exe stürzt ab/lädt neu ...und hier die andere .txt: Code:
ATTFilter Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2030.48 MiB / 1534.9 MiB
Pagefile Memory (total/avail): 3365.38 MiB / 3011.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.26 MiB
C: is Fixed (NTFS) - 298.08 GiB total, 132.39 GiB free.
D: is CDROM (No Media)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:
\\.\PHYSICALDRIVE1 - VBTM Store'n'go USB Device - 949.15 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 953.5 MiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Toni\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FELIX
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Toni
LOGONSERVER=\\FELIX
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Toni\LOCALS~1\Temp
TMP=C:\DOCUME~1\Toni\LOCALS~1\Temp
USERDOMAIN=FELIX
USERNAME=Toni
USERPROFILE=C:\Documents and Settings\Toni
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Toni (admin)
Administrator (admin)
Guest (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Airfoil Speakers --> "C:\Program Files\Airfoil Speakers\Uninstall Airfoil Speakers.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AutoCAD 2000 - Deutsch --> C:\WINDOWS\unin0407.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll
Avira AntiVir Personal ñ Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon LBP2900 --> C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UN.EXE
Cisco Systems VPN Client 5.0.02.0090 --> MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duden Korrektor PLUS --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVDrips\DVDdecrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVDrips\DVDshrink\unins000.exe"
e-Dictionaries --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}\setup.exe" anything
English Pronouncing Dictionary --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\EPD\Uninst.isu"
Exif-Viewer 2.44 --> C:\WINDOWS\uninstall\Exif-Viewer\setup.exe
FileZilla Client 3.0.8.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "G:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
L&H TTS3000 Deutsch --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
Launchy 2.0 --> "C:\Program Files\Launchy\unins000.exe"
Lightroom --> MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2006 Enzyklop‰die --> MsiExec.exe /I{06100000-3E21-46D6-9A91-D927BA08F41D}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Office-Bibliothek 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}\setup.exe" -uninst
PC-Bibliothek --> C:\WINDOWS\unin0407.exe -f"c:\program files\Duden\DeIsL1.isu" -c"c:\program files\Duden\_ISREG32.DLL"
Photomatix Pro version 3.0.3RC2 --> "C:\Program Files\PhotomatixPro3\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RipIt4Me --> C:\Program Files\DVDrips\RipIt4Me\Uninstal.exe
ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
ScanSoft PDF Create! 4 --> MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyder2 --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 CRT (x86) WinSXS MSM --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
xp-AntiSpy 3.93 --> C:\Program Files\xp-AntiSpy\uninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6444 / Warning
Event Submitted/Written: 06/16/2008 01:03:25 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type6357 / Warning
Event Submitted/Written: 06/16/2008 00:16:39 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type6355 / Warning
Event Submitted/Written: 06/16/2008 00:15:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type6118 / Warning
Event Submitted/Written: 06/15/2008 11:07:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type6117 / Error
Event Submitted/Written: 06/15/2008 10:09:54 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
No Errors/Warnings found.
-- End of Deckard's System Scanner: finished at 2008-06-16 01:41:27 ------------
|
|
17.06.2008, 14:25
| #22 | |
| > MalwareDB | explorer.exe stürzt ab/lädt neu Bitte lade Dir die angehängte Datei herunter, benene sie in reb.bat um uns installiere Sie. Suche dann noch die Dateien Zitat:
Dann benötige ich ein neues HijackThis Logfile.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.06.2008, 15:01
| #23 |
| | explorer.exe stürzt ab/lädt neu Hey! Ich habe beide Dateien gesucht - nicht gefunden. Sollte ich sie im abgesicherten Modus suchen? Habe sie nämlich "normal" gesucht? Das "Programm" habe ich installiert - ging ja in einer Sekunde.  Hier die log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:59:29, on 17.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file) O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 8698 bytes |
|
17.06.2008, 15:08
| #24 |
| > MalwareDB | explorer.exe stürzt ab/lädt neu Die Dateien sind wohl schon gelöscht worden und das mit der reg. Datei hat nicht funktioniert. Machen wir es halt mit HiJackThis. Gehe wiefolgt vor Bitte öffne Deine HijackThis nochmal und scanne. Check die klickboxen neben den Einträgen die untenstehend gelistet sind. O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - (no file) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - (no file) O2 - BHO: (no name) - {487D319E-1BA7-48AE-84B9-D497984E7632} - C:\WINDOWS\system32\rqRLbyxv.dll (file missing) O2 - BHO: (no name) - {6A370A29-5206-448E-891F-C3C1749D0138} - C:\WINDOWS\system32\hgGabawv.dll (file missing) O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) (file missing)dann Klicke Fix Checked. Wie verhält sich Dein System/ der Explorer? Führe ein Java Update durch! Deinstalliere vorher alle alten Java Versionen (Systemsteuerung / Software). Durch alte Java Versionen können Schädlinge auf Dein System gelangen. Dies gilt für jegliche Software!
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.06.2008, 15:32
| #25 |
| | explorer.exe stürzt ab/lädt neu So, diese Einträge habe ich erfolgreich "gefixt". Danke. Explorer verhält sich "normal". Noch... Sorry für die dumme Frage, aber Java ist als "J2SE Runtime Enviroment 5.0 ..." unter "Software" gelistet, oder?  Die deinstallieren und dann... ? |
|
17.06.2008, 15:38
| #26 | |
| > MalwareDB | explorer.exe stürzt ab/lädt neuZitat:
Poste abschließend ein neues HJT Logfile.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.06.2008, 15:51
| #27 |
| | explorer.exe stürzt ab/lädt neu Vielen Dank! Also, neue Version ist drauf. Wie geht es weiter?  HJT: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:24, on 17.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 8388 bytes |
|
17.06.2008, 16:00
| #28 |
| > MalwareDB | explorer.exe stürzt ab/lädt neu Gar nicht. Bei Dir ist alles Ok.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.06.2008, 16:13
| #29 | |
| | explorer.exe stürzt ab/lädt neuZitat:
WOW! Kannst Du mir eventuell noch sagen, wie ich mit den Dateien in der AntiVir Quarantäne umgehen soll? Löschen (löscht er sie dann aus der Quarantäne, oder generell - das ist ambivalent)? Ich muss also nix mehr einstellen oder so? Kann wieder getrost weiterarbeiten? Ich kann mein Glück noch nicht glauben... *wow!* Kann ich HJT und DSS nun wieder deinstallieren? Malwarebytes Anti-Malware und Spybot lass ich mal drauf. Ich weiß ja nicht, wie ich Dir für die viele Arbeit Danken soll?!! Wenn Du mal Fotos, ein Design oder Umzugshilfe brauchst - ich schicke Dir meine Mailaddi. Das ist das Mindeste, was ich tun kann. Tausend Dank!  Geändert von macbeth (17.06.2008 um 16:24 Uhr) |
|
17.06.2008, 19:29
| #30 |
| | explorer.exe stürzt ab/lädt neu Wusste ich es doch. Problem beim AntiVir-Systemscan: ein .gif in Program Files hat noch das trojanische Pferd TR/BHO.ecl  Habe es in die Quarantäne verschoben. Richtig? |
|
| Themen zu explorer.exe stürzt ab/lädt neu |
| adobe, antivir, application, avira, bonjour, defender, dll, excel, explorer.exe, helfen, hijack, hijackthis, icq, immer wieder, internet, internet explorer, messenger, micro, microsoft, neu, nvidia, object, rundll, software, system, vielen dank, viren, windows, windows defender, windows xp, windows xp sp3, xp sp3 |
Linear-Darstellung
