svchost.exe und services.exe
2 Beiträge • Seite 1 von 1
svchost.exe und services.exe
von mavage am 08.01.2005, 01:44
Hallo,
ich habe das Problem, dass mein Laptop immer nach 60 Sekunden mit einer Fehlermeldung 128 heruntergefahren wird. Schuld daran sind vermutlich die oben genannten Dateien, die ich aber nicht wegbekomme. Ich habe alles versucht. Hier meine Logfiles:
Logfile of HijackThis v1.99.0
Scan saved at 00:18:55, on 08.01.2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O1 - Hosts: 192.0.1.50 haargenau2
O1 - Hosts: 192.0.1.51 haargenau1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programme\TOSHIBA\TME2\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Startup] wint.exe
O4 - HKLM\..\Run: [Messenger Upgrade] Msnmgs.exe
O4 - HKLM\..\Run: [Windows Media Player] Wmplayer.exe
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvgiy32.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Startup] wint.exe
O4 - HKLM\..\RunServices: [Messenger Upgrade] Msnmgs.exe
O4 - HKLM\..\RunServices: [Windows Media Player] Wmplayer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Startup] wint.exe
O4 - HKCU\..\Run: [Messenger Upgrade] Msnmgs.exeO4 - Global Startup: Network Device Switch.lnk = C:\Programme\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Image Transfer.lnk = C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 007aedefb3
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3F1533F2-FDD6-4B63-8803-9DDBA0D2BB64}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NS - Unknown - C:\WINNT\System32\ns.exe (file missing)
O23 - Service: THotkey - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesbs3 - Toshiba Corporation - C:\Programme\TOSHIBA\TME2\Tmesbs3.exe
O23 - Service: Tmesrv2 - Toshiba - C:\Programme\TOSHIBA\TME2\Tmesrv2.exe
StartupList report, 08.01.2005, 00:19:49
StartupList version: 1.34.0
Started from : C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\MichaLaptop\StartupList.EXE
Detected: Windows 2000 SP2 (WinNT 5.00.2195)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\MichaLaptop\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Network Device Switch.lnk = C:\Programme\TOSHIBA\NetDevSw\NetDevSW.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
Image Transfer.lnk = C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
YAMAHA DS-XG Launcher = C:\WINNT\dslaunch.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Promon.exe = Promon.exe
Tpwrtray = TPWRTRAY.EXE
TMESRV.EXE = C:\Programme\TOSHIBA\TME2\TMESRV2.EXE /logon
TMESBS.EXE = C:\Programme\TOSHIBA\TME2\TMESBS3.EXE /logon
Share-to-Web Namespace Daemon = C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Corel Reminder =
CMESys = "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
Microsoft Office = lserv.exe
NS = ns.exe
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
Windows Media Player = Wmplayer.exe
kalvsys = C:\winnt\system32\kalvgiy32.exe
AVGCtrl = "C:\Programme\AVPersonal\AVGNT.EXE" /min
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Office = lserv.exe
NS = ns.exe
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
Windows Media Player = Wmplayer.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat.exe = internat.exe
ProfiDialer =
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Download Program Files:
[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINNT\Downloaded Program Files\WinAdServX.dll
CODEBASE = http://public.windupdates.com/get_file. ... 007aedefb3
[Installer Class]
InProcServer32 = C:\WINNT\DOWNLO~1\ISTACT~1.DLL
CODEBASE = http://www.xxxtoolbar.com/ist/softwares ... egular.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab
--------------------------------------------------
End of report, 6.167 bytes
Report generated in 0,071 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
ich habe das Problem, dass mein Laptop immer nach 60 Sekunden mit einer Fehlermeldung 128 heruntergefahren wird. Schuld daran sind vermutlich die oben genannten Dateien, die ich aber nicht wegbekomme. Ich habe alles versucht. Hier meine Logfiles:
Logfile of HijackThis v1.99.0
Scan saved at 00:18:55, on 08.01.2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O1 - Hosts: 192.0.1.50 haargenau2
O1 - Hosts: 192.0.1.51 haargenau1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programme\TOSHIBA\TME2\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Startup] wint.exe
O4 - HKLM\..\Run: [Messenger Upgrade] Msnmgs.exe
O4 - HKLM\..\Run: [Windows Media Player] Wmplayer.exe
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvgiy32.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Startup] wint.exe
O4 - HKLM\..\RunServices: [Messenger Upgrade] Msnmgs.exe
O4 - HKLM\..\RunServices: [Windows Media Player] Wmplayer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Startup] wint.exe
O4 - HKCU\..\Run: [Messenger Upgrade] Msnmgs.exeO4 - Global Startup: Network Device Switch.lnk = C:\Programme\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Image Transfer.lnk = C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 007aedefb3
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3F1533F2-FDD6-4B63-8803-9DDBA0D2BB64}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NS - Unknown - C:\WINNT\System32\ns.exe (file missing)
O23 - Service: THotkey - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesbs3 - Toshiba Corporation - C:\Programme\TOSHIBA\TME2\Tmesbs3.exe
O23 - Service: Tmesrv2 - Toshiba - C:\Programme\TOSHIBA\TME2\Tmesrv2.exe
StartupList report, 08.01.2005, 00:19:49
StartupList version: 1.34.0
Started from : C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\MichaLaptop\StartupList.EXE
Detected: Windows 2000 SP2 (WinNT 5.00.2195)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Dokumente und Einstellungen\xxx\Desktop\SeucheProgramme\MichaLaptop\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Network Device Switch.lnk = C:\Programme\TOSHIBA\NetDevSw\NetDevSW.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
Image Transfer.lnk = C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
YAMAHA DS-XG Launcher = C:\WINNT\dslaunch.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Promon.exe = Promon.exe
Tpwrtray = TPWRTRAY.EXE
TMESRV.EXE = C:\Programme\TOSHIBA\TME2\TMESRV2.EXE /logon
TMESBS.EXE = C:\Programme\TOSHIBA\TME2\TMESBS3.EXE /logon
Share-to-Web Namespace Daemon = C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Corel Reminder =
CMESys = "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
Microsoft Office = lserv.exe
NS = ns.exe
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
Windows Media Player = Wmplayer.exe
kalvsys = C:\winnt\system32\kalvgiy32.exe
AVGCtrl = "C:\Programme\AVPersonal\AVGNT.EXE" /min
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Office = lserv.exe
NS = ns.exe
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
Windows Media Player = Wmplayer.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat.exe = internat.exe
ProfiDialer =
Sygate Personal Firewall Startup = wint.exe
Messenger Upgrade = Msnmgs.exe
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Download Program Files:
[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINNT\Downloaded Program Files\WinAdServX.dll
CODEBASE = http://public.windupdates.com/get_file. ... 007aedefb3
[Installer Class]
InProcServer32 = C:\WINNT\DOWNLO~1\ISTACT~1.DLL
CODEBASE = http://www.xxxtoolbar.com/ist/softwares ... egular.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab
--------------------------------------------------
End of report, 6.167 bytes
Report generated in 0,071 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
- mavage
- Beiträge: 2
- Registriert: 07.01.2005, 21:35
von Nikita am 08.01.2005, 11:40
Hallo@mavage
du solltest die XP-CD einlegen und neu formatieren.(Windows neu installieren)
Dein PC besteht nur aus Backdoors, Rootkits und Viren (siehe oben----rot markiert)--eine SAUBERUNG ist nicht mehr moeglich.
du solltest die XP-CD einlegen und neu formatieren.(Windows neu installieren)
Dein PC besteht nur aus Backdoors, Rootkits und Viren (siehe oben----rot markiert)--eine SAUBERUNG ist nicht mehr moeglich.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
2 Beiträge • Seite 1 von 1
Ähnliche Themen
| services.exe Forum: Software-Hilfe Autor: MO05 Antworten: 16 |
services.exe Forum: Software-Hilfe Autor: _martin_ Antworten: 1 |
Isass.exe und services.exe Forum: Software-Hilfe Autor: tashi Antworten: 3 |
services.exe bis zu 100% ausgelastet Forum: Software-Hilfe Autor: Sparky Antworten: 34 |
Virenveseuchter Computer (SERVICES.EXE) Forum: Online- und PC-Sicherheit Autor: oswin_it Antworten: 1 |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste