Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Crash beim Ausführen userinit.exe

Crash beim Ausführen userinit.exe


Log-Analyse und Auswertung: Crash beim Ausführen userinit.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.09.2009, 07:52   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Okay. Mach bitte einen neuen Durchlauf mit RSIT und lass mir beide Logfiles wieder zukommen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.09.2009, 18:49   #2
Jack Asia
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Teil 2:

Code:
ATTFilter
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{15EE8390-F83A-4BB6-8E2A-9E8954B0C477}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2007-08-10 110592]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-08-10 512000]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-11-16 344064]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"IMWEBSTA.EXE"=IMWEBSTA.EXE START []
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2007-08-01 540672]
"LanguageShortcut"=C:\Programme\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-16 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-08-07 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-08-07 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe"="C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe:*:Enabled:Privoxy"
"C:\Programme\Vidalia Bundle\Tor\tor.exe"="C:\Programme\Vidalia Bundle\Tor\tor.exe:*:Enabled:Tor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52563300-9dd0-11dc-9740-000d601254e2}]
shell\AutoRun\command - E:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "myusb"
shell\dismount\command - E:\TrueCrypt\TrueCrypt.exe /q /d
shell\start\command - E:\TrueCrypt\TrueCrypt.exe


======List of files/folders created in the last 1 months======

2009-09-20 19:44:49 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InstallShield
2009-09-20 19:10:28 ----D---- C:\Avenger
2009-09-20 19:10:28 ----A---- C:\avenger.txt
2009-09-20 19:09:16 ----SHD---- C:\RECYCLER
2009-09-19 21:19:53 ----D---- C:\WINDOWS\temp
2009-09-19 21:19:50 ----A---- C:\ComboFix.txt
2009-09-19 20:52:23 ----A---- C:\WINDOWS\zip.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\SWSC.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\SWREG.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\sed.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\PEV.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-19 20:52:23 ----A---- C:\WINDOWS\grep.exe
2009-09-19 20:51:59 ----D---- C:\WINDOWS\ERDNT
2009-09-19 20:49:51 ----D---- C:\Qoobox
2009-09-19 20:01:11 ----D---- C:\Programme\trend micro
2009-09-12 22:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-12 22:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-12 22:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-12 22:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-12 11:01:07 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-11 23:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-11 23:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-11 23:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-11 23:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-11 23:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-11 23:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-11 23:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-11 23:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-11 23:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-11 23:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-11 23:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-11 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-11 23:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-09-11 23:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-09-11 23:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-11 23:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 23:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-11 23:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-11 23:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-11 23:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-09-11 23:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-11 23:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-11 23:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-11 23:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-09-11 23:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 23:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-09-11 23:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-11 23:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-11 23:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-11 23:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-11 23:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-11 23:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-09-11 23:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-11 23:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-11 23:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-11 23:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-11 23:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-09-11 23:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-11 23:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-09-11 23:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-11 23:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-11 23:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-11 23:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-11 23:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-09-11 22:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-11 22:55:21 ----A---- C:\WINDOWS\setuplog.txt
2009-09-11 22:53:13 ----D---- C:\WINDOWS\system32\bits
2009-09-11 22:38:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-10 00:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-09-10 00:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 00:21:59 ----A---- C:\WINDOWS\imsins.BAK
2009-08-30 12:39:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-29 21:46:06 ----D---- C:\rsit
2009-08-29 20:51:59 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
2009-08-29 20:51:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-29 20:51:50 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-29 11:45:35 ----D---- C:\Programme\CCleaner
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\vjwirddob.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\vjvive.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\suqxjdip.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\rngevfyo.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\qwqxra.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\quserh.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\qsudjf.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\qkrfptis.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\pqvtvtdu.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\kmperc.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\jzwhkx.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\jvvhkbxoy.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\jsuxkcak.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\jsuigl.exe
2009-08-28 22:10:45 ----A---- C:\WINDOWS\system32\jqjyglfu.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\uzutjdtst.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\uozdrcywa.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\sujymbdk.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\oqwdwexqi.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\oooygabg.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\okoima.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\noofmytz.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\mqqhmahn.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\kwrcmccwl.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\komtja.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\jurioxbwa.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\gontghdk.exe
2009-08-27 22:43:30 ----A---- C:\WINDOWS\system32\gjqtne.exe
2009-08-27 22:43:29 ----A---- C:\WINDOWS\system32\nvjfgblr.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\wnmjzaytb.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\wjkvhlyei.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\puwvijcjr.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\pumobofqh.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\pukjzqclz.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\pqpvroyer.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\pgpjijytb.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\pdkeivfos.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mvmtzlfxr.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mtwobuclb.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mlpehqfxr.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mlmniacez.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mjmobuclb.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\mjmdixfoi.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\memuhxces.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kxwornyuz.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kvmehvcuz.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kupqrxfqs.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\ktwesxfnb.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kqptrayuz.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kopvhayjz.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\knwviacar.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kjwnrnfqs.exe
2009-08-27 22:36:04 ----A---- C:\WINDOWS\system32\kjptivftb.exe
2009-08-26 21:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-26 21:02:28 ----D---- C:\Programme\Registry Cleaner

======List of files/folders modified in the last 1 months======

2009-09-21 19:37:21 ----D---- C:\WINDOWS\Prefetch
2009-09-21 19:21:08 ----D---- C:\WINDOWS
2009-09-21 17:57:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-20 21:13:25 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
2009-09-20 19:10:30 ----RD---- C:\Programme
2009-09-20 19:10:29 ----D---- C:\WINDOWS\system32
2009-09-20 19:10:28 ----D---- C:\WINDOWS\system32\drivers
2009-09-19 21:17:52 ----A---- C:\WINDOWS\system.ini
2009-09-19 21:15:56 ----D---- C:\WINDOWS\AppPatch
2009-09-19 21:15:52 ----D---- C:\Programme\Gemeinsame Dateien
2009-09-19 21:12:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-19 21:00:33 ----SHD---- C:\WINDOWS\Installer
2009-09-12 23:20:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-12 23:13:13 ----D---- C:\Config.Msi
2009-09-12 22:37:24 ----D---- C:\WINDOWS\inf
2009-09-12 22:37:22 ----D---- C:\WINDOWS\system32\dllcache
2009-09-12 22:37:15 ----D---- C:\WINDOWS\$hf_mig$
2009-09-12 22:36:55 ----D---- C:\WINDOWS\WinSxS
2009-09-12 22:35:49 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-09-12 11:00:27 ----D---- C:\WINDOWS\Debug
2009-09-12 10:56:47 ----D---- C:\WINDOWS\system32\Setup
2009-09-12 10:56:47 ----D---- C:\Programme\Messenger
2009-09-12 10:56:46 ----D---- C:\WINDOWS\system32\wbem
2009-09-12 10:56:44 ----RSD---- C:\WINDOWS\Fonts
2009-09-11 23:09:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-11 23:08:31 ----D---- C:\Programme\Outlook Express
2009-09-11 22:59:23 ----D---- C:\WINDOWS\security
2009-09-11 22:54:08 ----D---- C:\WINDOWS\ehome
2009-09-11 22:54:06 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-11 22:54:05 ----D---- C:\WINDOWS\network diagnostic
2009-09-11 22:54:05 ----D---- C:\WINDOWS\ime
2009-09-11 22:54:05 ----D---- C:\WINDOWS\Help
2009-09-11 22:53:19 ----D---- C:\WINDOWS\system32\de-de
2009-09-11 22:53:18 ----D---- C:\WINDOWS\system32\usmt
2009-09-11 22:53:15 ----D---- C:\WINDOWS\l2schemas
2009-09-11 22:53:14 ----D---- C:\WINDOWS\system32\de
2009-09-11 22:53:13 ----D---- C:\WINDOWS\PeerNet
2009-09-11 22:53:13 ----D---- C:\Programme\Movie Maker
2009-09-11 22:49:04 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-11 22:48:41 ----D---- C:\WINDOWS\system32\Restore
2009-09-11 22:48:40 ----D---- C:\WINDOWS\system32\npp
2009-09-11 22:48:37 ----D---- C:\WINDOWS\msagent
2009-09-11 22:48:35 ----D---- C:\WINDOWS\srchasst
2009-09-11 22:48:33 ----D---- C:\Programme\NetMeeting
2009-09-11 22:48:30 ----D---- C:\WINDOWS\system32\Com
2009-09-11 22:48:25 ----D---- C:\Programme\Windows Media Player
2009-09-11 22:48:24 ----D---- C:\Programme\Windows NT
2009-09-11 22:48:18 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-09-11 22:47:51 ----D---- C:\WINDOWS\system32\oobe
2009-09-11 22:47:46 ----D---- C:\WINDOWS\system
2009-09-11 22:42:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-03 19:49:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-29 21:02:29 ----SD---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
2009-08-29 11:50:38 ----D---- C:\WINDOWS\Minidump
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-27 20:09:50 ----D---- C:\WINDOWS\system32\config
2009-08-27 20:09:27 ----D---- C:\WINDOWS\Registration
2009-08-24 18:39:08 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-16 1133568]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver; C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys [2003-06-04 648704]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-10 177664]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SABKUTIL;SABKUTIL; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 catchme;catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-08-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-08-07 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-16 364544]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared files\RichVideo.exe [2006-05-04 167936]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2007-10-24 13312]
R2 TVT Scheduler;TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2007-08-01 1126400]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
__________________
Alt 21.09.2009, 18:54   #3
Jack Asia
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Zitat:
Zitat von cosinus Beitrag anzeigen
Okay. Mach bitte einen neuen Durchlauf mit RSIT und lass mir beide Logfiles wieder zukommen.

Hey hallo! :-)

Unten das Logfile von RSIT. Sollte ich noch mit was anderem scannen/posten?
Irgendwas stimmt noch nicht. Gestern hat sich mein Avira mit folgenden Events gemeldet:

Code:
ATTFilter
In der Datei 'C:\System Volume Information\_restore{D133078A-318B-4396-AD36-B31996161C7B}\RP894\A0087405.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Bebloh.A.12' [trojan] gefunden.

In der Datei 'C:\System Volume Information\_restore{D133078A-318B-4396-AD36-B31996161C7B}\RP894\A0087399.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Bebloh.A.12' [trojan] gefunden.

In der Datei 'C:\System Volume Information\_restore{D133078A-318B-4396-AD36-B31996161C7B}\RP893\A0087094.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PCK.Krap.W.894' [trojan] gefunden.
Argh!



Teil 1
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-21 19:38:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (54%) free of 95 GB
Total RAM: 1023 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:39, on 21.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\IMWEBSTA.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Dokumente und Einstellungen\Admin\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8181
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 6838 bytes

======Scheduled tasks folder======
...Fortsetzung unten...
__________________
Alt 21.09.2009, 19:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


1.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

2.) Bitte nochmal den Avenger wie oben beschrieben anwenden. Diesmal aber bitte den Text unten im Codefeld benutzen. Pass auf, ist ne laaange Liste

Code:
ATTFilter
files to delete:
C:\WINDOWS\system32\vjwirddob.exe
C:\WINDOWS\system32\vjvive.exe
C:\WINDOWS\system32\suqxjdip.exe
C:\WINDOWS\system32\rngevfyo.exe
C:\WINDOWS\system32\qwqxra.exe
C:\WINDOWS\system32\quserh.exe
C:\WINDOWS\system32\qsudjf.exe
C:\WINDOWS\system32\qkrfptis.exe
C:\WINDOWS\system32\pqvtvtdu.exe
C:\WINDOWS\system32\kmperc.exe
C:\WINDOWS\system32\jzwhkx.exe
C:\WINDOWS\system32\jvvhkbxoy.exe
C:\WINDOWS\system32\jsuxkcak.exe
C:\WINDOWS\system32\jsuigl.exe
C:\WINDOWS\system32\jqjyglfu.exe
C:\WINDOWS\system32\uzutjdtst.exe
C:\WINDOWS\system32\uozdrcywa.exe
C:\WINDOWS\system32\sujymbdk.exe
C:\WINDOWS\system32\oqwdwexqi.exe
C:\WINDOWS\system32\oooygabg.exe
C:\WINDOWS\system32\okoima.exe
C:\WINDOWS\system32\noofmytz.exe
C:\WINDOWS\system32\mqqhmahn.exe
C:\WINDOWS\system32\kwrcmccwl.exe
C:\WINDOWS\system32\komtja.exe
C:\WINDOWS\system32\jurioxbwa.exe
C:\WINDOWS\system32\gontghdk.exe
C:\WINDOWS\system32\gjqtne.exe
C:\WINDOWS\system32\nvjfgblr.exe
C:\WINDOWS\system32\wnmjzaytb.exe
C:\WINDOWS\system32\wjkvhlyei.exe
C:\WINDOWS\system32\puwvijcjr.exe
C:\WINDOWS\system32\pumobofqh.exe
C:\WINDOWS\system32\pukjzqclz.exe
C:\WINDOWS\system32\pqpvroyer.exe
C:\WINDOWS\system32\pgpjijytb.exe
C:\WINDOWS\system32\pdkeivfos.exe
C:\WINDOWS\system32\mvmtzlfxr.exe
C:\WINDOWS\system32\mtwobuclb.exe
C:\WINDOWS\system32\mlpehqfxr.exe
C:\WINDOWS\system32\mlmniacez.exe
C:\WINDOWS\system32\mjmobuclb.exe
C:\WINDOWS\system32\mjmdixfoi.exe
C:\WINDOWS\system32\memuhxces.exe
C:\WINDOWS\system32\kxwornyuz.exe
C:\WINDOWS\system32\kvmehvcuz.exe
C:\WINDOWS\system32\kupqrxfqs.exe
C:\WINDOWS\system32\ktwesxfnb.exe
C:\WINDOWS\system32\kqptrayuz.exe
C:\WINDOWS\system32\kopvhayjz.exe
C:\WINDOWS\system32\knwviacar.exe
C:\WINDOWS\system32\kjwnrnfqs.exe
C:\WINDOWS\system32\kjptivftb.exe
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.09.2009, 19:38   #5
Jack Asia
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Hey hallo!

Hätte ich Avenger im abgesicherten Modus ausführen müssen?? Direkt nach dem Reboot und dem erstellen des Log-Files durch Avenger hat sich Antivir Guard so 7-8x gemeldet
Code:
ATTFilter
In der Datei 'C:\Avenger\vjvive.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Bebloh.A.12' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen
u.ä. files

Hier das Log von Avenger:
Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\cgwxrtydb.exe" deleted successfully.
File "c:\windows\system32\wqwevttp.exe" deleted successfully.
File "c:\windows\system32\wupdzeyji.exe" deleted successfully.
File "c:\windows\system32\nlhivuy.exe" deleted successfully.
File "c:\windows\system32\vwvtotcua.exe" deleted successfully.
File "c:\windows\system32\wqwehnfqr.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\vrptnhaoi.exe" not found!
Deletion of file "C:\WINDOWS\system32\vrptnhaoi.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\vkghgytv.exe" deleted successfully.
File "C:\WINDOWS\system32\rwwtrtypi.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\qdke.exe" not found!
Deletion of file "C:\WINDOWS\system32\qdke.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\pvmxiayjh.exe" not found!
Deletion of file "C:\WINDOWS\system32\pvmxiayjh.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\kjpjrxytr.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\kjkuzecdz.exe" not found!
Deletion of file "C:\WINDOWS\system32\kjkuzecdz.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\kewlsuyxs.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\kewlrvyji.exe" not found!
Deletion of file "C:\WINDOWS\system32\kewlrvyji.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\kapehtcvr.exe" not found!
Deletion of file "C:\WINDOWS\system32\kapehtcvr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\kamjhuflb.exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\wkbodxrtn.exe" not found!
Deletion of file "C:\WINDOWS\system32\wkbodxrtn.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\plmecyf.exe" not found!
Deletion of file "C:\WINDOWS\system32\plmecyf.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\nlhivuy.exe" not found!
Deletion of file "C:\WINDOWS\system32\nlhivuy.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\iphitvvral.exe" not found!
Deletion of file "C:\WINDOWS\system32\iphitvvral.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\iiqnuztubm.exe" not found!
Deletion of file "C:\WINDOWS\system32\iiqnuztubm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "c:\programme\af0.net" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.



//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Tue Sep 22 20:24:05 2009

20:24:05: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\vjwirddob.exe" deleted successfully.
File "C:\WINDOWS\system32\vjvive.exe" deleted successfully.
File "C:\WINDOWS\system32\suqxjdip.exe" deleted successfully.
File "C:\WINDOWS\system32\rngevfyo.exe" deleted successfully.
File "C:\WINDOWS\system32\qwqxra.exe" deleted successfully.
File "C:\WINDOWS\system32\quserh.exe" deleted successfully.
File "C:\WINDOWS\system32\qsudjf.exe" deleted successfully.
File "C:\WINDOWS\system32\qkrfptis.exe" deleted successfully.
File "C:\WINDOWS\system32\pqvtvtdu.exe" deleted successfully.
File "C:\WINDOWS\system32\kmperc.exe" deleted successfully.
File "C:\WINDOWS\system32\jzwhkx.exe" deleted successfully.
File "C:\WINDOWS\system32\jvvhkbxoy.exe" deleted successfully.
File "C:\WINDOWS\system32\jsuxkcak.exe" deleted successfully.
File "C:\WINDOWS\system32\jsuigl.exe" deleted successfully.
File "C:\WINDOWS\system32\jqjyglfu.exe" deleted successfully.
File "C:\WINDOWS\system32\uzutjdtst.exe" deleted successfully.
File "C:\WINDOWS\system32\uozdrcywa.exe" deleted successfully.
File "C:\WINDOWS\system32\sujymbdk.exe" deleted successfully.
File "C:\WINDOWS\system32\oqwdwexqi.exe" deleted successfully.
File "C:\WINDOWS\system32\oooygabg.exe" deleted successfully.
File "C:\WINDOWS\system32\okoima.exe" deleted successfully.
File "C:\WINDOWS\system32\noofmytz.exe" deleted successfully.
File "C:\WINDOWS\system32\mqqhmahn.exe" deleted successfully.
File "C:\WINDOWS\system32\kwrcmccwl.exe" deleted successfully.
File "C:\WINDOWS\system32\komtja.exe" deleted successfully.
File "C:\WINDOWS\system32\jurioxbwa.exe" deleted successfully.
File "C:\WINDOWS\system32\gontghdk.exe" deleted successfully.
File "C:\WINDOWS\system32\gjqtne.exe" deleted successfully.
File "C:\WINDOWS\system32\nvjfgblr.exe" deleted successfully.
File "C:\WINDOWS\system32\wnmjzaytb.exe" deleted successfully.
File "C:\WINDOWS\system32\wjkvhlyei.exe" deleted successfully.
File "C:\WINDOWS\system32\puwvijcjr.exe" deleted successfully.
File "C:\WINDOWS\system32\pumobofqh.exe" deleted successfully.
File "C:\WINDOWS\system32\pukjzqclz.exe" deleted successfully.
File "C:\WINDOWS\system32\pqpvroyer.exe" deleted successfully.
File "C:\WINDOWS\system32\pgpjijytb.exe" deleted successfully.
File "C:\WINDOWS\system32\pdkeivfos.exe" deleted successfully.
File "C:\WINDOWS\system32\mvmtzlfxr.exe" deleted successfully.
File "C:\WINDOWS\system32\mtwobuclb.exe" deleted successfully.
File "C:\WINDOWS\system32\mlpehqfxr.exe" deleted successfully.
File "C:\WINDOWS\system32\mlmniacez.exe" deleted successfully.
File "C:\WINDOWS\system32\mjmobuclb.exe" deleted successfully.
File "C:\WINDOWS\system32\mjmdixfoi.exe" deleted successfully.
File "C:\WINDOWS\system32\memuhxces.exe" deleted successfully.
File "C:\WINDOWS\system32\kxwornyuz.exe" deleted successfully.
File "C:\WINDOWS\system32\kvmehvcuz.exe" deleted successfully.
File "C:\WINDOWS\system32\kupqrxfqs.exe" deleted successfully.
File "C:\WINDOWS\system32\ktwesxfnb.exe" deleted successfully.
File "C:\WINDOWS\system32\kqptrayuz.exe" deleted successfully.
File "C:\WINDOWS\system32\kopvhayjz.exe" deleted successfully.
File "C:\WINDOWS\system32\knwviacar.exe" deleted successfully.
File "C:\WINDOWS\system32\kjwnrnfqs.exe" deleted successfully.
File "C:\WINDOWS\system32\kjptivftb.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


Alt 22.09.2009, 20:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Das ist schon okay so. Ist zwar lästig, aber der Avenger hat die Dateien lt. dem Log erfolgreich gelöscht. Wenn man will, das AntiVir da nicht zwischenfummelt beim nächsten Reboot, muss man die Dienste von ihm deaktvieren, aber das lassen wir jetzt mal

Crasht die Userinit noch? Weitere Probleme? Poste auch bitte wieder ein frisches RSIT-Log.
__________________
--> Crash beim Ausführen userinit.exe

Alt 22.09.2009, 20:19   #7
Jack Asia
 
Crash beim Ausführen userinit.exe - Standard

Crash beim Ausführen userinit.exe


Hey hallo,

nein, die userinit.exe ist schon längere Zeit nicht mehr gecrasht. Ich hatte nur sporadisch diese AGuard-Warnungen a la "73jsjsh77.exe trojaner so-und-so".

Hier mal das aktuelle rsit:

Teil 1....
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-22 21:09:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (58%) free of 95 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:00, on 22.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\IMWEBSTA.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Admin\Desktop\RSIT.exe
C:\Programme\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8181
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 6808 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{15EE8390-F83A-4BB6-8E2A-9E8954B0C477}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2007-08-10 110592]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-08-10 512000]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-11-16 344064]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"IMWEBSTA.EXE"=IMWEBSTA.EXE START []
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2007-08-01 540672]
"LanguageShortcut"=C:\Programme\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-16 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-08-07 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-08-07 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe"="C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe:*:Enabled:Privoxy"
"C:\Programme\Vidalia Bundle\Tor\tor.exe"="C:\Programme\Vidalia Bundle\Tor\tor.exe:*:Enabled:Tor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52563300-9dd0-11dc-9740-000d601254e2}]
shell\AutoRun\command - E:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "myusb"
shell\dismount\command - E:\TrueCrypt\TrueCrypt.exe /q /d
shell\start\command - E:\TrueCrypt\TrueCrypt.exe


======List of files/folders created in the last 1 months======
....Fortsetzung folgt

Antwort

Themen zu Crash beim Ausführen userinit.exe
abgesicherten modus, adobe, antivir, antivirus, bho, dateien, desktop, einstellungen, excel, explorer.exe, fehler, hijackthis, hkus\s-1-5-18, hotkey, ics, internet, internet explorer, lenovo, messenger, micro, microsoft, pdf, plug-in, programme, registry, sdra64.exe, software, starten., system32, userinit.exe, windows, windows xp


« Generic host process for win 32 - danach keinen Ton mehr | Maleware? oder Fehlalarm wegen Windows 7 »


Ähnliche Themen: Crash beim Ausführen userinit.exe


  1. kann beim Download nicht auf Datei ausführen sondern immer nur auf speichern, gehen.
    Log-Analyse und Auswertung - 23.10.2015 (5)
  2. beim ausführen des minecraft mods durch plazieren des gegenstandes crasht das game
    Alles rund um Windows - 06.01.2014 (3)
  3. SoftwareUpdater.ui.exe will sich beim Start ausführen.
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (13)
  4. crash down
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (1)
  5. .exe files lassen sich nicht ausführen, malware lässt sich nicht ausführen, system wiederherstellung nicht möglich
    Log-Analyse und Auswertung - 25.03.2013 (0)
  6. Virenmeldung beim Ausführen von Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  7. Heruntergeladene Setups verschwinden beim ausführen + Windows bleibt ständig hängen
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (26)
  8. Nach Ausführen einer .exe-Datei öffnen sich beim Starten nun DOS-Fenster mit dem Namen svchost.exe
    Log-Analyse und Auswertung - 05.07.2011 (1)
  9. PC stürzt, beim ausführen bestimmter Programme, ohne Blue Screen ab !
    Netzwerk und Hardware - 16.10.2010 (3)
  10. userinit.exe befallen
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (1)
  11. System hackt beim ausführen von Programmen - Antivir meldet Virusfund
    Log-Analyse und Auswertung - 14.08.2010 (20)
  12. REG:system.ini: UserInit=C:\WINXP\system32\userinit.exe,C:\WINXP\s ystem32\twext.exe
    Log-Analyse und Auswertung - 15.08.2009 (19)
  13. seltsame Aktionen beim Ausführen von *.bat-Dateien
    Plagegeister aller Art und deren Bekämpfung - 24.06.2009 (6)
  14. F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\n
    Log-Analyse und Auswertung - 05.10.2007 (10)
  15. problem beim ausführen mancher exen
    Log-Analyse und Auswertung - 27.08.2007 (5)
  16. problem beim ausführen einer .exe unter Linux
    Alles rund um Mac OSX & Linux - 23.03.2006 (4)
  17. Beim Ausführen von ...
    Log-Analyse und Auswertung - 17.02.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Crash beim Ausführen userinit.exe - Okay. Mach bitte einen neuen Durchlauf mit RSIT und lass mir beide Logfiles wieder zukommen. - Crash beim Ausführen userinit.exe...
Archiv
Du betrachtest: Crash beim Ausführen userinit.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131