| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: syspck32 im AutostartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.03.2010, 19:01
| #1 |
| |  syspck32 im Autostart Seit heute mittag habe ich wohl einen Trojaner auf meinem laptop. Habe zwar etwas länger gebraucht um herauszufinden dass es wirklich einer ist, da eine hohe cpu auslastung ja nich gleich trojaner heißt. Hier mein osam: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:44:20 on 31.03.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) "MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "IBMJavaPlugin142.cpl" - "IBM" - C:\WINDOWS\system32\IBMJavaPlugin142.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "TP98.CPL" - "IBM Corp." - C:\WINDOWS\system32\TP98.CPL "TpShCPL.cpl" - "IBM Corp." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.1.6.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys "drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found) "IBM Access Support" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\System32\drivers\IBMBLDID.SYS (File found, but it contains no detailed information) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys "PCASp50 NDIS Protocol Driver" (PCASp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\PCASp50.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PMEM" (PMEM) - "Microsoft Corporation" - C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "QCNDISIF" (QCNDISIF) - "IBM Corporation." - C:\WINDOWS\System32\drivers\qcndisif.SYS "ShockMgr" (ShockMgr) - "IBM Corporation" - C:\WINDOWS\system32\drivers\ShockMgr.sys "Shockprf" (Shockprf) - "IBM Corporation" - C:\WINDOWS\system32\drivers\Shockprf.sys "Smapint" (Smapint) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\Smapint.sys "sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys "TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS (File found, but it contains no detailed information) "tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys "tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys "tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys "tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys "tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys "tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys "tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys "tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys "tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys "TPDiskPM" (TPDiskPM) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPDiskPM.sys "TPHKDRV" (TPHKDRV) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPHKDRV.sys "TPInput" (TPInput) - "IBM Corporation" - C:\WINDOWS\System32\DRIVERS\TPInput.sys "TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "QIP 2005" - "The Author of QIP" - C:\Programme\QIP\qip.exe -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - ? - C:\Programme\AskBarDis\bar\bin\askBar.dll (File not found) <binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVDV.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Softonic Deutsch Toolbar" - ? - C:\Programme\Softonic_Deutsch\tbSof1.dll (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVDV.dll {605becfd-9d5d-4dab-99f0-213ac16a8a36} "Softonic Deutsch Qast Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_Qast\tbSoft.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - ? - C:\Programme\Softonic_Deutsch\tbSof1.dll (File not found) "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll "ThinkPad-Software - Aktualisierung" - "Lenovo Group Limited" - C:\Programme\Lenovo\PkgMgr\PkgMgr.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - ? - C:\Programme\AskBarDis\bar\bin\askBar.dll (File not found) {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVDV.dll {605becfd-9d5d-4dab-99f0-213ac16a8a36} "Softonic Deutsch Qast Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_Qast\tbSoft.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - ? - C:\Programme\Softonic_Deutsch\tbSof1.dll (File not found) {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} "Veoh Web Player Video Finder" - ? - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - ? - C:\Programme\AskBarDis\bar\bin\askBar.dll (File not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVDV.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {605becfd-9d5d-4dab-99f0-213ac16a8a36} "Softonic Deutsch Qast Toolbar" - "Conduit Ltd." - C:\Programme\Softonic_Deutsch_Qast\tbSoft.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - ? - C:\Programme\Softonic_Deutsch\tbSof1.dll (File not found) {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Digital Line Detect.lnk" - "BVRP Software" - C:\Program Files\Digital Line Detect\DLG.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Standard\Startmenü\Programme\Autostart\desktop.ini "syspck32.exe" - "Macrovision Corporation" - C:\Dokumente und Einstellungen\Standard\Startmenü\Programme\Autostart\syspck32.exe (File is exclusively opened, access blocked) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog (File found, but it contains no detailed information) "CameraFixer" - ? - C:\WINDOWS\CameraFixer.exe "dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe "MSSE" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Essentials\msseces.exe" -hide -runkey "PWRMGRTR" - "IBM Corp." - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "QCWLICON" - "IBM Corp." - C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SoundMAX" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray "SoundMAXPnP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe "starter4g" - "4G Systems GmbH & Co. KG" - C:\WINDOWS\starter4g.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "TPHOTKEY" - ? - C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe (File found, but it contains no detailed information) "TPKMAPHELPER" - "IBM Corp." - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper "TpShocks" - "IBM Corp." - TpShocks.exe "UCam_Menu" - "CyberLink Corp." - "C:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" "wcmdmgr" - "WildTangent, Inc." - C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Google Update Service (gupdate1c9b81aab2dec06)" (gupdate1c9b81aab2dec06) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "IBM HDD APS Logging Service" (TPHDEXLGSVC) - "IBM Corporation" - C:\WINDOWS\System32\TPHDEXLG.EXE "IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe (File found, but it contains no detailed information) "IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\system32\ibmpmsvc.exe (File signed by Microsoft | File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Essentials\MsMpEng.exe "QCONSVC" (QCONSVC) - "IBM Corp." - C:\WINDOWS\System32\QCONSVC.EXE "RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe "Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WTGService" (WTGService) - ? - C:\Programme\XSManager\WTGService.exe (File found, but it contains no detailed information) "XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\WINDOWS\service4g.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\WILDTA~1.SCR (File found, but it contains no detailed information) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "QConGina" - "IBM Corp." - C:\WINDOWS\system32\QConGina.dll "tphotkey" - ? - C:\WINDOWS\system32\tphklock.dll (File found, but it contains no detailed information) "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
01.04.2010, 11:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | syspck32 im Autostart Hallo und
__________________ Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________ |
|
| Themen zu syspck32 im Autostart |
| 7-zip, antivir, antivir guard, ask toolbar, auslastung, autorun, avira, bho, browser, c:\windows\system32\rundll32.exe, components, conduit, cpu, desktop, desktop.ini, essentials, fontcache, gebraucht, google, google chrome, gupdate, helper, hohe cpu, hohe cpu auslastung, internet, internet explorer, jusched.exe, lenovo, logfile, malware, menu.exe, microsoft security, microsoft security essentials, plug-in, registry, registry key, rundll, security, shortcut, softonic, softonic deutsch toolbar, stick, syspck32, trojaner, usb, windows, windows xp, wlan |
Linear-Darstellung
