Trojaner-Board - Problem mit services.exe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Problem mit services.exe (https://www.trojaner-board.de/77895-problem-services-exe.html)

Problem mit services.exe

Hallo board,

ich habe seit einigen Tagen Probleme mit meinem MSI Wind (XP Home, Service Pack 3). Nachdem ich den Laptop hochfahre erscheint häufig (nicht immer) die Meldung, dass services.exe ein Problem hat. Danach hilft nur noch ein Neustart. Seit heute fährt er zudem nach 60 Sekunden runter (auch nur ab und an, denn momentan läuft es). Auch firefox läuft seit einigen Tagen äußerst instabil und stürzt häufig ab, bin aber nicht sicher ob das zusammenhängt oder ein Problem mit einem Addon sein könnte.

Ich hoffe es ist kein Backdoor Trojaner, der dieses Problem verursacht, denn ich habe kein CD Laufwerk o.ä. mit dem ich das System schnell wieder aufspielen könnte...

Hier mal mein Hijack log. Wäre unheimlich dankbar, wenn sich den mal jemand anschauen könnte.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:04, on 29.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [international] International
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241832768671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5393 bytes

Vielen Dank,
Ellen

Hey,

arbeite bitte folgende Punkte ab:

1.)
Random's System Information Tool

Lade dir die RSIT.exe von random/random herunter und speichere sie auf den Desktop.
Starte RSIT mit einem Doppelklick.
Klicke auf Continue um die Nutzungsbedingungen zu akzeptieren.
Nach dem Scan werden zwei Logfiles erstellt (log.txt und info.txt)
Poste den Inhalt der beiden Logfiles in [code]-Tags:

HTML-Code:

[CODE]Hier das Logfile rein![/CODE]

2.)
MalwareBytes Anti-Malware:

Lade dir MalwareBytes Anti-Malware
Folge den Anweisungen der Anleitung
Lösche alles in der Quarantäne:

http://saved.im/ndc5njj4d2lr/entfernen.png

poste das entstandene Logfile

Wow, das ging ja schnell. Hoffe ich hab das mit den Codes richtig gemacht. Mache dann jetzt mal mit Schritt 2 weiter. Vielen lieben Dank schonmal.

Code:

info.txt logfile of random's system information tool 1.06 2009-09-29 10:09:28
 

======Uninstall list======
 

-->c:\windows\vcp_save\runme.bat

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

BurnRecovery-->MsiExec.exe /I{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}

Cisco AnyConnect VPN Client-->MsiExec.exe /X{6005535D-8A83-4108-A757-E1AB9886AECA}

Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}

Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe

No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}

OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0007 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly

Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"

Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG

TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}

Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}

Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}

Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

USB 2.0 Card Reader-->C:\Programme\InstallShield Installation Information\{D10CB652-9332-4242-B7A9-2D61570144F7}\setup.exe -runfromtemp -l0x0009 -removeonly

Windows Driver Package - Atheros (AR5416) Net  (04/08/2008 7.6.0.200)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netathw_8508BD3D9EB89B06D2861AE76DC11BAE84C3E3C7\netathw.inf

Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net  (05/19/2008 1.01.03.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\rt2860_182C209AFE287E941D2F1DE5B71B3589853F453B\rt2860.inf

Windows Driver Package - Realtek (rtl8187Se) Net  (07/10/2008 5.9067.0710.2008)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\net8187se_06BCAD86CB743343CBFF6639914BD6E626DE4A59\net8187se.inf

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

WinRAR archiver-->C:\Programme\WinRAR 3.61 Multi\Uninstall.exe
 

======Security center information======
 

AV: AntiVir Desktop
 

======System event log======
 

Computer Name: 

Event Code: 7000

Message: Der Dienst "Automatische Updates" wurde aufgrund folgenden Fehlers nicht gestartet: 

Das System kann die angegebene Datei nicht finden.
 
 

Record Number: 3685

Source Name: Service Control Manager

Time Written: 20090816104009.000000+120

Event Type: Fehler

User: 
 

Computer Name: 

Event Code: 4201

Message: Netzwerkadapter "\DEVICE\TCPIP_{C191C92B-D685-463B-BCD6-99FC98F8152A}" wurde mit dem Netzwerk verbunden, und das

System wurde über das Netzwerk im normalen Zustand gestartet.
 

Record Number: 3684

Source Name: Tcpip

Time Written: 20090816103950.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 17

Message: AVGNTFLT successfully loaded
 

Record Number: 3683

Source Name: avgntflt

Time Written: 20090816103949.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 268

Message: The driver initialization status is 0:0:0:0:0:0:0:0.
 

Record Number: 3682

Source Name: pctcore

Time Written: 20090816103949.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 6005

Message: Der Ereignisprotokolldienst wurde gestartet.
 

Record Number: 3681

Source Name: EventLog

Time Written: 20090816103938.000000+120

Event Type: Informationen

User: 
 

=====Application event log=====
 

Computer Name: 

Event Code: 1800

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
 

Record Number: 5

Source Name: SecurityCenter

Time Written: 20090509003654.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 0

Message: 

Record Number: 4

Source Name: TOSHIBA Bluetooth Service

Time Written: 20090509003648.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 101

Message: wuauclt (1744) Das Datenbankmodul wurde beendet.
 

Record Number: 3

Source Name: ESENT

Time Written: 20090509003602.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 103

Message: wuaueng.dll (1744) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.
 

Record Number: 2

Source Name: ESENT

Time Written: 20090509003602.000000+120

Event Type: Informationen

User: 
 

Computer Name: 

Event Code: 11728

Message: Product: WebFldrs XP -- Configuration completed successfully.
 

Record Number: 1

Source Name: MsiInstaller

Time Written: 20090509003600.000000+120

Event Type: Informationen

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=1c02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
 

-----------------EOF-----------------

Und hier noch die log file

Code:

 Logfile of random's system information tool 1.06 (written by random/random)

Run by Ellen_ at 2009-09-29 10:09:16

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 27 GB (68%) free of 40 GB

Total RAM: 1013 MB (62% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:09:23, on 29.09.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Dokumente und Einstellungen\Ellen_\Desktop\RSIT.exe

C:\Dokumente und Einstellungen\Ellen_\Desktop\Ellen_.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O11 - Options group: [international] International

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241832768671

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
 

--

End of file - 5488 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\1-Klick-Wartung.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]

Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-09-22 259696]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]

Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-09 668656]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c84d72fe-e17d-4195-bb24-76c02e2e7c4e}]

Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-09-22 470512]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-10 35840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-10 73728]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

Hotspot Shield Class - C:\Programme\Hotspot Shield\hssie\HssIE.dll [2009-05-10 218160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-09-22 259696]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]

C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]

C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-09 39408]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dd816bc-40c1-11de-b171-002185b65857}]

shell\autorun\command - E:\LaunchU3.exe -a
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dd816bd-40c1-11de-b171-002185b65857}]

shell\autorun\command - F:\uqsltp.exe

shell\explore\command - F:\uqsltp.exe

shell\open\command - F:\uqsltp.exe
 
 

======List of files/folders created in the last 1 months======
 

2009-09-29 10:09:16 ----D---- C:\rsit

2009-09-29 09:35:52 ----D---- C:\Programme\Trend Micro

2009-09-29 09:12:19 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-28 10:12:45 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-09-28 10:12:25 ----D---- C:\Programme\TuneUp Utilities 2007

2009-09-28 10:11:36 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2009-09-22 13:01:35 ----HDC---- C:\WINDOWS\ie8

2009-09-22 13:01:27 ----D---- C:\WINDOWS\LastGood.Tmp

2009-09-22 13:00:50 ----HD---- C:\WINDOWS\msdownld.tmp

2009-09-17 10:29:28 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-09-17 10:29:28 ----A---- C:\WINDOWS\system32\sndrec32.exe

2009-09-17 10:29:27 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-09-17 10:13:56 ----A---- C:\WINDOWS\system32\simptcp.dll

2009-09-17 10:13:54 ----A---- C:\WINDOWS\system32\iprip.dll

2009-09-17 08:37:50 ----D---- C:\Dokumente und Einstellungen\Ellen_\Anwendungsdaten\Cisco

2009-09-16 16:38:23 ----D---- C:\Programme\Cisco

2009-09-16 16:38:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
 

======List of files/folders modified in the last 1 months======
 

2009-09-29 09:41:00 ----D---- C:\Programme\Mozilla Thunderbird

2009-09-29 09:35:52 ----RD---- C:\Programme

2009-09-29 09:33:40 ----D---- C:\Programme\Mozilla Firefox

2009-09-29 09:16:16 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-29 09:15:35 ----D---- C:\WINDOWS\Temp

2009-09-29 09:12:19 ----D---- C:\WINDOWS

2009-09-29 09:07:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-29 09:01:46 ----D---- C:\WINDOWS\Debug

2009-09-29 09:01:42 ----D---- C:\Programme\Spyware Doctor

2009-09-29 09:01:42 ----D---- C:\Programme\Security Task Manager

2009-09-29 09:01:38 ----SHD---- C:\WINDOWS\Installer

2009-09-29 09:00:56 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

2009-09-28 10:12:59 ----SD---- C:\WINDOWS\Tasks

2009-09-28 10:12:45 ----D---- C:\WINDOWS\system32

2009-09-28 10:11:36 ----D---- C:\Programme\Gemeinsame Dateien

2009-09-28 10:05:48 ----D---- C:\WINDOWS\system32\drivers

2009-09-28 10:03:38 ----D---- C:\WINDOWS\security

2009-09-28 09:57:03 ----HD---- C:\WINDOWS\inf

2009-09-28 09:56:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-09-28 09:54:48 ----A---- C:\WINDOWS\imsins.BAK

2009-09-28 09:53:10 ----D---- C:\WINDOWS\Help

2009-09-28 09:21:20 ----D---- C:\Programme\Google

2009-09-22 13:03:52 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-22 13:03:52 ----D---- C:\WINDOWS\system32\de-de

2009-09-22 13:03:52 ----D---- C:\Programme\Internet Explorer

2009-09-22 13:02:43 ----D---- C:\WINDOWS\WBEM

2009-09-22 13:02:36 ----D---- C:\WINDOWS\Media

2009-09-19 08:11:20 ----D---- C:\Dokumente und Einstellungen\Ellen_\Anwendungsdaten\Skype

2009-09-18 11:42:48 ----D---- C:\Dokumente und Einstellungen\Ellen_\Anwendungsdaten\skypePM

2009-09-17 09:36:46 ----D---- C:\WINDOWS\Prefetch

2009-09-17 09:02:29 ----D---- C:\WINDOWS\system32\config

2009-09-16 16:38:23 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-09 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]

R1 tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]

R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-11 156160]

R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-05-19 625792]

R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]

R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-09 1309504]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

S3 ikfilesec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2009-06-09 42376]

S3 iksysflt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]

S3 iksyssec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]

S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-07-10 306176]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-11 106368]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]

S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]

S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]

S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]

S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]

S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]

S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]

S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]

S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 HssSrv;Hotspot Shield Helper Service; C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-22 328752]

R2 iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-10 152984]

R2 simptcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]

R2 uxtuneup;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 183280]

S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-05-30 541992]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 p2pimsvc;Peernetzwerkidentitäts-Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 p2psvc;Peernetzwerk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 pnrpsvc;Peer Name Resolution-Protokoll; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 sdauxservice;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

S3 sdcoreservice;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
 

-----------------EOF-----------------

Hi,

Zitat:

F:\uqsltp.exe

Was ist F: bei dir für ein Laufwerk?

Hm, seltsam, eigentlich habe ich nur die Laufwerke C und D

Hast du irgendeinen USB Stick, oder eine Speicherkarte, die du jemandem ausgeliehen hast oder die du von jemand ausgeliehen hast?

So, habe jetzt auch Malwarebytes laufen lassen und 14 Einträge gehabt. Logfile folgt:

Code:

 Malwarebytes' Anti-Malware 1.41

Datenbank Version: 2870

Windows 5.1.2600 Service Pack 3
 

29.09.2009 10:43:49

mbam-log-2009-09-29 (10-43-49).txt
 

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 88549

Laufzeit: 5 minute(s), 40 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 5

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 2

Infizierte Verzeichnisse: 0

Infizierte Dateien: 7
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Lala (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\WINDOWS\system32\kungsfbuyvqqhx.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kungsfnmxcvnat.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yhafd78auhd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Ellen_\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Ellen_\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Schätze mal, dass ein reboot angebracht ist und ein erneuter scan?

Hallo Silent Shark!

Ich nutze oft USB Sticks oder Memory Cards (eigene sowie die von Freunden) zum übertragen von Fotos.

Jop, mach das bitte mal und führe dann diese Tools aus:

1.)
Blacklight scannen lassen

Benenne die .exe von BlackLight in yhjndl.exe um und starte sie erst dann!

Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, gib bescheid.
Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen.
Klick "I accept the agreement", "next", "Scan".
Wenn der Scan fertig ist beende Blacklight mit "Close".
Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.

2.)
Gmer scannen lassen

Benenne gmer.exe vor dem Ausführen in dsyxxjn.exe um!

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.

Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.

Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
(Wichtig: "Show all" darf nicht angehakt sein)

Starte den Durchlauf mit "Scan".

Mache nichts am Computer während der Scan läuft.

Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.

Füge das Log aus der Zwischenablage in deine Antwort hier ein.

3.)
SUPERAntiSpyware:

Lade dir SUPERAntiSpyware und installiere es
Folge den Anweisungen und poste das entstandene Logfile

Hi!
Finde Blacklight auf der Seite nur als .exe und die heißt dann fsbl. Daher finde ich auch kein blbeta. Sorry, ich bin bei solchen Dingen etwas unerfahren. Du sagst ich soll gmer runterladen und dann gmer.exe starten. Vor dem Start aber noch umbenennen in dsy... oder nicht?

BlackLight einfach starten, du kannst da das umbenennen lassen. GMER umbenennen und dann starten, ja. :)

soooo :) Nachdem mein System 2 x nach dem Durchlauf von gmer eingefroren ist, hier mal die logs von gmer und blacklight.

Code:

 GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-29 12:36:52

Windows 5.1.2600 Service Pack 3

Running: dsyxxjn.exe.exe; Driver: C:\DOKUME~1\Ellen_\LOKALE~1\Temp\pgldapog.sys
 
 

---- System - GMER 1.0.15 ----
 

Code            8674EB28                                                                                                         ZwEnumerateKey

Code            8674EAF0                                                                                                         ZwFlushInstructionCache

Code            8674EB5E                                                                                                         IofCallDriver

Code            86B265F6                                                                                                         IofCompleteRequest
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           TUKERNEL.EXE!IofCallDriver                                                                                       804E13A7 5 Bytes  JMP 8674EB63 

.text           TUKERNEL.EXE!IofCompleteRequest                                                                                  804E17BD 5 Bytes  JMP 86B265FB 

PAGE            TUKERNEL.EXE!ZwEnumerateKey                                                                                      80578E14 5 Bytes  JMP 8674EB2C 

PAGE            TUKERNEL.EXE!ZwFlushInstructionCache                                                                             80587BFB 5 Bytes  JMP 8674EAF4 
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Fastfat \Fat                                                                                         kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                         fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Services - GMER 1.0.15 ----
 

Service         system32\drivers\kungsfpfvkpdqw.sys (*** hidden *** )                                                            [SYSTEM] kungsftowykvtm                                                  <-- ROOTKIT !!!

Service         C:\WINDOWS\system32\drivers\SKYNETqteixjik.sys (*** hidden *** )                                                 [SYSTEM] SKYNETuwipyymd                                                  <-- ROOTKIT !!!
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm@start                                                          1

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm@type                                                           1

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm@group                                                          file system

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm@imagepath                                                      \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main (not active ControlSet)                                   

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main@aid                                                       10071

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main@sid                                                       0

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main@cmddelay                                                  7200

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main\connections (not active ControlSet)                       

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main\delete (not active ControlSet)                            

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main\injector (not active ControlSet)                          

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main\injector@*                                                kungsfwsp.dll

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\main\tasks (not active ControlSet)                             

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules (not active ControlSet)                                

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules@kungsfrk.sys                                           \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules@kungsfcmd.dll                                          \systemroot\system32\kungsfbuyvqqhx.dll

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules@kungsflog.dat                                          \systemroot\system32\kungsfnybaxrsv.dat

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules@kungsfwsp.dll                                          \systemroot\system32\kungsfnmxcvnat.dll

Reg             HKLM\SYSTEM\ControlSet001\Services\kungsftowykvtm\modules@kungsf.dat                                             \systemroot\system32\kungsfdaylqmpu.dat

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd (not active ControlSet)                                        

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd@start                                                          1

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd@type                                                           1

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd@group                                                          file system

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd@imagepath                                                      \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd\main (not active ControlSet)                                   

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd\main\injector (not active ControlSet)                          

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd\modules (not active ControlSet)                                

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd\modules@SKYNETrk.sys                                           \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\ControlSet001\Services\SKYNETuwipyymd\modules@SKYNETcmd.dll                                          \systemroot\system32\SKYNETbfgnbjrn.dll

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             2

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             7

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             35

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             4

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType             7

Reg             HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics  256

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm@start                                                          1

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm@type                                                           1

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm@group                                                          file system

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm@imagepath                                                      \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main                                                           

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main@aid                                                       10071

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main@sid                                                       0

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main@cmddelay                                                  7200

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main\connections                                               

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main\delete                                                    

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main\injector                                                  

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main\injector@*                                                kungsfwsp.dll

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\main\tasks                                                     

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules                                                        

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules@kungsfrk.sys                                           \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules@kungsfcmd.dll                                          \systemroot\system32\kungsfbuyvqqhx.dll

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules@kungsflog.dat                                          \systemroot\system32\kungsfnybaxrsv.dat

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules@kungsfwsp.dll                                          \systemroot\system32\kungsfnmxcvnat.dll

Reg             HKLM\SYSTEM\controlset002\Services\kungsftowykvtm\modules@kungsf.dat                                             \systemroot\system32\kungsfdaylqmpu.dat

Reg             HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@                                                  

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd                                                                

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd@start                                                          1

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd@type                                                           1

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd@group                                                          file system

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd@imagepath                                                      \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd\main                                                           

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd\main\injector                                                  

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd\modules                                                        

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd\modules@SKYNETrk.sys                                           \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\controlset002\Services\SKYNETuwipyymd\modules@SKYNETcmd.dll                                          \systemroot\system32\SKYNETbfgnbjrn.dll

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm@start                                                      1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm@type                                                       1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm@group                                                      file system

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm@imagepath                                                  \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main                                                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main@aid                                                   10071

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main@sid                                                   0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main@cmddelay                                              7200

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main\connections                                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main\delete                                                

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main\injector                                              

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main\injector@*                                            kungsfwsp.dll

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\main\tasks                                                 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules                                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules@kungsfrk.sys                                       \systemroot\system32\drivers\kungsfpfvkpdqw.sys

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules@kungsfcmd.dll                                      \systemroot\system32\kungsfbuyvqqhx.dll

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules@kungsflog.dat                                      \systemroot\system32\kungsfnybaxrsv.dat

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules@kungsfwsp.dll                                      \systemroot\system32\kungsfnmxcvnat.dll

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kungsftowykvtm\modules@kungsf.dat                                         \systemroot\system32\kungsfdaylqmpu.dat

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd                                                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd@start                                                      1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd@type                                                       1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd@group                                                      file system

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd@imagepath                                                  \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd\main                                                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd\main\injector                                              

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd\modules                                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd\modules@SKYNETrk.sys                                       \systemroot\system32\drivers\SKYNETqteixjik.sys

Reg             HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuwipyymd\modules@SKYNETcmd.dll                                      \systemroot\system32\SKYNETbfgnbjrn.dll
 

---- EOF - GMER 1.0.15 ----

UND:

Code:

09/29/09 11:30:28 [Info]: BlackLight Engine 2.2.1092 initialized

09/29/09 11:30:28 [Info]: OS: 5.1 build 2600 (Service Pack 3)

09/29/09 11:30:29 [Note]: 7019 4

09/29/09 11:30:29 [Note]: 7005 0

09/29/09 11:30:35 [Note]: 7006 0

09/29/09 11:30:35 [Note]: 7011 1888

09/29/09 11:30:35 [Note]: 7035 0

09/29/09 11:30:36 [Note]: 7026 0

09/29/09 11:30:36 [Note]: 7026 0

09/29/09 11:30:43 [Note]: FSRAW library version 1.7.1024

09/29/09 11:34:40 [Note]: 7007 0

Nun stelle ich dich vor dem Ultimatum, ob du lieber ein kurzes und sicheres Neuaufsetzen in Angriff nehmen möchtest, oder eine tagelange und nervenraubende Bereinigung in Betracht ziehst. :daumenhoc

Hmmm, dachte mir schon sowas :heulen: Da ich aber nicht so genau weiss wie ich das mache ohne CD Laufwerk das Betriebssystem neu aufzuspielen, entscheide ich mich für Variante B :-)