[callboy]

Hallo zusammen,

ich hab mal einen Online-Scan mittels BitDefender gemacht.
Trotz stets akuellem Kaspersky hatte ich mir 2 Trojaner eingefangen.
Die sind mittlerweile erledigt.
Einen Fehler konnte das Programm nicht beseitigen:

User/M/AppData/Local/qsgqo.exe
Verursacher: Gen:Adware Heur.2115 BAFAFA

Ist das ein wirkliches Problem, oder kann man das ganz simpel
beseitigen?

Vielen Dank schonmal im vorraus

Michael

[~phoenix~]

http://www.pcwelt.de/forum/sicherhei...barbeiten.html

[callboy]

Ich hab das jetzt so gemacht.

Die Logs hätte ich gerne als Anhang eingestellt, doch es
ird mir immer "Fehler auf der Seite" angezeigt.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2009-05-05 06:01:45
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 101 GB (66%) free of 153 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:01:55, on 05.05.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Michael\AppData\Local\qsgcqso.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Documents\1_PC_Check\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [qsgcqso] "c:\users\michael\appdata\local\qsgcqso.exe" qsgcqso
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Labtec Mauseinstellungen.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CS19\Services\Tcpip\..\{38BE1060-BFE3-4E7C-8515-02E39725B720}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS29\Services\Tcpip\..\{38BE1060-BFE3-4E7C-8515-02E39725B720}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS41\Services\Tcpip\..\{38BE1060-BFE3-4E7C-8515-02E39725B720}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS43\Services\Tcpip\..\{38BE1060-BFE3-4E7C-8515-02E39725B720}: NameServer = 195.50.140.114 195.50.140.252
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7726 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-20 136600]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-26 218376]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-11 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"qsgcqso"=c:\users\michael\appdata\local\qsgcqso.exe [2009-04-21 303104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Labtec Mauseinstellungen.lnk - C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2007-06-26 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53765f31-039b-11dc-8dd3-0019b9549002}]
shell\AutoRun\command - E:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-05-04 13:34:29 ----D---- C:\Users\Michael\AppData\Roaming\Malwarebytes
2009-05-04 13:34:23 ----D---- C:\ProgramData\Malwarebytes
2009-05-04 13:34:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-04 13:27:53 ----D---- C:\rsit
2009-05-04 11:28:37 ----D---- C:\Windows\BDOSCAN8
2009-05-04 11:09:48 ----D---- C:\Program Files\Trend Micro
2009-04-21 06:28:58 ----D---- C:\Program Files\Mozilla Firefox
2009-04-18 07:58:18 ----A---- C:\Windows\system32\rpcss.dll
2009-04-18 07:58:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-18 07:58:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-18 07:58:16 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-18 07:58:15 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-18 07:58:14 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-18 07:58:14 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-18 07:58:14 ----A---- C:\Windows\system32\iashost.exe
2009-04-18 07:58:14 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-18 07:58:14 ----A---- C:\Windows\system32\iasads.dll
2009-04-18 07:58:06 ----A---- C:\Windows\system32\winhttp.dll
2009-04-18 07:58:04 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-18 07:58:04 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-18 07:57:56 ----A---- C:\Windows\system32\secur32.dll
2009-04-18 07:57:56 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-18 07:57:56 ----A---- C:\Windows\system32\kernel32.dll
2009-04-18 07:57:48 ----A---- C:\Windows\system32\apilogen.dll
2009-04-18 07:57:48 ----A---- C:\Windows\system32\amxread.dll
2009-04-17 16:29:51 ----A---- C:\Windows\SolarSystem Uninstaller.exe
2009-04-17 16:29:09 ----A---- C:\Windows\system32\mshtml.dll
2009-04-17 16:29:07 ----A---- C:\Windows\system32\ieframe.dll
2009-04-17 16:29:06 ----A---- C:\Windows\system32\urlmon.dll
2009-04-17 16:29:01 ----A---- C:\Windows\system32\iertutil.dll
2009-04-17 16:29:00 ----A---- C:\Windows\system32\wininet.dll
2009-04-17 16:29:00 ----A---- C:\Windows\system32\occache.dll
2009-04-17 16:29:00 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-17 16:29:00 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-17 16:29:00 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-17 16:29:00 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-17 16:28:59 ----A---- C:\Windows\system32\mstime.dll
2009-04-17 16:28:59 ----A---- C:\Windows\system32\ieencode.dll
2009-04-17 16:28:58 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-05-05 06:01:35 ----D---- C:\Windows\Temp
2009-05-04 22:31:46 ----D---- C:\Windows\tracing
2009-05-04 20:59:22 ----D---- C:\Windows\Prefetch
2009-05-04 20:57:21 ----D---- C:\Windows\system32\drivers
2009-05-04 13:34:23 ----RD---- C:\Program Files
2009-05-04 13:34:23 ----HD---- C:\ProgramData
2009-05-04 11:44:15 ----D---- C:\Program Files\InternetGameBox
2009-05-04 11:28:39 ----SD---- C:\Windows\Downloaded Program Files
2009-05-04 11:28:38 ----D---- C:\Windows
2009-05-04 08:58:57 ----D---- C:\Windows\System32
2009-05-04 08:58:37 ----D---- C:\Program Files\Yahoo!
2009-05-04 08:58:28 ----A---- C:\YServer.txt
2009-05-03 14:56:27 ----D---- C:\Windows\inf
2009-05-03 14:56:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-03 14:50:26 ----D---- C:\ProgramData\Kaspersky Lab
2009-05-03 05:48:45 ----SHD---- C:\System Volume Information
2009-05-01 15:27:34 ----D---- C:\Windows\system32\catroot2
2009-05-01 03:00:54 ----D---- C:\Windows\winsxs
2009-04-30 16:06:10 ----D---- C:\Windows\system32\catroot
2009-04-21 06:23:52 ----D---- C:\Users\Michael\AppData\Roaming\Mozilla
2009-04-19 03:06:19 ----D---- C:\Windows\system32\wbem
2009-04-19 03:06:19 ----D---- C:\Windows\system32\manifeststore
2009-04-19 03:06:19 ----D---- C:\Windows\AppPatch
2009-04-19 03:06:19 ----D---- C:\Program Files\Windows Mail
2009-04-18 03:10:23 ----D---- C:\Program Files\Internet Explorer
2009-04-14 09:00:50 ----D---- C:\Windows\Minidump
2009-04-09 23:41:00 ----D---- C:\Windows\system32\WDI
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-05-29 112144]
R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2008-05-21 127768]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R1 MUsbFltr;WayTechUSBFilterDriver; C:\Windows\system32\drivers\MUsbFltr.sys [2006-06-27 9088]
R2 ACEDRV08;ACEDRV08; \??\C:\Windows\system32\drivers\ACEDRV08.sys [2007-05-22 108768]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 bcm4sbxp;Broadcom 440x 10/100-integrierter Controller-XP-Treiber; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 NETw3v32;%NIC_Service_DispName_VISTA%; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-19 2225664]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-06 36864]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-19 28160]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-26 218376]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-03-11 656168]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2007-11-23 16936]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1945
Windows 6.0.6001 Service Pack 1

04.05.2009 22:55:41
mbam-log-2009-05-04 (22-54-17).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 212207
Laufzeit: 1 hour(s), 43 minute(s), 18 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

InternetGameBox befindet sich nicht auf dem Rechner.... wird jedenfalls
nicht angezeigt

Ich wäre euch für eine Überprüfung dankbar

[~phoenix~]

lass bitte folgendes auf Virustotal bzw Jotti scannen und poste hier das Ergebnis:

Code:

C:\Users\Michael\AppData\Local\qsgcqso.exe

im Taskmanager beenden:
C:\Users\Michael\AppData\Local\qsgcqso.exe



Bitte fixe mit HJT folgendes:
fixen: scannen, anschliessend gewünschte Einträge mit Haken versehen und anschl.fixen

Code:

O4 - HKCU\..\Run: [qsgcqso] "c:\users\michael\appdata\local\qsgcqso.exe" qsgcqso
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)

Falls etwas nach dem fixen nicht mehr funktioniert, kannst du die gefixten Einträge wiederherstellen- hierzu muss jedoch HJT in einem separaten Ordner laufen.(Bsp C:\HJT\



lade dir CCleaner und lass dein System in den Standardeinstellungen bereinigen : >>Klick<<



lade dir LSPfix und ausführen: >>Klick<<



Mbam erneut ausführen und bereinigen lassen

[callboy]

Bei LSPfix bekomme ich folgenden Hinweis:

Winsock 2 Registry Key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameter is missing or could be not accessed

[~phoenix~]

http://www.softpedia.com/get/Tweak/N...nSockFix.shtml

probier das mal aus- ansonsten müsste Spybot S&D die Winsockfehler reparieren können... sind aber z Zt Zweitrangig