locked
System32 Ordner öffnet sich beim Starten RRS feed

  • Frage

  • Hallo,

    ich habe ein Problem bei einem Kunden.

    Und zwar öffnet sich hier nach dem Start immer wieder der System32 Ordner.

    Habe daraufhin mal ein Registry Clean durchgeführt. Jedoch ohne Erfolg.

    Anbei mal das HiJack Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:47:32, on 06.05.2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Empirum\Eris.exe
    C:\Programme\Intel\WiFi\bin\S24EvMon.exe
    C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
    C:\WINDOWS\system32\Empirum\EmpirumRCHost.exe
    C:\Programme\Intel\WiFi\bin\EvtEng.exe
    C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Programme\F-Secure\Common\FSMA32.EXE
    C:\Programme\F-Secure\Common\FSHDLL32.EXE
    C:\WINDOWS\system32\hasplms.exe
    C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
    C:\Programme\Java\jre7\bin\jqs.exe
    C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
    C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Programme\lotus\notes\ntmulti.exe
    C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
    C:\Programme\Lenovo\System Update\SUService.exe
    C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
    C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
    C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
    C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Programme\F-Secure\Common\FNRB32.EXE
    C:\Programme\F-Secure\Anti-Virus\fssm32.exe
    C:\Programme\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programme\F-Secure\Anti-Virus\fsav32.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Empirum\EmpirumRemoteSettings.exe
    C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\Programme\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\Empirum\eris_ui.exe
    C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
    C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
    C:\Programme\Lenovo\Zoom\TpScrex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Programme\Mindjet\MindManager 8\MMReminderService.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
    C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Programme\WinZip\WZQKPICK.EXE
    C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    D:\Dokumente und Einstellungen\schappel\temp\TeamViewer\Version4\TeamViewer.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Internet Explorer\iexplore.exe
    D:\Dokumente und Einstellungen\schappel\Desktop\HiJackThis\HiJackThis204.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kuraray.eu
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lb-mowital.kuraray.eu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von Kuraray Europe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [erisui] "C:\WINDOWS\system32\Empirum\eris_ui" /hide
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SmartAudio] C:\Programme\CONEXANT\SAII\SAIICpl.exe /t
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [IMSS] "C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MMReminderService.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM]  -scheduler
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Empirum Inventory.lnk = C:\WINDOWS\system32\Empirum\EmpInventory.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Programme\ELOprofessional\Prog\Client\EloArcConnect.exe
    O9 - Extra 'Tools' menuitem: ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Programme\ELOprofessional\Prog\Client\EloArcConnect.exe
    O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
    O9 - Extra button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Programme\ELOprofessional\Prog\Client\EloInternetExplorer.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://*.srv005
    O15 - Trusted Zone: http://*.srv005 (HKLM)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kuraray-eu.local
    O17 - HKLM\Software\..\Telephony: DomainName = kuraray-eu.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kuraray-eu.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kuraray-eu.local
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
    O23 - Service: Empirum Remote Control Service (EmpirumRC_Service) - matrix42 AG - C:\WINDOWS\system32\Empirum\EmpirumRCHost.exe
    O23 - Service: Empirum Remote Installation Service (ERIS) - Matrix42 AG - C:\WINDOWS\system32\Empirum\Eris.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Netzwerk-Anfragebroker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Programme\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure\ORSP Client\fsorsp.exe
    O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Java\jre7\bin\jqs.exe
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (Lenovo.micmute) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - D:\DOKUME~1\hess-bec\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    --
    End of file - 15260 bytes

    Hoffe mir kann hier jemand weiterhelfen.

    Montag, 6. Mai 2013 08:13

Antworten

Alle Antworten