Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unerwünschtes Pop-Up- RON Offersfortoday (https://www.trojaner-board.de/65134-unerwuenschtes-pop-up-ron-offersfortoday.html)

LisaG 25.11.2008 18:20
silentrunner log-file war zu groß ist jetzt bei:

http://www.file-upload.net/download-...nners.zip.html

LisaG 25.11.2008 19:22
combofix - log file

Code:
ComboFix 08-11-24.03 - lisa 2008-11-25 19:06:55.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1335 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\lisa\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2008-10-25 bis 2008-11-25  ))))))))))))))))))))))))))))))
.

2008-11-25 18:58 . 2008-11-25 18:58        <DIR>        d--------        c:\programme\CCleaner
2008-11-25 16:55 . 2008-11-25 16:55        <DIR>        d--------        c:\programme\Malwarebytes' Anti-Malware
2008-11-25 16:55 . 2008-11-25 16:55        <DIR>        d--------        c:\dokumente und einstellungen\lisa\Anwendungsdaten\Malwarebytes
2008-11-25 16:55 . 2008-11-25 16:55        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-11-25 16:55 . 2008-10-22 16:10        38,496        --a------        c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 16:55 . 2008-10-22 16:10        15,504        --a------        c:\windows\system32\drivers\mbam.sys
2008-11-25 14:31 . 2008-11-25 14:31        <DIR>        d--------        c:\programme\Trend Micro
2008-11-25 11:10 . 2008-11-25 11:10        165        --a------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\service.dat
2008-11-24 15:06 . 2008-11-24 15:06        49,848        --ah-----        c:\windows\system32\mlfcache.dat
2008-11-24 11:41 . 2008-11-24 11:41        <DIR>        d--------        c:\programme\MSXML 6.0
2008-11-23 10:40 . 2008-11-23 10:40        <DIR>        d--------        c:\programme\Avira
2008-11-23 10:40 . 2008-11-23 10:40        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2008-11-23 10:35 . 2008-11-23 10:37        25,170,424        --a------        C:\antivir_workstation_winu_de_h.exe
2008-11-23 10:28 . 2008-11-23 10:28        <DIR>        d--------        c:\programme\Safari
2008-11-23 10:12 . 2008-11-23 11:08        <DIR>        d--------        c:\windows\system32\CatRoot_bak
2008-11-23 10:12 . 2008-06-14 18:57        273,024        ---------        c:\windows\system32\drivers\bthport.sys
2008-11-23 10:12 . 2008-06-14 18:57        273,024        ---------        c:\windows\system32\dllcache\bthport.sys
2008-11-23 10:12 . 2008-08-14 10:51        138,368        ---------        c:\windows\system32\dllcache\afd.sys
2008-11-23 10:11 . 2008-08-14 14:36        2,188,288        ---------        c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-23 10:11 . 2008-08-14 14:35        2,145,280        ---------        c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-23 10:11 . 2008-09-15 16:13        1,847,040        ---------        c:\windows\system32\dllcache\win32k.sys
2008-11-23 10:10 . 2008-08-14 14:36        2,065,280        ---------        c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-23 10:10 . 2008-08-14 14:35        2,023,424        ---------        c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-23 10:10 . 2008-10-24 12:10        453,632        ---------        c:\windows\system32\dllcache\mrxsmb.sys
2008-11-23 10:10 . 2008-05-01 15:30        331,776        ---------        c:\windows\system32\dllcache\msadce.dll
2008-11-23 10:10 . 2008-05-08 13:28        202,752        ---------        c:\windows\system32\dllcache\rmcast.sys
2008-11-23 10:09 . 2008-09-04 17:43        1,106,944        ---------        c:\windows\system32\dllcache\msxml3.dll
2008-11-23 03:22 . 2008-07-30 17:42        23,888        --a------        c:\windows\system32\drivers\COH_Mon.sys
2008-11-23 03:22 . 2008-07-30 17:28        10,537        --a------        c:\windows\system32\drivers\COH_Mon.cat
2008-11-23 03:22 . 2008-07-30 17:28        706        --a------        c:\windows\system32\drivers\COH_Mon.inf
2008-11-23 02:50 . 2008-11-23 02:50        <DIR>        d--------        c:\dokumente und einstellungen\lisa\Anwendungsdaten\AntiSpywareGuard
2008-11-23 02:24 . 2008-11-23 02:24        84,310        --a------        c:\windows\system32\jlpqyqtwsn.dll-uninst.exe
2008-11-23 02:24 . 2008-11-23 02:24        47,897        --a------        c:\windows\system32\qcodxvakgkf.exe
2008-11-22 10:18 . 2008-11-25 14:18        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2008-11-20 20:27 . 2008-11-20 20:27        <DIR>        d--------        c:\windows\Sun
2008-11-17 12:20 . 2008-11-17 12:20        <DIR>        d--------        c:\programme\iTunes
2008-11-17 12:20 . 2008-11-17 12:20        <DIR>        d--------        c:\programme\iPod
2008-11-17 12:20 . 2008-11-23 12:08        <DIR>        d--------        c:\programme\Bonjour
2008-11-17 12:20 . 2008-11-23 10:29        <DIR>        d--------        c:\dokumente und einstellungen\lisa\Anwendungsdaten\Apple Computer
2008-11-17 12:20 . 2008-11-17 12:20        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-17 12:20 . 2008-04-17 13:12        107,368        --a------        c:\windows\system32\GEARAspi.dll
2008-11-17 12:20 . 2008-04-17 13:12        15,464        --a------        c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-17 12:19 . 2008-11-17 12:20        <DIR>        d--------        c:\programme\QuickTime
2008-11-17 12:19 . 2008-11-17 12:19        <DIR>        d--------        c:\programme\Gemeinsame Dateien\Apple
2008-11-17 12:19 . 2008-11-17 12:19        <DIR>        d--------        c:\programme\Apple Software Update
2008-11-17 12:19 . 2008-11-17 12:20        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-11-17 12:19 . 2008-11-17 12:19        <DIR>        d--------        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2008-11-11 17:04 . 2008-11-11 17:04        <DIR>        d--------        c:\windows\WLTB Custom Button Feeds
2008-11-11 17:04 . 2008-11-11 17:04        <DIR>        d--------        c:\windows\Google Toolbar
2008-11-11 17:04 . 2008-11-11 17:04        <DIR>        d--------        c:\windows\__SkypeIEToolbar_Cache

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 18:09        ---------        d-----w        c:\programme\Gemeinsame Dateien\Symantec Shared
2008-11-25 17:44        ---------        d-----w        c:\dokumente und einstellungen\lisa\Anwendungsdaten\Skype
2008-11-25 15:04        ---------        d-----w        c:\dokumente und einstellungen\lisa\Anwendungsdaten\skypePM
2008-11-25 10:27        ---------        d--h--w        c:\programme\InstallShield Installation Information
2008-11-25 10:26        ---------        d-----w        c:\programme\Creative
2008-11-23 02:24        ---------        d-----w        c:\programme\Google
2008-11-23 02:22        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec
2008-11-22 22:45        ---------        d-----w        c:\dokumente und einstellungen\lisa\Anwendungsdaten\Lenovo
2008-11-19 12:50        ---------        d-----w        c:\programme\Lexmark X1100 Series
2008-11-16 17:24        ---------        d-----w        c:\dokumente und einstellungen\lisa\Anwendungsdaten\dvdcss
2008-10-24 11:10        453,632        ------w        c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13        202,776        ----a-w        c:\windows\system32\wuweb.dll
2008-10-16 13:13        202,776        ----a-w        c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13        1,809,944        ----a-w        c:\windows\system32\wuaueng.dll
2008-10-16 13:13        1,809,944        ----a-w        c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12        561,688        ----a-w        c:\windows\system32\wuapi.dll
2008-10-16 13:12        561,688        ----a-w        c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12        323,608        ----a-w        c:\windows\system32\wucltui.dll
2008-10-16 13:12        323,608        ----a-w        c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09        92,696        ----a-w        c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09        92,696        ----a-w        c:\windows\system32\cdm.dll
2008-10-16 13:09        51,224        ----a-w        c:\windows\system32\wuauclt.exe
2008-10-16 13:09        51,224        ----a-w        c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09        43,544        ----a-w        c:\windows\system32\wups2.dll
2008-10-16 13:08        34,328        ----a-w        c:\windows\system32\wups.dll
2008-10-16 13:08        34,328        ----a-w        c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57        332,800        ------w        c:\windows\system32\dllcache\netapi32.dll
2008-10-05 12:16        107,888        ------w        c:\windows\system32\CmdLineExt.dll
2008-10-05 11:23        ---------        d-----w        c:\programme\Skype
2008-10-05 11:23        ---------        d-----w        c:\programme\Gemeinsame Dateien\Skype
2008-10-05 11:23        ---------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2008-10-03 16:58        6,066,176        ------w        c:\windows\system32\dllcache\ieframe.dll
2008-10-03 16:06        22,404,904        ------w        c:\programme\SkypeSetup.exe
2008-10-03 13:34        625,032        ----a-w        c:\windows\system32\SymNeti.dll
2008-10-03 13:34        242,056        ----a-w        c:\windows\system32\SymRedir.dll
2008-10-03 13:14        39,984        ----a-w        c:\windows\system32\drivers\symids.sys
2008-10-03 13:14        37,936        ----a-w        c:\windows\system32\drivers\symndisv.sys
2008-10-03 13:14        35,120        ----a-w        c:\windows\system32\drivers\symndis.sys
2008-10-03 13:14        27,696        ----a-w        c:\windows\system32\drivers\symredrv.sys
2008-10-03 13:14        187,952        ----a-w        c:\windows\system32\drivers\symtdi.sys
2008-10-03 13:14        146,096        ----a-w        c:\windows\system32\drivers\symfw.sys
2008-10-03 13:14        12,848        ----a-w        c:\windows\system32\drivers\symdns.sys
2008-10-03 13:14        10,804        ----a-w        c:\windows\system32\drivers\SymRedir.cat
2008-10-03 13:14        1,358        ----a-w        c:\windows\system32\drivers\SymRedir.inf
2008-09-30 19:51        ---------        d-----w        c:\programme\Norton Internet Security
2008-09-30 19:48        805        ----a-w        c:\windows\system32\drivers\SYMEVENT.INF
2008-09-30 19:48        60,800        ----a-w        c:\windows\system32\S32EVNT1.DLL
2008-09-30 19:48        123,952        ----a-w        c:\windows\system32\drivers\SYMEVENT.SYS
2008-09-30 19:48        10,671        ----a-w        c:\windows\system32\drivers\SYMEVENT.CAT
2008-09-30 19:48        ---------        d-----w        c:\programme\Symantec
2008-09-30 15:43        1,286,152        ----a-w        c:\windows\system32\msxml4.dll
2008-09-30 06:53        ---------        d-----w        c:\dokumente und einstellungen\lisa\Anwendungsdaten\Intel
2008-09-25 16:18        ---------        d--h--w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{593AE249-88A6-426E-9558-1B3C6FFA4D0B}
2008-09-25 16:18        ---------        d-----w        c:\programme\Tele2
2008-09-15 15:13        1,847,040        ------w        c:\windows\system32\win32k.sys
2008-09-13 15:25        21,840        -----tw        c:\windows\system32\SIntfNT.dll
2008-09-13 15:25        17,212        -----tw        c:\windows\system32\SIntf32.dll
2008-09-13 15:25        12,067        -----tw        c:\windows\system32\SIntf16.dll
2008-09-04 16:43        1,106,944        ----a-w        c:\windows\system32\msxml3.dll
2008-08-29 19:06        1,350,664        ----a-w        c:\windows\system32\msxml6.dll
2008-08-29 09:18        87,336        ----a-w        c:\windows\system32\dns-sd.exe
2008-08-29 08:53        61,440        ----a-w        c:\windows\system32\dnssd.dll
2008-08-28 10:04        333,056        ------w        c:\windows\system32\dllcache\srv.sys
2008-08-27 08:57        3,593,216        ------w        c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38        13,824        ------w        c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37        70,656        ------w        c:\windows\system32\dllcache\ie4uinit.exe
2008-03-20 07:30        32,768        --sh--w        c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008032020080321\index.dat
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-29 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-17 81920]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\programme\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Lexmark X1100 Series"="c:\programme\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]
"nwiz"="nwiz.exe" [2007-05-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\lisa\Startmen\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2008-03-20 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 22:17 89600 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 08:37 34344 c:\programme\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 03:06 28672 c:\programme\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-03-27 19:51 32768 c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Anno 1701\\Anno1701.exe"=
"c:\\Programme\\Tele2\\Installer_COMPLETE\\Installer_Complete.exe"=
"c:\\Programme\\Tele2\\SupportCenter\\SupportCenter.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-03-20 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2008-03-20 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-03-20 4442]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-03-20 554352]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 569344]
R3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2008-03-20 81920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c720730-535c-11dd-b5bf-001cbf9f54ed}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6298b104-73b1-11dd-b5cf-001cbf9f54ed}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{838ab286-f8e6-11dc-b578-001cbf9f54ed}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c0b7e7-b624-11dd-b5fd-001cbf9f54ed}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c5d2c79-35e0-11dd-b5b7-001cbf9f54ed}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15f7a48-825a-11dd-b5d8-001cbf9f54ed}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-25 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]

2008-11-24 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - lisa.job
- c:\programme\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 02:09]

2008-11-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-19 17:14]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 19:14:35
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1468)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkPad\ConnectUtilities\ACGina.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACON.dll
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\scardsvr.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Lenovo\System Update\SUService.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\ZOOM\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programme\Lexmark X1100 Series\lxbkbmon.exe
c:\programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-11-25 19:17:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2008-11-25 18:17:21

Vor Suchlauf: 21 Verzeichnis(se), 23.820.509.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 23,972,556,800 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

349        --- E O F ---        2008-11-25 10:13:34

LisaG 25.11.2008 19:27
listing8:

File-Upload.net - listing.txt

LisaG 25.11.2008 19:32
so jetzt noch die umbenannte HJ-file:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:31, on 25.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programme\Safari\Safari.exe
C:\Dokumente und Einstellungen\lisa\Desktop\qlketzd.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) -  - c:\programme\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 16308 bytes

so jetzt ist die liste abgearbeitet - und soweit funktioniert noch alles - glaub ich zumindest...
was meist du - hat sich was verbessert oder muss ich :snyper:...
lg

LisaG 25.11.2008 19:57
Dieses "RON Tool Offersfortoday" ist auf jeden Fall noch immer als installierte software verzeichnet und kann nicht gelöscht werden - bis jetzt gabs aber noch keine auto-pop-ups...

cosinus 25.11.2008 20:36
Code:
C:\pajek
C:\Programme\Pajek
Pajek? Was ist das? :confused:

Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen:
Code:
c:\windows\system32\jlpqyqtwsn.dll-uninst.exe
c:\windows\system32\qcodxvakgkf.exe
C:\DOKUME~1\lisa\LOKALE~1\temp\rtdrvmon.exe
Danach:

Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
files to delete:
c:\windows\system32\jlpqyqtwsn.dll-uninst.exe
c:\windows\system32\qcodxvakgkf.exe
C:\DOKUME~1\lisa\LOKALE~1\temp\rtdrvmon.exe
C:\WINDOWS\Tasks\PMTask.job
C:\WINDOWS\Tasks\SA.DAT
http://mitglied.lycos.de/efunction/tb/avenger.png
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.
  • Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe - editiere die Links und privaten Infos!!

LisaG 25.11.2008 20:41
Pajek ist ein programm zur netzwerkanalyse - nichts böses also

cosinus 25.11.2008 20:41
Zitat:
Zitat von LisaG (Beitrag 394841)
Pajek ist ein programm zur netzwerkanalyse - nichts böses also
Ok, kannte ich noch nicht :)

LisaG 25.11.2008 20:51
so... virus total:

Code:
Datei jlpqyqtwsn.dll-uninst.exe empfangen 2008.11.25 20:47:59 (CET)
Status: Beendet
Ergebnis: 1/37 (2.71%)
  Filter
Drucken der Ergebnisse 
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2008.11.24.3        2008.11.25        -
AntiVir        7.9.0.35        2008.11.25        -
Authentium        5.1.0.4        2008.11.25        -
Avast        4.8.1281.0        2008.11.24        -
AVG        8.0.0.199        2008.11.25        -
BitDefender        7.2        2008.11.25        -
CAT-QuickHeal        10.00        2008.11.25        -
ClamAV        0.94.1        2008.11.25        -
DrWeb        4.44.0.09170        2008.11.25        -
eSafe        7.0.17.0        2008.11.25        -
eTrust-Vet        31.6.6227        2008.11.25        -
Ewido        4.0        2008.11.25        -
F-Prot        4.4.4.56        2008.11.25        -
F-Secure        8.0.14332.0        2008.11.25        -
Fortinet        3.117.0.0        2008.11.25        -
GData        19        2008.11.25        -
Ikarus        T3.1.1.45.0        2008.11.25        -
K7AntiVirus        7.10.533        2008.11.25        -
Kaspersky        7.0.0.125        2008.11.25        -
McAfee        5445        2008.11.25        -
McAfee+Artemis        5445        2008.11.25        -
Microsoft        1.4104        2008.11.25        -
NOD32        3640        2008.11.25        -
Norman        5.80.02        2008.11.25        -
Panda        9.0.0.4        2008.11.25        -
PCTools        4.4.2.0        2008.11.25        Trojan.Pakes!sd6
Prevx1        V2        2008.11.25        -
Rising        21.05.12.00        2008.11.25        -
SecureWeb-Gateway        6.7.6        2008.11.25        -
Sophos        4.35.0        2008.11.25        -
Sunbelt        3.1.1823.2        2008.11.22        -
Symantec        10        2008.11.25        -
TheHacker        6.3.1.1.162        2008.11.25        -
TrendMicro        8.700.0.1004        2008.11.25        -
VBA32        3.12.8.9        2008.11.25        -
ViRobot        2008.11.25.1485        2008.11.25        -
VirusBuster        4.5.11.0        2008.11.25        -
weitere Informationen
File size: 84310 bytes
MD5...: 1532a88c79ecaa85d4fa7795d432f07b
SHA1..: fe0f5ec8473b746a97feaecdbb54d7eaa648f169
SHA256: 731141446ccc9cda32d0cc007196651936575abe51a24d81740a6e4865eb610b
SHA512: cee5d6fc089ded158dbe0cb73167f95c15d3d7e7dc9ef20c472b79fc453b5f2c
53be84c504801bb3a0409fbb3ea735af34f4b926f337ea8dd8bf53772a9a4d56
ssdeep: 1536:GRvLphwAO2PH1srwmJIe2BalMTns3p1yc+v6MwiVoqvGv:GlpOI2wmJIWp1
y/vXwuo7
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403228
timedatestamp.....: 0x48efcdbf (Fri Oct 10 21:48:47 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5ac0 0x5c00 6.48 7f9f3d20cb836b74a551c2b25f308d2f
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x3997d8 0x400 4.71 831527cd097dfd3ec0ab4666ab81e7d3
.ndata 0x3a3000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3ad000 0x4170 0x4200 6.41 59c6fbf5e62caf2da599c468d70951c7

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1532a88c79ecaa85d4fa7795d432f07b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1532a88c79ecaa85d4fa7795d432f07b</a>

LisaG 25.11.2008 20:57
Code:
Datei qcodxvakgkf.exe empfangen 2008.11.25 20:53:26 (CET)
Status: Beendet
Ergebnis: 6/37 (16.22%)
  Filter
Drucken der Ergebnisse 
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2008.11.24.3        2008.11.25        -
AntiVir        7.9.0.35        2008.11.25        -
Authentium        5.1.0.4        2008.11.25        -
Avast        4.8.1281.0        2008.11.24        -
AVG        8.0.0.199        2008.11.25        -
BitDefender        7.2        2008.11.25        -
CAT-QuickHeal        10.00        2008.11.25        -
ClamAV        0.94.1        2008.11.25        -
DrWeb        4.44.0.09170        2008.11.25        -
eSafe        7.0.17.0        2008.11.25        Win32.Pakes.lth
eTrust-Vet        31.6.6227        2008.11.25        -
Ewido        4.0        2008.11.25        -
F-Prot        4.4.4.56        2008.11.25        -
F-Secure        8.0.14332.0        2008.11.25        -
Fortinet        3.117.0.0        2008.11.25        -
GData        19        2008.11.25        -
Ikarus        T3.1.1.45.0        2008.11.25        AdWare.Win32.AdRotator
K7AntiVirus        7.10.533        2008.11.25        -
Kaspersky        7.0.0.125        2008.11.25        -
McAfee        5445        2008.11.25        -
McAfee+Artemis        5445        2008.11.25        Generic!Artemis
Microsoft        1.4104        2008.11.25        Adware:Win32/AdRotator
NOD32        3640        2008.11.25        -
Norman        5.80.02        2008.11.25        -
Panda        9.0.0.4        2008.11.25        -
PCTools        4.4.2.0        2008.11.25        Trojan.Pakes!sd6
Prevx1        V2        2008.11.25        -
Rising        21.05.12.00        2008.11.25        -
SecureWeb-Gateway        6.7.6        2008.11.25        -
Sophos        4.35.0        2008.11.25        -
Sunbelt        3.1.1823.2        2008.11.22        -
Symantec        10        2008.11.25        -
TheHacker        6.3.1.1.162        2008.11.25        -
TrendMicro        8.700.0.1004        2008.11.25        TROJ_DLOADR.ZHG
VBA32        3.12.8.9        2008.11.25        -
ViRobot        2008.11.25.1485        2008.11.25        -
VirusBuster        4.5.11.0        2008.11.25        -
weitere Informationen
File size: 47897 bytes
MD5...: 63cc9a26055446b62d2f682f37c1c6f9
SHA1..: 897770f352b2dd42783169baf441e631a4140c02
SHA256: cb70a00d17df5174bb6b2dc05be4cba3328415b2e0804c88088eb381208d6a9b
SHA512: fce119f903f9b0c5d702b91a1c66c3251996ea2d7695babcf510f3fbf64fb33c
1614de37809de699fc81019214f00ab66a88fc9d2c37da512e8c5d302bda375d
ssdeep: 768:SSup23EQCjlQRB8/ewZ1iU6nyYFxbssT/F/O71mJ5TJRn0D5X7irNxnos2BT
8izL:Hu4EQalMK/ewGnh0mJ6lX7MfKB4nK
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x48efcdc9 (Fri Oct 10 21:48:57 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5976 0x5a00 6.47 335c19bb25cd1d02eec2b0a4eacb979c
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.69 59710519e577598f785044e4d95261f4
.ndata 0x24000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x31000 0x908 0xa00 3.85 c8a7e34036e84f6de6309bd5eacecfa0

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63cc9a26055446b62d2f682f37c1c6f9' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63cc9a26055446b62d2f682f37c1c6f9</a>

LisaG 25.11.2008 21:01
Code:
Datei rtdrvmon.exe empfangen 2008.11.25 20:59:19 (CET)
Status: Beendet
Ergebnis: 0/37 (0%)
  Filter
Drucken der Ergebnisse 
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2008.11.24.3        2008.11.25        -
AntiVir        7.9.0.35        2008.11.25        -
Authentium        5.1.0.4        2008.11.25        -
Avast        4.8.1281.0        2008.11.24        -
AVG        8.0.0.199        2008.11.25        -
BitDefender        7.2        2008.11.25        -
CAT-QuickHeal        10.00        2008.11.25        -
ClamAV        0.94.1        2008.11.25        -
DrWeb        4.44.0.09170        2008.11.25        -
eSafe        7.0.17.0        2008.11.25        -
eTrust-Vet        31.6.6227        2008.11.25        -
Ewido        4.0        2008.11.25        -
F-Prot        4.4.4.56        2008.11.25        -
F-Secure        8.0.14332.0        2008.11.25        -
Fortinet        3.117.0.0        2008.11.25        -
GData        19        2008.11.25        -
Ikarus        T3.1.1.45.0        2008.11.25        -
K7AntiVirus        7.10.533        2008.11.25        -
Kaspersky        7.0.0.125        2008.11.25        -
McAfee        5445        2008.11.25        -
McAfee+Artemis        5445        2008.11.25        -
Microsoft        1.4104        2008.11.25        -
NOD32        3640        2008.11.25        -
Norman        5.80.02        2008.11.25        -
Panda        9.0.0.4        2008.11.25        -
PCTools        4.4.2.0        2008.11.25        -
Prevx1        V2        2008.11.25        -
Rising        21.05.12.00        2008.11.25        -
SecureWeb-Gateway        6.7.6        2008.11.25        -
Sophos        4.35.0        2008.11.25        -
Sunbelt        3.1.1823.2        2008.11.22        -
Symantec        10        2008.11.25        -
TheHacker        6.3.1.1.162        2008.11.25        -
TrendMicro        8.700.0.1004        2008.11.25        -
VBA32        3.12.8.9        2008.11.25        -
ViRobot        2008.11.25.1485        2008.11.25        -
VirusBuster        4.5.11.0        2008.11.25        -
weitere Informationen
File size: 40960 bytes
MD5...: 945d09c0925f771f907dee3d0452ecf4
SHA1..: ff415844573771abfe90ee7b5639ac033b319df3
SHA256: d1474290ca3f07d43c65d7d79d70816b3a60c5cf0afa4c8db2a7b81f236b98a5
SHA512: 3e2ecef97f13657b2ce74de1b1e4cab359208058c4404557ba7da8d168d19c88
4931f2244920aa09234a56013ce9990be32440569ff4a511203cef70dc2fbd1b
ssdeep: 384:i33fjJxKyAbfaxC0WUUq/xh4l7t2yvG1WVg0FDoa:I3fFxKyIaY/UW2310BF
Doa
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4014bf
timedatestamp.....: 0x3d06b9b7 (Wed Jun 12 03:02:15 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3a6c 0x4000 6.29 e3fff0e0ed64a8be46f15ad1433ba10c
.rdata 0x5000 0x8e6 0x1000 3.57 cea5d63f4a457a8c82ecc5a0d2c115e7
.data 0x6000 0x2a1c 0x3000 0.43 c05e51030a9b90b3f791d5cb86ed891b
.rsrc 0x9000 0x3b8 0x1000 0.97 3a61b79be370d6a074929060f1e655b8

( 1 imports )
> KERNEL32.dll: GetLastError, ReadFile, WriteFile, CreateFileA, GetExitCodeProcess, OpenProcess, WaitForMultipleObjects, ResetEvent, CloseHandle, CreateSemaphoreA, SetEvent, WaitForSingleObject, CreateEventA, SetPriorityClass, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, LCMapStringA, LCMapStringW

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=945d09c0925f771f907dee3d0452ecf4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=945d09c0925f771f907dee3d0452ecf4</a>

LisaG 25.11.2008 21:11
Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\jlpqyqtwsn.dll-uninst.exe" deleted successfully.
File "c:\windows\system32\qcodxvakgkf.exe" deleted successfully.
File "C:\DOKUME~1\lisa\LOKALE~1\temp\rtdrvmon.exe" deleted successfully.
File "C:\WINDOWS\Tasks\PMTask.job" deleted successfully.
File "C:\WINDOWS\Tasks\SA.DAT" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

LisaG 25.11.2008 21:15
so jetzt noch der neue dingens... - werd langsam richtig geübt... danke übrigens für deine hilfe:party:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:51, on 25.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Safari\Safari.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Dokumente und Einstellungen\lisa\Eigene Dateien\Anti-Monster-Action\qlketzd.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) -  - c:\programme\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 16302 bytes

LisaG 25.11.2008 21:39
RON ist tot!!:singsing: - und hat sich aus meiner software-liste verzogen:taenzer:....

LisaG 25.11.2008 21:53
Zitat:
Zitat von root24 (Beitrag 394842)
Ok, kannte ich noch nicht :)
ham son paar tüftler entwickelt - habs über die uni-wien bekommen - kann man ganz spaßige sachen mit machen


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:35 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132