Internet Explorer startet im Hintergrund und spielt Reklame

john.doe · 16.09.2009, 22:21

Hallo und

Du hast kein Swizzor, deshalb nützt dir die Entfernung von Swizzor recht wenig.

Trojan.Qhost.AKR

=> http://www.trojaner-board.de/51187-a...i-malware.html (benenne es um in moppel.exe)

=> http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

babyhermann · 18.09.2009, 22:48

Zitat:

Zitat von john.doe

Hallo und

Du hast kein Swizzor, deshalb nützt dir die Entfernung von Swizzor recht wenig.

Trojan.Qhost.AKR

=> http://www.trojaner-board.de/51187-a...i-malware.html (benenne es um in moppel.exe)

=> http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

Hi Andreas!

Naaa, das wusste ich doch, wollt Dich nur mal testen

Ok, Spass beiseite, die Symptome sahen sich so ähnlich, dass ich es für Swizzor hielt.

Danke erstmal für die schnelle Hilfe und die Willkommensgrüsse

Habe die scans durchgeführt, aber anti-malwarebyte habe ich erst in Safemode zum laufen gekriegt. Ansonsten wurde es immer unterdrückt, egal ob ich es umbenannte oder nicht.

Kann noch nicht sagen, ob es geklappt hat, aber bis jetzt scheint alles ok.

Riesigen Dank für's erste. Hier die Resultate, sag Bescheid wenn Dir was auffällt:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)

9/17/2009 10:58:09 PM
mbam-log-2009-09-17 (22-58-09).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 208879
Laufzeit: 58 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
\\?\globalroot\systemroot\system32\UACtnofrxnscm.dll (Trojan.Agent) -> Delete on reboot.
\\?\globalroot\systemroot\system32\UACjaypiboeig.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
\\?\globalroot\systemroot\system32\UACtnofrxnscm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\system32\UACjaypiboeig.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

______

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-18 00:28:42
Windows 5.1.2600 Service Pack 3
Running: rq8uhgi1.exe; Driver: C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\awwcqpod.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766187E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xEE542B4C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xEE542C3A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7661BFE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xEE542AB0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:48 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christiankaulbach.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Moppel\moppel.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11004 bytes

john.doe · 21.09.2009, 19:44

Hast du mit nLite gearbeitet?

ciao, andreas

babyhermann · 21.09.2009, 21:06

Nope, nicht bewusst zumindest...

/Christian

john.doe · 22.09.2009, 15:55

Die hier vorgestellten Programme benötigt Windows nicht unbedingt.
Bitte unter Start => Systemsteuerung => Software => Ändern/Entfernen... deinstallieren.

Selbst wenn du ein sicheres P2P Programm verwendest, ist es nur das Programm, das sicher ist. Du wirst Daten von unsicheren Quellen teilen und diese sind häufig infiziert.

Also BitTornado und DC++ bitte sofort deinstallieren, ansonsten sind alle weiteren Schritte eher sinnlos.

1.) Deinstalliere (die Hälfte der Einträge musste ich googlen, alleine bei der Beschreibung für einige Programme, ist mir schlecht geworden):

Ad-Aware
Adobe Reader 8.1.2
BitTornado 0.3.17
Choice Guard (Oder wurde das etwa bewusst installiert?)
DC++ 0.750
Java(TM) 6 Update 11
Message Center Plus

Die Hälfte der Nokia und Thinkpad-Software halte ich auch für entbehrlich.

2.) Installiere (Toolbars immer abwählen, Haken weg):

3.) Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 2.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).

4.) Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, O2, O3, O8, O9, O16 und O20-Einträge
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')			Nicht bekanntes Programm. 
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

=> Fix checked => Neustart => Neues HJT-Log posten

ciao, andreas

babyhermann · 22.09.2009, 22:45

Haha, schlecht geworden?! Ich hätte nicht gedacht, dass meine Installationen anderen so sehr auf's Gemüt schlagen könnten

Eine Sache: "Choice Guard (Oder wurde das etwa bewusst installiert?)" --> Ist nicht installiert meines Wissens nach und auf jeden Fall nicht bewusst von mir. Weder Revo noch Windows uninstall zeigen mir das Programm an...

Anyway, ich setz mich morgen mit Deiner Anleitung auseinander und melde mich dann. Nochmals allerherzlichsten Dank für Deine Hilfe, schätze sie sehr.

Bis denn,
Christian

john.doe · 22.09.2009, 22:54

Zitat:

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Start => Ausführen => MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} => OK

ciao, andreas

babyhermann · 28.09.2009, 22:52

Hi Andreas,

Sorry, dass es ne Weile gedauert hat, ich musste kurzfristig auf Geschäftsreise

Aaaaalso, jetzt habe ich alles durch, hier die Ergebnisse:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for IBM ThinkPad
USER : Administrator ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:24 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:11 Go)
E:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Mon 09/28/2009|23:29 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Geloescht ! - C:\DOCUME~1\ADMINI~1.EXP\Cookies\administrator@partypoker[2].txt
-
[ Hosts Datei ] .. Wiederhergestellt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Ordner Verzeichnis unter APPLIC~1

[07/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[07/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[07/01/2008|08:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/01/2008|08:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[08/10/2008|02:44] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> .BitTornado
[08/20/2008|09:59] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Adobe
[08/29/2008|12:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ArcSoft
[08/05/2008|08:43] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ATI
[08/26/2008|08:55] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Avaya
[11/06/2008|10:32] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> BitDefender
[09/07/2008|05:28] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Canon
[08/28/2008|11:22] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Creative
[09/28/2009|10:10] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> DC++
[06/01/2009|08:28] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Downloaded

Installations
[09/28/2009|11:08] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Foxit
[08/07/2008|05:55] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Google
[03/14/2009|11:56] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Heitmeijer
[08/30/2008|01:07] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Help
[08/05/2008|09:21] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> IBM
[07/01/2008|11:42] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Identities
[08/04/2008|05:52] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Macromedia
[09/17/2009|09:56] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Malwarebytes
[06/14/2009|08:35] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ManyCam
[08/17/2008|09:47] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Media Player Classic
[04/07/2009|08:59] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Microsoft
[01/25/2009|04:29] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Mozilla
[07/17/2009|09:22] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Nokia
[07/18/2009|04:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Nseries
[07/17/2009|09:34] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> PC Suite
[09/22/2009|12:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Skype
[09/21/2009|10:17] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> skypePM
[08/07/2008|05:51] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Sun
[04/26/2009|01:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> TVU networks
[08/28/2009|07:00] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> VSRevoGroup
[09/14/2009|11:09] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Winamp
[01/10/2009|03:05] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> WinRAR
[06/14/2009|08:11] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Yahoo!

[07/01/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[09/28/2009|10:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Adobe
[11/06/2008|10:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> BitDefender
[01/18/2009|06:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> FLEXnet
[08/11/2008|09:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> IBM
[08/29/2009|12:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Installations
[09/28/2009|10:04] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lavasoft
[09/28/2009|10:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lenovo
[09/17/2009|09:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Malwarebytes
[07/18/2009|04:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft
[08/17/2008|04:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft Help
[07/18/2009|09:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Nokia
[07/17/2009|09:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NokiaMusic
[08/21/2008|07:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NOS
[07/18/2009|04:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PC Suite
[01/19/2009|11:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Rosetta Stone
[09/21/2009|10:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Skype
[05/22/2009|12:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TVU Networks
[08/17/2008|09:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Winamp Toolbar
[09/24/2009|10:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> WinZip
[06/14/2009|05:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Yahoo!

[07/01/2008|08:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\<DIR> Microsoft

[07/01/2008|08:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft

[07/01/2008|08:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft

--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks

[09/26/2009 03:30 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[09/28/2009 11:01 PM][--a--c---] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[09/28/2009 11:05 PM][--a--c---] C:\WINDOWS\tasks\PMTask.job
[09/28/2009 11:04 PM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/06/2008 02:00 PM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[08/05/2008|07:10] C:\Program Files\<DIR> Analog Devices
[08/05/2008|08:40] C:\Program Files\<DIR> ATI Technologies
[11/06/2008|10:31] C:\Program Files\<DIR> BitDefender
[01/27/2009|10:41] C:\Program Files\<DIR> BOOMBox Radio Player
[08/05/2008|07:59] C:\Program Files\<DIR> Broadcom
[09/04/2008|09:52] C:\Program Files\<DIR> Canon
[09/16/2009|08:26] C:\Program Files\<DIR> CCleaner
[09/28/2009|10:12] C:\Program Files\<DIR> Common Files
[07/01/2008|08:30] C:\Program Files\<DIR> ComPlus Applications
[08/05/2008|09:10] C:\Program Files\<DIR> CONEXANT
[08/28/2008|11:36] C:\Program Files\<DIR> Creative
[08/28/2008|11:14] C:\Program Files\<DIR> Creative Installation Information
[07/18/2009|09:10] C:\Program Files\<DIR> DIFX
[08/05/2008|09:11] C:\Program Files\<DIR> Digital Line Detect
[06/21/2009|01:27] C:\Program Files\<DIR> DivX
[08/17/2008|07:12] C:\Program Files\<DIR> FLAC
[09/28/2009|11:21] C:\Program Files\<DIR> Foxit Software
[03/14/2009|10:24] C:\Program Files\<DIR> FTP Commander
[06/14/2009|08:18] C:\Program Files\<DIR> Google
[03/14/2009|11:56] C:\Program Files\<DIR> Heitmeijer
[08/05/2008|08:20] C:\Program Files\<DIR> IBM
[03/15/2009|12:58] C:\Program Files\<DIR> InstallShield Installation Information
[07/01/2008|10:23] C:\Program Files\<DIR> Intel
[09/28/2009|11:03] C:\Program Files\<DIR> Internet Explorer
[09/28/2009|11:25] C:\Program Files\<DIR> Java
[09/28/2009|10:18] C:\Program Files\<DIR> Lenovo
[01/08/2009|11:28] C:\Program Files\<DIR> MagicDisc
[11/06/2008|10:15] C:\Program Files\<DIR> MagicISO
[06/14/2009|08:35] C:\Program Files\<DIR> ManyCam 2.4
[04/07/2009|08:59] C:\Program Files\<DIR> Microsoft
[08/10/2008|05:17] C:\Program Files\<DIR> Microsoft Expression
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Office
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Visual Studio
[08/10/2008|05:04] C:\Program Files\<DIR> Microsoft Visual Studio 8
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Works
[08/10/2008|05:06] C:\Program Files\<DIR> Microsoft.NET
[08/29/2009|03:11] C:\Program Files\<DIR> Mio Technology
[09/17/2009|09:42] C:\Program Files\<DIR> Moppel
[09/28/2009|11:27] C:\Program Files\<DIR> Mozilla Firefox
[07/17/2009|08:57] C:\Program Files\<DIR> MSBuild
[07/17/2009|09:18] C:\Program Files\<DIR> MSXML 6.0
[08/29/2008|12:03] C:\Program Files\<DIR> My Book
[07/01/2008|11:37] C:\Program Files\<DIR> NetMeeting
[08/05/2008|09:10] C:\Program Files\<DIR> NetWaiting
[08/29/2009|12:53] C:\Program Files\<DIR> Nokia
[08/21/2008|07:43] C:\Program Files\<DIR> NOS
[07/01/2008|08:30] C:\Program Files\<DIR> Online Services
[07/01/2008|08:35] C:\Program Files\<DIR> Opera
[07/01/2008|11:37] C:\Program Files\<DIR> Outlook Express
[07/17/2009|08:56] C:\Program Files\<DIR> Reference Assemblies
[08/29/2009|02:53] C:\Program Files\<DIR> Replay Music 3
[01/18/2009|06:31] C:\Program Files\<DIR> Rosetta Stone
[09/21/2009|10:14] C:\Program Files\<DIR> Skype
[08/05/2008|07:48] C:\Program Files\<DIR> Synaptics
[03/15/2009|12:58] C:\Program Files\<DIR> Team Craxtion
[08/05/2008|08:22] C:\Program Files\<DIR> ThinkPad
[09/10/2009|11:27] C:\Program Files\<DIR> Trend Micro
[07/01/2008|11:41] C:\Program Files\<DIR> Uninstall Information
[06/14/2009|04:38] C:\Program Files\<DIR> VS Revo Group
[06/14/2009|07:45] C:\Program Files\<DIR> Webcam
[04/07/2009|08:59] C:\Program Files\<DIR> Windows Live SkyDrive
[08/17/2008|09:31] C:\Program Files\<DIR> Windows Media Connect 2
[08/29/2009|02:05] C:\Program Files\<DIR> Windows Media Player
[07/01/2008|11:36] C:\Program Files\<DIR> Windows NT
[07/01/2008|11:38] C:\Program Files\<DIR> WindowsUpdate
[01/10/2009|03:04] C:\Program Files\<DIR> WinRAR
[08/17/2008|09:48] C:\Program Files\<DIR> XviD
[06/14/2009|08:23] C:\Program Files\<DIR> Yahoo!

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[08/29/2008|12:03] C:\Program Files\Common Files\<DIR> ArcSoft
[11/06/2008|10:31] C:\Program Files\Common Files\<DIR> BitDefender
[08/28/2008|11:14] C:\Program Files\Common Files\<DIR> Creative
[08/10/2008|05:07] C:\Program Files\Common Files\<DIR> DESIGNER
[06/21/2009|01:27] C:\Program Files\Common Files\<DIR> DivX Shared
[08/05/2008|08:20] C:\Program Files\Common Files\<DIR> InstallShield
[09/28/2009|10:18] C:\Program Files\Common Files\<DIR> Lenovo
[01/18/2009|06:32] C:\Program Files\Common Files\<DIR> Macrovision Shared
[06/14/2009|05:27] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/01/2008|08:30] C:\Program Files\Common Files\<DIR> MSSoap
[07/17/2009|09:16] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/29/2009|12:53] C:\Program Files\Common Files\<DIR> Nokia
[07/01/2008|09:22] C:\Program Files\Common Files\<DIR> ODBC
[07/01/2008|11:37] C:\Program Files\Common Files\<DIR> Services
[09/21/2009|10:14] C:\Program Files\Common Files\<DIR> Skype
[07/01/2008|09:22] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/10/2008|05:04] C:\Program Files\Common Files\<DIR> System
[04/07/2009|08:53] C:\Program Files\Common Files\<DIR> Windows Live

--------------------\\ Process

( 61 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER

--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-28 23:31:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen

Kein anderen Infektionen gefunden !

[F:245][D:12]-> C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\ADMINI~1.EXP\Cookies
[F:140][D:6]-> C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 09/28/2009|23:32 - Option : [2]

--------------------\\ Scan beendet um 23:32:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:37 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Moppel\moppel.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7031 bytes

Wie sieht's aus?

Danke und Gruss,
Christian

john.doe · 29.09.2009, 16:27

Lösche den Ordner c:\rsit und poste neue RSIT-Logs.

ciao, andreas

Internet Explorer startet im Hintergrund und spielt Reklame

Plagegeister aller Art und deren Bekämpfung: Internet Explorer startet im Hintergrund und spielt Reklame