Browser lädt nicht obwohl Internetverbindung steht

#1 hallo zusammen,

seit 2 Tagen lädt der Browser die Webseiten nicht mehr, obwohl die Internetverbindung besteht. Auch ICQ funktioniert noch. Meistens tritt das Problem nach ein paar Stunden aktiver Onlinesitzungen auf. Hab mit Panda Internet Security nach Viren/Trojanern gesucht - außer Spyware wird nichts gefunden, bzw. Virenfunde wurden vor Auftreten des Problems gleich desinfiziert. Wo könnte das Problem liegen und wie kann mans beseitigen?

Über eure Hilfe wäre ich sehr dankbar

greetz LaCross

#2 Hallo LaCross,
verwendest du den IE ?
Dann lade erst mal als Zweitbrowser den Firefox - berichte, ob dort das Problem auch auftritt.
http://virus-protect.org/firefox.html

und poste ein Log vom HijackThis
http://virus-protect.org/hjtkurz.html
Beim Erststart:
Do a system scan and save a logfile - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und im Sicherheits-Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#3 hallo sabina,

nein, ich verwende den firefox, d.h. das problem tritt beim firefox auf.

hier die log-datei

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:48, on 20.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1176974160\ee\aolsoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\docoom\docoom backup\docoom.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\RapidSolution\Radiotracker\Radiotracker.exe
C:\Program Files\RapidSolution\Radiotracker\Podspider\PodSpiderU.exe
C:\Program Files\RadioRipper\RadioRipper.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\lacross\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176974160\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [docoom] "C:\Program Files\docoom\docoom backup\docoom.exe" /auto
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAB994F-9798-4AF2-96A7-65C27ACF6D3B}: NameServer = 192.168.122.252,192.168.122.253
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: docoom online S.L.: docoom backup update permissions manager. 12662. - Unknown owner - C:\Program Files\docoom\docoom backup\udocoom.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrvx86.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PskSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9814 bytes

danke :-)

lg lacross

#4 Hallo,

«
wende cleaner an, schliesse vorher den Firefox und lösche alle temp-Dateien
http://www.ccleaner.de/?protecus.de

«
tritt das Problem auch beim IE auf ?

«
wende combofix an , klicke die Warnmeldung weg + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 hallo sabina,

ich verwende ausschließlich den firefox, weiß also gar nciht, ob das problem mit dem ie auch besteht.

hier die log-datei von combofix:

ComboFix 08-05-20.5 - lacross 2008-05-21 23:32:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.203 [GMT 2:00]
ausgeführt von:: C:\Users\lacross\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\lsprst7.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-21 bis 2008-05-21 ))))))))))))))))))))))))))))))
.

2008-05-21 23:02 . 2008-05-21 23:02 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 17:15 . 2008-05-18 17:15 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Talkback
2008-05-06 08:34 . 2008-05-06 08:34 <DIR> d-------- C:\Program Files\WinPcap
2008-05-06 08:33 . 2008-05-06 08:33 <DIR> d-------- C:\Program Files\URLSnooper2
2008-04-26 12:20 . 2008-04-26 12:20 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Printer Info Cache
2008-04-26 12:20 . 2008-04-26 12:20 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Image Zone Express
2008-04-26 12:04 . 2008-04-26 12:04 <DIR> d-------- C:\Users\All Users\WEBREG
2008-04-26 12:04 . 2008-04-26 12:04 <DIR> d-------- C:\ProgramData\WEBREG
2008-04-26 11:55 . 2008-04-26 11:55 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-04-26 11:55 . 2008-04-26 11:55 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-04-26 11:51 . 2008-04-26 11:51 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-26 11:51 . 2008-04-26 11:51 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-26 11:50 . 2008-04-26 11:54 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-26 11:38 . 2008-04-26 11:55 <DIR> d-------- C:\Program Files\HP
2008-04-26 11:34 . 2008-05-03 18:34 164,247 --a------ C:\Windows\hpoins19.dat
2008-04-26 11:31 . 2008-04-26 12:01 <DIR> d-------- C:\Users\All Users\HP
2008-04-26 11:31 . 2008-04-26 12:01 <DIR> d-------- C:\ProgramData\HP
2008-04-26 11:31 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\SET2051.tmp
2008-04-26 11:31 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
2008-04-26 11:31 . 2006-12-16 08:19 573,440 --a------ C:\Windows\System32\SET22B4.tmp
2008-04-26 11:31 . 2006-12-16 08:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll
2008-04-26 11:31 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-04-26 11:31 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-04-26 11:31 . 2007-03-13 21:50 26,952 --a------ C:\Windows\hpomdl19.dat
2008-04-26 11:00 . 2008-04-26 12:06 <DIR> d-------- C:\Users\lacross\AppData\Roaming\HP
2008-04-25 15:21 . 2008-04-25 15:21 <DIR> d-------- C:\Users\lacross\.spss
2008-04-25 15:17 . 2008-04-25 15:17 <DIR> d-------- C:\Users\All Users\SafeNet Sentinel
2008-04-25 15:17 . 2008-04-25 15:17 <DIR> d-------- C:\ProgramData\SafeNet Sentinel
2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\Users\All Users\SPSS
2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\ProgramData\SPSS
2008-04-25 15:13 . 2008-04-25 21:11 <DIR> d-------- C:\Program Files\SPSSInc
2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\Program Files\Common Files\SPSS
2008-04-25 15:13 . 2008-04-25 15:13 1,025 --a------ C:\Windows\System32\sysprs7.tgz
2008-04-25 15:13 . 2008-04-25 15:13 1,025 --a------ C:\Windows\System32\sysprs7.dll
2008-04-25 15:13 . 2008-04-25 15:13 219 --a------ C:\Windows\System32\lsprst7.tgz
2008-04-25 15:13 . 2008-04-25 15:13 16 ---h----- C:\Windows\System32\servdat.slm
2008-04-25 15:11 . 2008-04-25 15:11 0 --a------ C:\law.sp
2008-04-24 13:54 . 2008-04-24 13:54 <DIR> d-------- C:\Program Files\CIB software GmbH
2008-04-24 13:48 . 2008-04-24 14:01 <DIR> d-------- C:\Users\lacross\AppData\Roaming\PDF reDirect
2008-04-24 08:52 . 2008-04-24 08:53 <DIR> d-------- C:\Program Files\Lexmark 2300 Series
2008-04-22 10:04 . 2008-04-22 10:04 <DIR> d-------- C:\Program Files\Free PDF to Word Doc Converter
2008-04-21 15:45 . 2008-04-21 16:11 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Azureus
2008-04-21 15:45 . 2008-04-21 16:11 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 21:30 266,884 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck
2008-05-21 21:30 266,884 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT
2008-05-21 21:30 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck
2008-05-21 21:30 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG
2008-05-19 11:49 --------- d-----w C:\Program Files\Panda Security
2008-05-16 06:44 --------- d-----w C:\Program Files\Windows Mail
2008-05-10 18:46 --------- d-----w C:\Program Files\Tobit ClipInc
2008-04-30 06:37 --------- d-----w C:\Program Files\Lx_cats
2008-04-28 13:16 1,541,896 ----a-w C:\Windows\CISUnins.exe
2008-04-28 13:16 1,541,896 ----a-w C:\Windows\CICUnins.exe
2008-04-24 11:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-18 18:23 --------- d-----w C:\Program Files\ICQ6
2008-04-15 20:04 --------- d-----w C:\Program Files\Winamp
2008-04-12 18:55 --------- d-----w C:\Users\lacross\AppData\Roaming\phonostar-Player
2008-04-11 12:34 --------- d-----w C:\Program Files\docoom
2008-04-11 12:28 --------- d-----w C:\ProgramData\Backup
2008-04-11 12:22 --------- d-----w C:\ProgramData\sentinel
2008-04-11 12:15 13,880 ----a-w C:\Windows\system32\drivers\COMFiltr.sys
2008-04-11 12:09 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-04-10 21:54 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-10 21:05 --------- d-----w C:\Users\lacross\AppData\Roaming\RadioRipper
2008-04-10 17:54 --------- d-----w C:\Program Files\RadioRipper
2008-04-10 16:08 174 --sha-w C:\Program Files\desktop.ini
2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Journal
2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Calendar
2008-04-10 16:00 --------- d-----w C:\Program Files\Windows Defender
2008-04-10 15:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-10 15:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-10 14:58 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-04-10 14:58 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-10 13:42 --------- d-----w C:\Program Files\Ratajik Software
2008-04-03 12:31 38,203 ----a-w C:\Users\lacross\.cxpg63spc.dat
2008-04-03 12:28 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-03 12:28 --------- d-----w C:\Program Files\Xpage Internet Studio 6 Special Edition
2008-04-03 11:31 --------- d-----w C:\Users\lacross\AppData\Roaming\KompoZer
2008-03-31 13:38 --------- d-----w C:\Users\lacross\AppData\Roaming\Winamp
2008-03-23 13:39 --------- d-----w C:\Program Files\Java
2008-03-23 13:34 --------- d-----w C:\Program Files\Common Files\Java
2008-03-21 18:39 --------- d-----w C:\Users\lacross\AppData\Roaming\streamripper
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-01-31 10:25 45,457,328 ----a-w C:\Users\lacross\cjr2300GE.exe
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-12-05 17:14 126976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2008-04-18 18:08 584704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1176974160\ee\AOLSoftware.exe" [2006-11-14 15:47 50736]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-20 08:20 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 15:54 16896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 22:34 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 05:21 83568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Skytel"="Skytel.exe" [2007-03-13 18:55 1822720 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-22 20:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-22 20:47 8425472]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-22 20:47 81920]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"docoom"="C:\Program Files\docoom\docoom backup\docoom.exe" [2007-09-29 09:10 1130496]
"LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 05:20 73728]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2008-04-18 18:08 584704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-16 13:13:18 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"= mscoree.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\Windows\system32\l3codecp.acm
"msacm.l3codec"= C:\Windows\system32\l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2ABC7FEF-6CA3-4EB0-8D50-9E7199EE45C7}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{43CB7469-0F77-4D4D-BB25-0EB62C62D7BC}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In
"{55D6AD31-FED6-4F68-A370-5D9701CEBAE0}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{137F19DF-8D4B-445D-BF9C-8C20B90D85D2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In
"{78F0B583-C009-41E5-BD3C-8C5C522B7BA0}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{70A286DC-C4A8-4291-AB15-D93FA54B2A8C}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{D992BD3E-7F0B-44DE-A393-049AA698D04F}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{0D6D1DE6-E5D0-412D-870E-9301C20A6080}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{90BE56F7-26CD-4ABD-B47F-4D92805BECA4}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{0C71AD5F-C6A0-4FA0-AD4D-74150BF7DD5D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{BAB348AC-1DD9-43CC-BB2E-B92B86DCC331}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{88EEA7C5-A1C8-48C4-9C7C-2DCA654CA25E}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{816CFA5F-4333-449A-87A8-E29667C395E1}C:\\program files\\fritz!dsl\\fritzdsl.exe"= UDP:C:\program files\fritz!dsl\fritzdsl.exe:FRITZ!web DSL
"UDP Query User{9014ECD6-7487-4FCB-8D28-3446A3CB5727}C:\\program files\\fritz!dsl\\fritzdsl.exe"= TCP:C:\program files\fritz!dsl\fritzdsl.exe:FRITZ!web DSL
"TCP Query User{E369BDBC-7081-455B-ADA7-E726FCA21429}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{188575AA-B409-46DC-994E-E247E432FA8E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9BDBE254-13BD-47D8-88DB-EA9EE36C621C}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECAE4BD8-AF3C-489F-B580-C1DC20331E56}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{004F1015-9CB7-4868-9170-244FAF3581A5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{618D0D14-8823-4831-8EFF-C358FA632554}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6B515530-E8A7-4746-AD55-A16E82ACCE55}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= UDP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole
"UDP Query User{B9CD8D66-C402-428C-A6B6-07492E2D99A2}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= TCP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole
"TCP Query User{502BDE50-B279-4252-9803-66CCB37F7FC9}C:\\program files\\xpage internet studio 6 special edition\\jre\\bin\\javaw.exe"= UDP:C:\program files\xpage internet studio 6 special edition\jre\bin\javaw.exe:javaw
"UDP Query User{FE64E1A9-2617-4D09-BD70-FAA3DF8B7934}C:\\program files\\xpage internet studio 6 special edition\\jre\\bin\\javaw.exe"= TCP:C:\program files\xpage internet studio 6 special edition\jre\bin\javaw.exe:javaw
"TCP Query User{F734DE06-466A-4CF4-9C2F-BF731170D7D5}C:\\program files\\radioripper\\radioripper.exe"= UDP:C:\program files\radioripper\radioripper.exe:RadioRipper
"UDP Query User{C51FC483-3D10-4496-A0E7-CD967951E682}C:\\program files\\radioripper\\radioripper.exe"= TCP:C:\program files\radioripper\radioripper.exe:RadioRipper
"{D2322FDC-52C9-47B8-AC7A-A8BCBFED5909}"= UDP:C:\Windows\System32\lxcgcoms.exe:Lexmark Communications System
"{5F353420-1C2F-4059-819F-D16BA29F703D}"= TCP:C:\Windows\System32\lxcgcoms.exe:Lexmark Communications System
"{EF997D64-CD7A-4DF6-8AE5-99C519E4B9D2}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxcgpswx.exerinter Status Window
"{9E7B7CAA-59FC-4C57-AD69-9F61328A6A1C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxcgpswx.exerinter Status Window
"{279BBD73-BCAF-4089-9318-F259E50C7465}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\spss.exe:SPSS 16.0 Evaluation Version (1033:exe)
"{F5471853-5307-4439-BF08-2F6BED5B45E9}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{AB6F966A-A0EF-4CE6-9DBA-31BA491E6F97}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\spss.com:SPSS 16.0 Evaluation Version (1033:com)
"{CC589001-FB68-4F97-94B8-CB6D1554F0FA}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\spss.exe:SPSS 16.0 Evaluation Version (1033:exe)
"{0A9E1E80-81AF-4172-BF50-C47ED85F3180}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{F0B49FDE-1AFA-4833-A0B1-A2038D95DC27}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\spss.com:SPSS 16.0 Evaluation Version (1033:com)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 00:23]
R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 aadev;AVM ADSL Adapter Device;C:\Windows\system32\DRIVERS\aadev.sys [2004-04-28 09:58]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]
R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 []
R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 []
R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 []
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2008-04-11 14:15]
R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 docoom online S.L.: docoom backup update permissions manager. 12662.;docoom online S.L.: docoom backup update permissions manager. 12662.;C:\Program Files\docoom\docoom backup\udocoom.exe [2007-05-14 15:57]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Internet Security 2008\PskSvc.exe" [2007-03-21 19:32]
R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2004-06-11 02:00]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\Windows\system32\DRIVERS\NETFWDSL.SYS [2004-04-28 10:03]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-01-25 19:31]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 23:37:22
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????
??????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-21 23:38:21
ComboFix-quarantined-files.txt 2008-05-21 21:38:16

7 Verzeichnis(se), 201,615,577,088 Bytes frei
15 Verzeichnis(se), 201,590,501,376 Bytes frei

253 --- E O F --- 2008-05-21 06:26:44


hatte ich versteckte viren?

vielen dank für deine hilfe :-)

lg lacross

#6 Hallo,

««
prüfe die exe - wenn du die Antwort bekommst, poste sie hier
sandbox.norman - Submit file http://www.norman.com/microsites/nsic/Submit/de

C:\Users\lacross\cjr2300GE.exe

---------------------------------------------------

««
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

{93f261fc-7dce-4268-9edb-4c94f8afb899}

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

««
lade Autoruns
http://virus-protect.org/artikel/tools/autoruns.html
Speichere die Datei Autoruns.txt an einem Ort ab, wo man leicht wiederfindet! Dann öffne die Datei - kopiere sie in den Beitrag
(eventuell als Anhang ...siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

#7 hallo - jetzt muß ich blöd fragen - wie prüfe ich die .exe dateien gesondert? und brauche ich da ein extra programm dazu?
übrigens zeigt mir panda internet security combofix als virus - kann eigentlich ja nicht sein oder?

--> Virus erkannt: Bck/VB.XB Antivirus-Schutz 05/22/08 21:14:41 Geblockt Pfad: c:\users\lacross\downloads\combofix.exe[327882R2FWJFW\NirCmdC.cfexe]

läßt sich die dauermeldung über den "virus irgendwie abstellen?l g lacross

#8 ja, combofix wird von vielen scannern als virus erkannt...ist es aber nicht...
die exe prüfst du, indem du sie auf der geposteten seite hochlädst.

Zitat

prüfe die exe - wenn du die Antwort bekommst, poste sie hier
sandbox.norman - Submit file http://www.norman.com/microsites/nsic/Submit/de

C:\Users\lacross\cjr2300GE.exe

__________
MfG Sabina

rund um die PC-Sicherheit

#9 funktioniert leider unter dem link http://www.norman.com/microsites/nsic/Submit/de
nicht...
djr2300GE.exe lädt zwar immer ne weile, aber dann bekomme ich die meldung

Could not verify the code from the image. Please make sure you type in the correct one. Use the "Swap image" link if the image is hard to read.

? gibts auch ein anderes prüfprogramm? und kann ich combofix in panda irgendwie als virus abstellen, daß es die virusinformation nicht immer anzeigt?

lg lacross

#10 ««
Virustotal http://www.virustotal.com/flash/index_en.html

C:\Users\lacross\cjr2300GE.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#11 hallo,

funktioniert über virustotal auch nicht - Errormeldung: Bigger than max permited size!
gibts doch nicht!?

lg lacross

#12 2008-01-31 10:25 45,457,328 ----a-w C:\Users\lacross\cjr2300GE.exe

ja, sorry...45,457,328 ...hätte ich sehen sollen, dass es nicht funktioniert.
ich wollte nur wissen, was das ist, denn die exe ist unbekannt... uebrigens riesig fuer eine exe...
lass es also, und versuche den report von autoruns zu posten (als Anhang) siehe unten

+
Ausführen bei Vista : Windows Taste + R drücken

Kopiere rein: Combofix /U
- klicke "OK"
__________
MfG Sabina

rund um die PC-Sicherheit

#13 hier das logfile von regsearch:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{93f261fc-7dce-4268-9edb-4c94f8afb899}" 23.05.2008 10:50:34

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\InprocServer32\1.1.4.305]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\ProgId]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RadioRipper.ShellExecuteHook\CLSID]
@="{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"="RadioRipper.ShellExecuteHook"

#14 «
ist der radioripper... was ist das ? seit wann hast du das geladen ?
es ist so, dass ich bis jetzt nicht weiss, was los ist.
hat sich der Fehler seit Anwendung der Combofix + löschen der C:\Windows\system32\lsprst7.dll schon in Rauch aufgelöst ???

Anhaltspunkt:
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"= mscoree.dll [ ] ->> fehlt...

also:

lade Autoruns
http://virus-protect.org/artikel/tools/autoruns.html
Speichere die Datei Autoruns.txt an einem Ort ab, wo man leicht wiederfindet! Dann öffne die Datei - kopiere sie in den Beitrag
(eventuell als Anhang ...siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

#15 hier die das log-file von autoruns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ APVXDWIN Platinum permanent protection (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\apvxdwin.exe
+ docoom docoom backup (Not verified) Oberon Sistemas S.L. c:\program files\docoom\docoom backup\docoom.exe
+ Google Desktop Search Google Desktop (Not verified) Google c:\program files\google\google desktop search\googledesktop.exe
+ HostManager AOL (Verified) AOL LLC c:\program files\common files\aol\1176974160\ee\aolsoftware.exe
+ HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Co. c:\program files\hp\hp software update\hpwuschd2.exe
+ QuickFinder Scheduler QuickFinder Index Scheduler (Verified) Corel Corporation c:\program files\wordperfect office x3\programs\qfschd130.exe
+ SCANINICIO Inicio Programado (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\inicio.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ toolbar_eula_launcher (Not verified) c:\program files\googleeula\eulalauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
+ Adobe Gamma Loader.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor (Verified) Hewlett Packard c:\program files\hp\digital imaging\bin\hpqtra08.exe
+ Microsoft Office.lnk Microsoft Office 2000 component (Not verified) Microsoft Corporation c:\program files\microsoft office\office\osa9.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home (Not verified) Nero AG c:\program files\common files\ahead\lib\nmbgmonitor.exe
+ PhonostarTimer (Not verified) phonostar c:\program files\phonostar\ps_timer.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ PixiePack Codec Pack 0.10.4 c:\program files\pixiepack codec pack\installerhelper.exe
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CIB pdf brewer CIB pdf brewer Context Menu (Not verified) CIB software GmbH, München c:\program files\cib software gmbh\cib pdf brewer\cibpdfbrcontextmenu.dll
+ NBShellHook Class Nero BackItUp (Not verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll
+ Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ NBShellHook Class Nero BackItUp (Not verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll
+ Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ QuickFinderMenu QuickFinder Shell Extensions (Verified) Corel Corporation c:\program files\wordperfect office x3\programs\pfse130.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Webordner c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ lnkfile Microsoft Shell Extension Library (Not verified) Microsoft Corporation c:\program files\microsoft office\office\mlshext.dll
+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find (Not verified) Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll
+ Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ Google Toolbar Helper Google Toolbar für Internet Explorer-Client (Verified) Google Inc c:\program files\google\googletoolbar1.dll
+ RealPlayer Download and Record Plugin for Internet Explorer RealPlayer Download and Record Plugin for Internet Explorer (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpbrowserrecordplugin.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ &Google Google Toolbar für Internet Explorer-Client (Verified) Google Inc c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ ICQ6 ICQ Library (Verified) ICQ c:\program files\icq6\icq.exe
HKLM\System\CurrentControlSet\Services
+ docoom online S.L.: docoom backup update permissions manager. 12662. c:\program files\docoom\docoom backup\udocoom.exe
+ hpqddsvc Von diesem Dienst werden CUE-Geräte auf Ihrem System erkannt und überwacht. (Not verified) Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqddsvc.dll
+ LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. (Not verified) Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.exe
+ Net Driver HPZ12 Dot4Net Module (Not verified) Hewlett-Packard c:\windows\system32\hpzinw12.dll
+ Panda Software Controller Panda Software Controler (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psctrls.exe
+ PAVFNSVR Panda Function Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavfnsvr.exe
+ PavPrSrv Panda Process Protection Service (Verified) Panda Software International c:\program files\common files\panda software\pavshld\pavprsrv.exe
+ PAVSRV Enhanced On-Access Anti-Malware Service. (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavsrvx86.exe
+ Pml Driver HPZ12 PmlDrv Module (Not verified) Hewlett-Packard c:\windows\system32\hpzipm12.dll
+ pmshellsrv Anti-malware protection service library executable (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\antispam\pskmssvc.exe
+ ProtexisLicensing Protexis Licensing Service c:\windows\system32\psiservice.exe
+ PSHost Panda Host Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\firewall\pshost.exe
+ PSIMSVC Panda Interface Manager Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psimsvc.exe
+ PskSvcRetail Anti-malware protection support executable (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psksvc.exe
+ TPSrv TPSrv Application (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\tpsrv.exe
HKLM\System\CurrentControlSet\Services
+ aadev AVM ADSL Adapter Device (Not verified) AVM Berlin c:\windows\system32\drivers\aadev.sys
+ AmFSM Panda Anti-Virus Filesystem Minifilter (Verified) Panda Software International c:\windows\system32\drivers\amm8660.sys
+ APPFLT Panda APPFLT (Verified) Panda Software International c:\windows\system32\drivers\appflt.sys
+ AvFlt File not found: C:\Windows\system32\drivers\av5flt.sys
+ catchme File not found: C:\ComboFix\catchme.sys
+ ComFiltr COMFiltr (Verified) Panda Software International c:\windows\system32\drivers\comfiltr.sys
+ cpoint cPoint (Verified) Panda Software International c:\windows\system32\drivers\cpoint.sys
+ DSAFLT (Verified) Panda Software International c:\windows\system32\drivers\dsaflt.sys
+ FNETMON Panda FNetMon (Verified) Panda Software International c:\windows\system32\drivers\fnetmon.sys
+ IDSFLT Intrusion Detection System (Verified) Panda Software International c:\windows\system32\drivers\idsflt.sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
+ NETFLTDI Panda TDI Filter (Verified) Panda Software International c:\windows\system32\drivers\netfltdi.sys
+ NETFWDSL AVM FRITZ!web DSL (Not verified) AVM Berlin c:\windows\system32\drivers\netfwdsl.sys
+ NPF npf.sys (NT5/6 x86) Kernel Driver (Verified) CACE TECHNOLOGIES, LLC c:\windows\system32\drivers\npf.sys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
+ PavProc Panda Process Protection driver (Verified) Panda Software International c:\windows\system32\drivers\pavproc.sys
+ PavSRK.sys File not found: C:\Windows\system32\PavSRK.sys
+ PavTPK.sys File not found: C:\Windows\system32\PavTPK.sys
+ ShldDrv PandaShield driver (Verified) Panda Software International c:\windows\system32\drivers\shldrv51.sys
+ SMSFLT (Verified) Panda Software International c:\windows\system32\drivers\smsflt.sys
+ WNMFLT (Verified) Panda Software International c:\windows\system32\drivers\wnmflt.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL Google Desktop (Not verified) Google c:\program files\google\google desktop search\googledesktopnetwork3.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ avldr On-Access Antivirus Scanner Sync. (Verified) Panda Software International c:\windows\system32\avldr.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
+ MSAFD-Tcpip [RAW/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ MSAFD-Tcpip [RAW/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ MSAFD-Tcpip [TCP/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ MSAFD-Tcpip [TCP/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ MSAFD-Tcpip [UDP/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ MSAFD-Tcpip [UDP/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
+ PAV_LAYERED over [MSAFD-Tcpip [RAW/IPv6]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll
C:\Users\lacross\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
+ Diashow Zeigt eine fortwährende Diashow von Ihren Bildern an. (Not verified) Microsoft Corporation C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\de-DE\Gadget.xml
+ Uhr Zeigt die Zeit Ihrer Zeitzone oder die einer beliebigen Stadt an. (Not verified) Microsoft Corporation C:\Program Files\windows sidebar\gadgets\Clock.gadget\de-DE\Gadget.xml


combofix werde ich jetzt löschen...