Browser lädt nicht obwohl Internetverbindung steht |
||
---|---|---|
#0
| ||
19.05.2008, 14:16
Member
Beiträge: 14 |
||
|
||
19.05.2008, 14:19
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo LaCross,
verwendest du den IE ? Dann lade erst mal als Zweitbrowser den Firefox - berichte, ob dort das Problem auch auftritt. http://virus-protect.org/firefox.html und poste ein Log vom HijackThis http://virus-protect.org/hjtkurz.html Beim Erststart: Do a system scan and save a logfile - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und im Sicherheits-Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.05.2008, 21:36
Member
Themenstarter Beiträge: 14 |
#3
hallo sabina,
nein, ich verwende den firefox, d.h. das problem tritt beim firefox auf. hier die log-datei Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:32:48, on 20.05.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\aol\1176974160\ee\aolsoftware.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\System32\rundll32.exe C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe C:\Program Files\docoom\docoom backup\docoom.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\phonostar\ps_timer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\explorer.exe C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe C:\Program Files\RapidSolution\Radiotracker\Radiotracker.exe C:\Program Files\RapidSolution\Radiotracker\Podspider\PodSpiderU.exe C:\Program Files\RadioRipper\RadioRipper.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Windows\MSAgent\agentsvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\lacross\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176974160\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" O4 - HKLM\..\Run: [docoom] "C:\Program Files\docoom\docoom backup\docoom.exe" /auto O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAB994F-9798-4AF2-96A7-65C27ACF6D3B}: NameServer = 192.168.122.252,192.168.122.253 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe O23 - Service: docoom online S.L.: docoom backup update permissions manager. 12662. - Unknown owner - C:\Program Files\docoom\docoom backup\udocoom.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrvx86.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PskSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe -- End of file - 9814 bytes danke :-) lg lacross |
|
|
||
21.05.2008, 00:10
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
« wende cleaner an, schliesse vorher den Firefox und lösche alle temp-Dateien http://www.ccleaner.de/?protecus.de « tritt das Problem auch beim IE auf ? « wende combofix an , klicke die Warnmeldung weg + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2008, 23:47
Member
Themenstarter Beiträge: 14 |
#5
hallo sabina,
ich verwende ausschließlich den firefox, weiß also gar nciht, ob das problem mit dem ie auch besteht. hier die log-datei von combofix: ComboFix 08-05-20.5 - lacross 2008-05-21 23:32:52.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.203 [GMT 2:00] ausgeführt von:: C:\Users\lacross\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\lsprst7.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-04-21 bis 2008-05-21 )))))))))))))))))))))))))))))) . 2008-05-21 23:02 . 2008-05-21 23:02 <DIR> d-------- C:\Program Files\CCleaner 2008-05-18 17:15 . 2008-05-18 17:15 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Talkback 2008-05-06 08:34 . 2008-05-06 08:34 <DIR> d-------- C:\Program Files\WinPcap 2008-05-06 08:33 . 2008-05-06 08:33 <DIR> d-------- C:\Program Files\URLSnooper2 2008-04-26 12:20 . 2008-04-26 12:20 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Printer Info Cache 2008-04-26 12:20 . 2008-04-26 12:20 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Image Zone Express 2008-04-26 12:04 . 2008-04-26 12:04 <DIR> d-------- C:\Users\All Users\WEBREG 2008-04-26 12:04 . 2008-04-26 12:04 <DIR> d-------- C:\ProgramData\WEBREG 2008-04-26 11:55 . 2008-04-26 11:55 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2008-04-26 11:55 . 2008-04-26 11:55 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2008-04-26 11:51 . 2008-04-26 11:51 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-04-26 11:51 . 2008-04-26 11:51 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-04-26 11:50 . 2008-04-26 11:54 <DIR> d-------- C:\Program Files\Common Files\HP 2008-04-26 11:38 . 2008-04-26 11:55 <DIR> d-------- C:\Program Files\HP 2008-04-26 11:34 . 2008-05-03 18:34 164,247 --a------ C:\Windows\hpoins19.dat 2008-04-26 11:31 . 2008-04-26 12:01 <DIR> d-------- C:\Users\All Users\HP 2008-04-26 11:31 . 2008-04-26 12:01 <DIR> d-------- C:\ProgramData\HP 2008-04-26 11:31 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\SET2051.tmp 2008-04-26 11:31 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll 2008-04-26 11:31 . 2006-12-16 08:19 573,440 --a------ C:\Windows\System32\SET22B4.tmp 2008-04-26 11:31 . 2006-12-16 08:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll 2008-04-26 11:31 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll 2008-04-26 11:31 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-04-26 11:31 . 2007-03-13 21:50 26,952 --a------ C:\Windows\hpomdl19.dat 2008-04-26 11:00 . 2008-04-26 12:06 <DIR> d-------- C:\Users\lacross\AppData\Roaming\HP 2008-04-25 15:21 . 2008-04-25 15:21 <DIR> d-------- C:\Users\lacross\.spss 2008-04-25 15:17 . 2008-04-25 15:17 <DIR> d-------- C:\Users\All Users\SafeNet Sentinel 2008-04-25 15:17 . 2008-04-25 15:17 <DIR> d-------- C:\ProgramData\SafeNet Sentinel 2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\Users\All Users\SPSS 2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\ProgramData\SPSS 2008-04-25 15:13 . 2008-04-25 21:11 <DIR> d-------- C:\Program Files\SPSSInc 2008-04-25 15:13 . 2008-04-25 15:13 <DIR> d-------- C:\Program Files\Common Files\SPSS 2008-04-25 15:13 . 2008-04-25 15:13 1,025 --a------ C:\Windows\System32\sysprs7.tgz 2008-04-25 15:13 . 2008-04-25 15:13 1,025 --a------ C:\Windows\System32\sysprs7.dll 2008-04-25 15:13 . 2008-04-25 15:13 219 --a------ C:\Windows\System32\lsprst7.tgz 2008-04-25 15:13 . 2008-04-25 15:13 16 ---h----- C:\Windows\System32\servdat.slm 2008-04-25 15:11 . 2008-04-25 15:11 0 --a------ C:\law.sp 2008-04-24 13:54 . 2008-04-24 13:54 <DIR> d-------- C:\Program Files\CIB software GmbH 2008-04-24 13:48 . 2008-04-24 14:01 <DIR> d-------- C:\Users\lacross\AppData\Roaming\PDF reDirect 2008-04-24 08:52 . 2008-04-24 08:53 <DIR> d-------- C:\Program Files\Lexmark 2300 Series 2008-04-22 10:04 . 2008-04-22 10:04 <DIR> d-------- C:\Program Files\Free PDF to Word Doc Converter 2008-04-21 15:45 . 2008-04-21 16:11 <DIR> d-------- C:\Users\lacross\AppData\Roaming\Azureus 2008-04-21 15:45 . 2008-04-21 16:11 <DIR> d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 21:30 266,884 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck 2008-05-21 21:30 266,884 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT 2008-05-21 21:30 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck 2008-05-21 21:30 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG 2008-05-19 11:49 --------- d-----w C:\Program Files\Panda Security 2008-05-16 06:44 --------- d-----w C:\Program Files\Windows Mail 2008-05-10 18:46 --------- d-----w C:\Program Files\Tobit ClipInc 2008-04-30 06:37 --------- d-----w C:\Program Files\Lx_cats 2008-04-28 13:16 1,541,896 ----a-w C:\Windows\CISUnins.exe 2008-04-28 13:16 1,541,896 ----a-w C:\Windows\CICUnins.exe 2008-04-24 11:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-21 13:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-18 18:23 --------- d-----w C:\Program Files\ICQ6 2008-04-15 20:04 --------- d-----w C:\Program Files\Winamp 2008-04-12 18:55 --------- d-----w C:\Users\lacross\AppData\Roaming\phonostar-Player 2008-04-11 12:34 --------- d-----w C:\Program Files\docoom 2008-04-11 12:28 --------- d-----w C:\ProgramData\Backup 2008-04-11 12:22 --------- d-----w C:\ProgramData\sentinel 2008-04-11 12:15 13,880 ----a-w C:\Windows\system32\drivers\COMFiltr.sys 2008-04-11 12:09 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-04-10 21:54 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-10 21:05 --------- d-----w C:\Users\lacross\AppData\Roaming\RadioRipper 2008-04-10 17:54 --------- d-----w C:\Program Files\RadioRipper 2008-04-10 16:08 174 --sha-w C:\Program Files\desktop.ini 2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Journal 2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-10 16:01 --------- d-----w C:\Program Files\Windows Calendar 2008-04-10 16:00 --------- d-----w C:\Program Files\Windows Defender 2008-04-10 15:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-10 15:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-10 14:58 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-04-10 14:58 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-04-10 13:42 --------- d-----w C:\Program Files\Ratajik Software 2008-04-03 12:31 38,203 ----a-w C:\Users\lacross\.cxpg63spc.dat 2008-04-03 12:28 --------- d--h--w C:\Program Files\Zero G Registry 2008-04-03 12:28 --------- d-----w C:\Program Files\Xpage Internet Studio 6 Special Edition 2008-04-03 11:31 --------- d-----w C:\Users\lacross\AppData\Roaming\KompoZer 2008-03-31 13:38 --------- d-----w C:\Users\lacross\AppData\Roaming\Winamp 2008-03-23 13:39 --------- d-----w C:\Program Files\Java 2008-03-23 13:34 --------- d-----w C:\Program Files\Common Files\Java 2008-03-21 18:39 --------- d-----w C:\Users\lacross\AppData\Roaming\streamripper 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-01-31 10:25 45,457,328 ----a-w C:\Users\lacross\cjr2300GE.exe . ------- Sigcheck ------- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll] "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-12-05 17:14 126976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2008-04-18 18:08 584704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe] "HostManager"="C:\Program Files\Common Files\AOL\1176974160\ee\AOLSoftware.exe" [2006-11-14 15:47 50736] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-20 08:20 220160] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 15:54 16896] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 22:34 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 05:21 83568] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Skytel"="Skytel.exe" [2007-03-13 18:55 1822720 C:\Windows\SkyTel.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-22 20:47 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-22 20:47 8425472] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-22 20:47 81920] "APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832] "SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952] "docoom"="C:\Program Files\docoom\docoom backup\docoom.exe" [2007-09-29 09:10 1130496] "LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 05:20 73728] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2008-04-18 18:08 584704] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-16 13:13:18 113664] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93f261fc-7dce-4268-9edb-4c94f8afb899}"= mscoree.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= C:\Windows\system32\l3codecp.acm "msacm.l3codec"= C:\Windows\system32\l3codecp.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2ABC7FEF-6CA3-4EB0-8D50-9E7199EE45C7}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In "{43CB7469-0F77-4D4D-BB25-0EB62C62D7BC}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Optimized Dial-In "{55D6AD31-FED6-4F68-A370-5D9701CEBAE0}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In "{137F19DF-8D4B-445D-BF9C-8C20B90D85D2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Optimized Dial-In "{78F0B583-C009-41E5-BD3C-8C5C522B7BA0}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{70A286DC-C4A8-4291-AB15-D93FA54B2A8C}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{D992BD3E-7F0B-44DE-A393-049AA698D04F}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{0D6D1DE6-E5D0-412D-870E-9301C20A6080}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{90BE56F7-26CD-4ABD-B47F-4D92805BECA4}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{0C71AD5F-C6A0-4FA0-AD4D-74150BF7DD5D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{BAB348AC-1DD9-43CC-BB2E-B92B86DCC331}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "{88EEA7C5-A1C8-48C4-9C7C-2DCA654CA25E}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "TCP Query User{816CFA5F-4333-449A-87A8-E29667C395E1}C:\\program files\\fritz!dsl\\fritzdsl.exe"= UDP:C:\program files\fritz!dsl\fritzdsl.exe:FRITZ!web DSL "UDP Query User{9014ECD6-7487-4FCB-8D28-3446A3CB5727}C:\\program files\\fritz!dsl\\fritzdsl.exe"= TCP:C:\program files\fritz!dsl\fritzdsl.exe:FRITZ!web DSL "TCP Query User{E369BDBC-7081-455B-ADA7-E726FCA21429}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{188575AA-B409-46DC-994E-E247E432FA8E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer "TCP Query User{9BDBE254-13BD-47D8-88DB-EA9EE36C621C}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{ECAE4BD8-AF3C-489F-B580-C1DC20331E56}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{004F1015-9CB7-4868-9170-244FAF3581A5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{618D0D14-8823-4831-8EFF-C358FA632554}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{6B515530-E8A7-4746-AD55-A16E82ACCE55}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= UDP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole "UDP Query User{B9CD8D66-C402-428C-A6B6-07492E2D99A2}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= TCP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole "TCP Query User{502BDE50-B279-4252-9803-66CCB37F7FC9}C:\\program files\\xpage internet studio 6 special edition\\jre\\bin\\javaw.exe"= UDP:C:\program files\xpage internet studio 6 special edition\jre\bin\javaw.exe:javaw "UDP Query User{FE64E1A9-2617-4D09-BD70-FAA3DF8B7934}C:\\program files\\xpage internet studio 6 special edition\\jre\\bin\\javaw.exe"= TCP:C:\program files\xpage internet studio 6 special edition\jre\bin\javaw.exe:javaw "TCP Query User{F734DE06-466A-4CF4-9C2F-BF731170D7D5}C:\\program files\\radioripper\\radioripper.exe"= UDP:C:\program files\radioripper\radioripper.exe:RadioRipper "UDP Query User{C51FC483-3D10-4496-A0E7-CD967951E682}C:\\program files\\radioripper\\radioripper.exe"= TCP:C:\program files\radioripper\radioripper.exe:RadioRipper "{D2322FDC-52C9-47B8-AC7A-A8BCBFED5909}"= UDP:C:\Windows\System32\lxcgcoms.exe:Lexmark Communications System "{5F353420-1C2F-4059-819F-D16BA29F703D}"= TCP:C:\Windows\System32\lxcgcoms.exe:Lexmark Communications System "{EF997D64-CD7A-4DF6-8AE5-99C519E4B9D2}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxcgpswx.exerinter Status Window "{9E7B7CAA-59FC-4C57-AD69-9F61328A6A1C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxcgpswx.exerinter Status Window "{279BBD73-BCAF-4089-9318-F259E50C7465}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\spss.exe:SPSS 16.0 Evaluation Version (1033:exe) "{F5471853-5307-4439-BF08-2F6BED5B45E9}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{AB6F966A-A0EF-4CE6-9DBA-31BA491E6F97}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16EV\spss.com:SPSS 16.0 Evaluation Version (1033:com) "{CC589001-FB68-4F97-94B8-CB6D1554F0FA}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\spss.exe:SPSS 16.0 Evaluation Version (1033:exe) "{0A9E1E80-81AF-4172-BF50-C47ED85F3180}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{F0B49FDE-1AFA-4833-A0B1-A2038D95DC27}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16EV\spss.com:SPSS 16.0 Evaluation Version (1033:com) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 00:23] R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 09:33] R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33] R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 09:33] R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33] R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40] R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33] R2 aadev;AVM ADSL Adapter Device;C:\Windows\system32\DRIVERS\aadev.sys [2004-04-28 09:58] R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43] R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [] R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 [] R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 [] R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2008-04-11 14:15] R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 08:44] R2 docoom online S.L.: docoom backup update permissions manager. 12662.;docoom online S.L.: docoom backup update permissions manager. 12662.;C:\Program Files\docoom\docoom backup\udocoom.exe [2007-05-14 15:57] R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49] R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Internet Security 2008\PskSvc.exe" [2007-03-21 19:32] R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2004-06-11 02:00] R3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\Windows\system32\DRIVERS\NETFWDSL.SYS [2004-04-28 10:03] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 15:43] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-01-25 19:31] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-21 23:37:22 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????? ?????????????????????????????????????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-05-21 23:38:21 ComboFix-quarantined-files.txt 2008-05-21 21:38:16 7 Verzeichnis(se), 201,615,577,088 Bytes frei 15 Verzeichnis(se), 201,590,501,376 Bytes frei 253 --- E O F --- 2008-05-21 06:26:44 hatte ich versteckte viren? vielen dank für deine hilfe :-) lg lacross Dieser Beitrag wurde am 22.05.2008 um 21:23 Uhr von LaCross editiert.
|
|
|
||
21.05.2008, 23:58
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo,
«« prüfe die exe - wenn du die Antwort bekommst, poste sie hier sandbox.norman - Submit file http://www.norman.com/microsites/nsic/Submit/de C:\Users\lacross\cjr2300GE.exe --------------------------------------------------- «« http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) {93f261fc-7dce-4268-9edb-4c94f8afb899} in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. «« lade Autoruns http://virus-protect.org/artikel/tools/autoruns.html Speichere die Datei Autoruns.txt an einem Ort ab, wo man leicht wiederfindet! Dann öffne die Datei - kopiere sie in den Beitrag (eventuell als Anhang ...siehe unten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.05.2008, 19:54
Member
Themenstarter Beiträge: 14 |
#7
hallo - jetzt muß ich blöd fragen - wie prüfe ich die .exe dateien gesondert? und brauche ich da ein extra programm dazu?
übrigens zeigt mir panda internet security combofix als virus - kann eigentlich ja nicht sein oder? --> Virus erkannt: Bck/VB.XB Antivirus-Schutz 05/22/08 21:14:41 Geblockt Pfad: c:\users\lacross\downloads\combofix.exe[327882R2FWJFW\NirCmdC.cfexe] läßt sich die dauermeldung über den "virus irgendwie abstellen?l g lacross Dieser Beitrag wurde am 22.05.2008 um 22:01 Uhr von LaCross editiert.
|
|
|
||
22.05.2008, 21:23
Ehrenmitglied
Beiträge: 29434 |
#8
ja, combofix wird von vielen scannern als virus erkannt...ist es aber nicht...
die exe prüfst du, indem du sie auf der geposteten seite hochlädst. Zitat prüfe die exe - wenn du die Antwort bekommst, poste sie hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.05.2008, 23:33
Member
Themenstarter Beiträge: 14 |
#9
funktioniert leider unter dem link http://www.norman.com/microsites/nsic/Submit/de
nicht... djr2300GE.exe lädt zwar immer ne weile, aber dann bekomme ich die meldung Could not verify the code from the image. Please make sure you type in the correct one. Use the "Swap image" link if the image is hard to read. ? gibts auch ein anderes prüfprogramm? und kann ich combofix in panda irgendwie als virus abstellen, daß es die virusinformation nicht immer anzeigt? lg lacross Dieser Beitrag wurde am 22.05.2008 um 23:46 Uhr von LaCross editiert.
|
|
|
||
23.05.2008, 00:47
Ehrenmitglied
Beiträge: 29434 |
#10
««
Virustotal http://www.virustotal.com/flash/index_en.html C:\Users\lacross\cjr2300GE.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.05.2008, 10:14
Member
Themenstarter Beiträge: 14 |
#11
hallo,
funktioniert über virustotal auch nicht - Errormeldung: Bigger than max permited size! gibts doch nicht!? lg lacross |
|
|
||
23.05.2008, 10:27
Ehrenmitglied
Beiträge: 29434 |
#12
2008-01-31 10:25 45,457,328 ----a-w C:\Users\lacross\cjr2300GE.exe
ja, sorry...45,457,328 ...hätte ich sehen sollen, dass es nicht funktioniert. ich wollte nur wissen, was das ist, denn die exe ist unbekannt... uebrigens riesig fuer eine exe... lass es also, und versuche den report von autoruns zu posten (als Anhang) siehe unten + Ausführen bei Vista : Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.05.2008, 10:53
Member
Themenstarter Beiträge: 14 |
#13
hier das logfile von regsearch:
REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{93f261fc-7dce-4268-9edb-4c94f8afb899}" 23.05.2008 10:50:34 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\InprocServer32\1.1.4.305] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}\ProgId] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RadioRipper.ShellExecuteHook\CLSID] @="{93F261FC-7DCE-4268-9EDB-4C94F8AFB899}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks] "{93f261fc-7dce-4268-9edb-4c94f8afb899}"="RadioRipper.ShellExecuteHook" |
|
|
||
23.05.2008, 11:00
Ehrenmitglied
Beiträge: 29434 |
#14
«
ist der radioripper... was ist das ? seit wann hast du das geladen ? es ist so, dass ich bis jetzt nicht weiss, was los ist. hat sich der Fehler seit Anwendung der Combofix + löschen der C:\Windows\system32\lsprst7.dll schon in Rauch aufgelöst ??? Anhaltspunkt: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93f261fc-7dce-4268-9edb-4c94f8afb899}"= mscoree.dll [ ] ->> fehlt... also: lade Autoruns http://virus-protect.org/artikel/tools/autoruns.html Speichere die Datei Autoruns.txt an einem Ort ab, wo man leicht wiederfindet! Dann öffne die Datei - kopiere sie in den Beitrag (eventuell als Anhang ...siehe unten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.05.2008, 11:10
Member
Themenstarter Beiträge: 14 |
#15
hier die das log-file von autoruns:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe + APVXDWIN Platinum permanent protection (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\apvxdwin.exe + docoom docoom backup (Not verified) Oberon Sistemas S.L. c:\program files\docoom\docoom backup\docoom.exe + Google Desktop Search Google Desktop (Not verified) Google c:\program files\google\google desktop search\googledesktop.exe + HostManager AOL (Verified) AOL LLC c:\program files\common files\aol\1176974160\ee\aolsoftware.exe + HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Co. c:\program files\hp\hp software update\hpwuschd2.exe + QuickFinder Scheduler QuickFinder Index Scheduler (Verified) Corel Corporation c:\program files\wordperfect office x3\programs\qfschd130.exe + SCANINICIO Inicio Programado (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\inicio.exe + SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\jusched.exe + TkBellExe RealNetworks Scheduler (Verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe + toolbar_eula_launcher (Not verified) c:\program files\googleeula\eulalauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup + Adobe Gamma Loader.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe + HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor (Verified) Hewlett Packard c:\program files\hp\digital imaging\bin\hpqtra08.exe + Microsoft Office.lnk Microsoft Office 2000 component (Not verified) Microsoft Corporation c:\program files\microsoft office\office\osa9.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run + BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home (Not verified) Nero AG c:\program files\common files\ahead\lib\nmbgmonitor.exe + PhonostarTimer (Not verified) phonostar c:\program files\phonostar\ps_timer.exe HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + PixiePack Codec Pack 0.10.4 c:\program files\pixiepack codec pack\installerhelper.exe HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + CIB pdf brewer CIB pdf brewer Context Menu (Not verified) CIB software GmbH, München c:\program files\cib software gmbh\cib pdf brewer\cibpdfbrcontextmenu.dll + NBShellHook Class Nero BackItUp (Not verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll + Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + NBShellHook Class Nero BackItUp (Not verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll + Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + QuickFinderMenu QuickFinder Shell Extensions (Verified) Corel Corporation c:\program files\wordperfect office x3\programs\pfse130.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Webordner c:\program files\common files\microsoft shared\web folders\msonsext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + lnkfile Microsoft Shell Extension Library (Not verified) Microsoft Corporation c:\program files\microsoft office\office\mlshext.dll + Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find (Not verified) Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll + Panda Antivirus PAVOLE (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavole.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll + Google Toolbar Helper Google Toolbar für Internet Explorer-Client (Verified) Google Inc c:\program files\google\googletoolbar1.dll + RealPlayer Download and Record Plugin for Internet Explorer RealPlayer Download and Record Plugin for Internet Explorer (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpbrowserrecordplugin.dll + SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\ssv.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar + &Google Google Toolbar für Internet Explorer-Client (Verified) Google Inc c:\program files\google\googletoolbar1.dll HKLM\Software\Microsoft\Internet Explorer\Extensions + ICQ6 ICQ Library (Verified) ICQ c:\program files\icq6\icq.exe HKLM\System\CurrentControlSet\Services + docoom online S.L.: docoom backup update permissions manager. 12662. c:\program files\docoom\docoom backup\udocoom.exe + hpqddsvc Von diesem Dienst werden CUE-Geräte auf Ihrem System erkannt und überwacht. (Not verified) Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqddsvc.dll + LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. (Not verified) Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.exe + Net Driver HPZ12 Dot4Net Module (Not verified) Hewlett-Packard c:\windows\system32\hpzinw12.dll + Panda Software Controller Panda Software Controler (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psctrls.exe + PAVFNSVR Panda Function Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavfnsvr.exe + PavPrSrv Panda Process Protection Service (Verified) Panda Software International c:\program files\common files\panda software\pavshld\pavprsrv.exe + PAVSRV Enhanced On-Access Anti-Malware Service. (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavsrvx86.exe + Pml Driver HPZ12 PmlDrv Module (Not verified) Hewlett-Packard c:\windows\system32\hpzipm12.dll + pmshellsrv Anti-malware protection service library executable (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\antispam\pskmssvc.exe + ProtexisLicensing Protexis Licensing Service c:\windows\system32\psiservice.exe + PSHost Panda Host Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\firewall\pshost.exe + PSIMSVC Panda Interface Manager Service (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psimsvc.exe + PskSvcRetail Anti-malware protection support executable (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\psksvc.exe + TPSrv TPSrv Application (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\tpsrv.exe HKLM\System\CurrentControlSet\Services + aadev AVM ADSL Adapter Device (Not verified) AVM Berlin c:\windows\system32\drivers\aadev.sys + AmFSM Panda Anti-Virus Filesystem Minifilter (Verified) Panda Software International c:\windows\system32\drivers\amm8660.sys + APPFLT Panda APPFLT (Verified) Panda Software International c:\windows\system32\drivers\appflt.sys + AvFlt File not found: C:\Windows\system32\drivers\av5flt.sys + catchme File not found: C:\ComboFix\catchme.sys + ComFiltr COMFiltr (Verified) Panda Software International c:\windows\system32\drivers\comfiltr.sys + cpoint cPoint (Verified) Panda Software International c:\windows\system32\drivers\cpoint.sys + DSAFLT (Verified) Panda Software International c:\windows\system32\drivers\dsaflt.sys + FNETMON Panda FNetMon (Verified) Panda Software International c:\windows\system32\drivers\fnetmon.sys + IDSFLT Intrusion Detection System (Verified) Panda Software International c:\windows\system32\drivers\idsflt.sys + IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys + NETFLTDI Panda TDI Filter (Verified) Panda Software International c:\windows\system32\drivers\netfltdi.sys + NETFWDSL AVM FRITZ!web DSL (Not verified) AVM Berlin c:\windows\system32\drivers\netfwdsl.sys + NPF npf.sys (NT5/6 x86) Kernel Driver (Verified) CACE TECHNOLOGIES, LLC c:\windows\system32\drivers\npf.sys + NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys + NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys + PavProc Panda Process Protection driver (Verified) Panda Software International c:\windows\system32\drivers\pavproc.sys + PavSRK.sys File not found: C:\Windows\system32\PavSRK.sys + PavTPK.sys File not found: C:\Windows\system32\PavTPK.sys + ShldDrv PandaShield driver (Verified) Panda Software International c:\windows\system32\drivers\shldrv51.sys + SMSFLT (Verified) Panda Software International c:\windows\system32\drivers\smsflt.sys + WNMFLT (Verified) Panda Software International c:\windows\system32\drivers\wnmflt.sys HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL Google Desktop (Not verified) Google c:\program files\google\google desktop search\googledesktopnetwork3.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + avldr On-Access Antivirus Scanner Sync. (Verified) Panda Software International c:\windows\system32\avldr.dll HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries + MSAFD-Tcpip [RAW/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + MSAFD-Tcpip [RAW/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + MSAFD-Tcpip [TCP/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + MSAFD-Tcpip [TCP/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + MSAFD-Tcpip [UDP/IP] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + MSAFD-Tcpip [UDP/IPv6] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll + PAV_LAYERED over [MSAFD-Tcpip [RAW/IPv6]] Internet Resident Layered Service Provider (Verified) Panda Software International c:\program files\panda security\panda internet security 2008\pavlsp.dll C:\Users\lacross\AppData\Local\Microsoft\Windows Sidebar\Settings.ini + Diashow Zeigt eine fortwährende Diashow von Ihren Bildern an. (Not verified) Microsoft Corporation C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\de-DE\Gadget.xml + Uhr Zeigt die Zeit Ihrer Zeitzone oder die einer beliebigen Stadt an. (Not verified) Microsoft Corporation C:\Program Files\windows sidebar\gadgets\Clock.gadget\de-DE\Gadget.xml combofix werde ich jetzt löschen... |
|
|
||
seit 2 Tagen lädt der Browser die Webseiten nicht mehr, obwohl die Internetverbindung besteht. Auch ICQ funktioniert noch. Meistens tritt das Problem nach ein paar Stunden aktiver Onlinesitzungen auf. Hab mit Panda Internet Security nach Viren/Trojanern gesucht - außer Spyware wird nichts gefunden, bzw. Virenfunde wurden vor Auftreten des Problems gleich desinfiziert. Wo könnte das Problem liegen und wie kann mans beseitigen?
Über eure Hilfe wäre ich sehr dankbar
greetz LaCross