| |
| |||||||
Log-Analyse und Auswertung: Firefox braucht ewig um Seite aufzubaunWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.05.2008, 21:53
| #1 |
| |  Firefox braucht ewig um Seite aufzubaun Hi Leute ! als erstes kleine Beschreibung der Probleme: - Firefox braucht ewig um ne Seite aufzubaun (so 10mins) -Editor geht nicht mehr (Fehlermeldung: Dieses Programm wurde aus Sicherheitsgründen geschlossen) -MSN beendet sich nach circa 20 secs (is jetzt net SO wichtig) -meine Ordneroptionen sind weg (bei Extras), somit kann ich auch keine unsichtbaren dateien sehen. -hab schon versucht zu googeln aber allein um die ersten ergebnisse zu sehen braucht der firefox an die 2 stunden^^ -Internet Explorer schließt sich nach 1 sekunde (hab ma versucht obs damit geht....tuts nicht) Mein System: windows xp service pack 2 hab DSL light (nicht lachen) normale downloadgeschwindigkeit von 50 kb/s hab momentan keine Firewall aktiv...(Bitdefender ist abgelaufen) Schon ma danke für eure Hilfe hier jetzt ma mein LOG-File: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:09, on 25.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AlienGUIse\wbload.exe C:\Programme\Lock My PC 4\lockpc.exe C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender10\bdagent.exe C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe E:\Install\WALLPA~1\WALLPA~1.EXE C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\QIP\qip.exe C:\Programme\Last.fm\LastFM.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Softwin\BitDefender10\vsserv.exe D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe C:\Programme\Winamp\winamp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOKUME~1\***\LOKALE~1\Temp\_iu14D2N.tmp C:\Programme\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general/redirect.jhtml?serial=104510896414128518008938 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P O4 - HKLM\..\Run: [Lescos Warcraft Toolkit] "D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe" -minimized O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Salestart] "C:\Programme\Gemeinsame Dateien\SysKontroller\strpmon.exe" dm=http://syskontroller.com ad=http://syskontroller.com sd=http://painst.syskontroller.com O4 - HKLM\..\Run: [d80ed9f4] rundll32.exe "C:\WINDOWS\system32\ykuqpvll.dll",b O4 - HKLM\..\Run: [BMdb3dea68] Rundll32.exe "C:\WINDOWS\system32\igthqbpx.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WallPaper] E:\Install\WALLPA~1\WALLPA~1.EXE /h O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [QIP2005] C:\Programme\QIP\qip.exe O4 - HKCU\..\Run: [Last.fm] C:\Programme\Last.fm\LastFM.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: My_AutoWarkey_Script.lnk = D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: Warkeys Update.lnk = D:\Warcraft III\Tools\Warkeys\update\Warkeys Update.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: SecurStar DCPP 3.81+ Service (DCPP2Svc) - Unknown owner - C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9010 bytes |
|
25.05.2008, 22:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Firefox braucht ewig um Seite aufzubaun Hallo,
__________________C:\DOKUME~1\***\LOKALE~1\Temp\_iu14D2N.tmp C:\Programme\Gemeinsame Dateien\SysKontroller\strpmon.exe C:\WINDOWS\system32\ykuqpvll.dll C:\WINDOWS\system32\igthqbpx.dll C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe C:\WINDOWS\system32\jfiehayd.dll bitte bei virustotal.com auswerten lassen und Ergebnisse posten!
__________________ |
|
26.05.2008, 15:02
| #3 |
| | Firefox braucht ewig um Seite aufzubaun hm....joar...da ham mer schon ma des problem.....
__________________wenn ich auf virustotal.com will....dann lädt er kurz un is fertig..un nix wird angezeigt...so un wenn ich die dateien da löschen will die du mir gesagt hast is des auch schlecht, weil die nämlich versteckt sin...un ich die net sehn kann (meine orderoptionen sin weg un ich kann auch net danach googeln weil google mir keine ergebnisse bringt) ....dumme sache |
|
26.05.2008, 15:13
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox braucht ewig um Seite aufzubaun Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
C:\DOKUME~1\***\LOKALE~1\Temp\_iu14D2N.tmp
C:\Programme\Gemeinsame Dateien\SysKontroller\strpmon.exe
C:\WINDOWS\system32\ykuqpvll.dll
C:\WINDOWS\system32\igthqbpx.dll
C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe
C:\WINDOWS\system32\jfiehayd.dll
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Mach danach bitte weiter mit ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2008, 19:44
| #5 |
| | Firefox braucht ewig um Seite aufzubaun SO hab jetzt mit Avenger die Dateien gelöscht un des comboFix früber laufen lassen..hat alles soweit geklappt...editor un inet gehn wieder( inet is zwar immer noch lahm...liegt aber am dsl light^^) ansonsten auch keine probleme mehr denk ich soweit... muss jetzt nur ma schaun was ich mir jetzt für ne firewall hohl... Also danke für eure schnell Hilfe..ich meld mich wieder wenn mein pc net des macht was er soll...großes THX ^^ hier noch Log-File: (des vom avenger is irgendwie weg....möp) ComboFix: ComboFix 08-05-25.5 - Zip 2008-05-26 20:10:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1592 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Zip\Desktop\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMdb3dea68.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byxVljKc.dll C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\drivers\clbdriver.sys C:\WINDOWS\system32\efcDUlkH.dll C:\WINDOWS\system32\llvpquky.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nnnNEtRJ.dll C:\WINDOWS\system32\pvfssrow.exe C:\WINDOWS\system32\QBHkjSDd.ini C:\WINDOWS\system32\QBHkjSDd.ini2 C:\WINDOWS\system32\tlmvmnpl.exe C:\WINDOWS\system32\umkrrpus.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER ((((((((((((((((((((((( Dateien erstellt von 2008-04-26 bis 2008-05-26 )))))))))))))))))))))))))))))) . 2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\Programme\Spybot - Search & Destroy 2008-05-26 19:42 . 2008-05-26 19:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-05-26 17:02 . 2008-05-26 17:02 832 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg 2008-05-26 16:50 . 2008-05-26 16:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\iS3 2008-05-26 16:50 . 2008-05-26 19:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! 2008-05-26 16:50 . 2008-05-26 16:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard 2008-05-26 15:40 . 2008-05-26 15:40 96,256 --a------ C:\WINDOWS\system32\ilxxixnx.dll 2008-05-26 15:37 . 2008-05-26 15:37 80,384 --a------ C:\WINDOWS\system32\suprrkmu.dll 2008-05-26 15:32 . 2008-05-26 15:32 90,624 --a------ C:\WINDOWS\system32\ctkgbjdk.dll 2008-05-25 16:06 . 2008-05-25 16:06 <DIR> d-------- C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\syskontroller 2008-05-25 13:35 . 2008-05-25 21:29 45 --a------ C:\TEST.XML 2008-05-25 11:27 . 2008-05-25 11:27 95,232 --a------ C:\WINDOWS\system32\hoihgnwn.dll 2008-05-25 11:10 . 2008-05-25 11:10 <DIR> d-------- C:\Downloads 2008-05-24 22:37 . 2008-05-24 22:37 <DIR> d-------- C:\Programme\Lavasoft 2008-05-24 22:37 . 2008-05-25 11:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-05-24 22:19 . 2008-05-24 22:19 <DIR> d-------- C:\Programme\Trend Micro 2008-05-24 12:18 . 2008-05-24 12:18 942 --a------ C:\WINDOWS\b157.exe.bin 2008-05-24 12:13 . 2008-05-24 12:13 942 --a------ C:\WINDOWS\b152.exe.bin 2008-05-23 12:16 . 2008-05-25 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-23 10:49 . 2008-05-23 10:49 280,064 --a------ C:\WINDOWS\system32\dDSjkHBQ.dll 2008-05-23 10:46 . 2008-05-23 10:46 37,376 --a------ C:\WINDOWS\17PHolmes1535.exe 2008-05-23 10:45 . 2008-05-26 20:26 69,042 --a------ C:\WINDOWS\system32\sywtdxaz.sys 2008-05-23 10:45 . 2001-08-23 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 10:45 . 2008-05-23 10:45 2 --a------ C:\-670115493 2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-26 10:38 . 2008-04-26 10:38 <DIR> d-------- C:\Programme\TGTSoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 18:09 52 ----a-w C:\Dokumente und Einstellungen\Zip\LWT.dat 2008-05-26 18:09 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\Xfire 2008-05-25 13:09 --------- d-----w C:\Programme\WinAVIVideoConverter 2008-05-25 13:09 --------- d-----w C:\Programme\DaViDeo2007 2008-05-25 13:09 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\teamspeak2 2008-05-25 13:09 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\Skype 2008-05-25 09:18 --------- d-s---w C:\Programme\Xfire 2008-05-24 20:36 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-24 18:32 --------- d-----w C:\Programme\Zoom Player 2008-05-24 16:45 --------- d-----w C:\Programme\Winamp 2008-05-23 10:29 --------- d-----w C:\Programme\themexp 2008-05-23 08:29 --------- d-----w C:\Programme\Last.fm 2008-05-07 13:23 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\Hamachi 2008-04-22 18:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-20 18:07 --------- d-----w C:\Programme\Hamachi 2008-04-20 18:06 10,578 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-04-20 14:52 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink 2008-04-19 21:45 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-19 14:54 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-04-19 14:54 --------- d-----w C:\Programme\Gemeinsame Dateien\G DATA 2008-04-19 14:52 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\InstallShield Installation Information 2008-04-19 10:39 --------- d-----w C:\Programme\DVD Shrink 2008-04-17 13:19 --------- d-----w C:\Programme\Nero 2008-04-17 13:19 --------- d-----w C:\Programme\Gemeinsame Dateien\Ahead 2008-04-17 13:19 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-04-17 13:16 --------- d-----w C:\Programme\NeroInstall.bak 2008-04-17 13:13 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\Nero 2008-04-17 13:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero 2008-04-14 15:02 --------- d-----w C:\Programme\DSP-worx 2008-04-14 15:00 --------- d-----w C:\Programme\ffdshow 2008-03-27 19:59 --------- d-----w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\Talkback 2008-03-27 15:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-03-23 21:54 22,328 ----a-w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\PnkBstrK.sys 2008-01-30 17:18 18,464,272 ----a-w C:\Programme\winamp552_full_bundle_emusic-7plus_de-de.exe 2007-12-24 20:57 87,608 ----a-w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\inst.exe 2007-12-24 20:57 47,360 ----a-w C:\Dokumente und Einstellungen\Zip\Anwendungsdaten\pcouffin.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-10 18:11 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87862e26-bda0-4a78-b94c-86bcb9428a6f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dfc1140-f0ae-45a0-9f22-bf935ee60550}] 2008-05-26 15:40 96256 --a------ C:\WINDOWS\system32\ilxxixnx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8029905-3ece-4120-982b-f61bfe5a0863}] 2008-05-23 10:49 280064 --a------ C:\WINDOWS\system32\dDSjkHBQ.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360] "WallPaper"="E:\Install\WALLPA~1\WALLPA~1.exe" [2001-06-10 19:28 246272] "TrueCrypt"="C:\Programme\TrueCrypt\TrueCrypt.exe" [2007-05-03 22:21 833984] "QIP2005"="C:\Programme\QIP\qip.exe" [2007-11-16 15:17 3264512] "Last.fm"="C:\Programme\Last.fm\LastFM.exe" [2008-04-30 12:26 1126400] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 02:11 1667584] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07 843776] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-12-01 01:21 290816] "BDAgent"="C:\Programme\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632] "RouterControl"="C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" [2007-04-06 11:12 2458624] "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DCPPaid"="C:\WINDOWS\system32\DCPPaid.exe" [2008-01-06 18:14 0] "Lescos Warcraft Toolkit"="D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe" [2005-08-20 20:22 1317376] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "d80ed9f4"="C:\WINDOWS\system32\suprrkmu.dll" [2008-05-26 15:37 80384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:57 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl] fsp_lmwl.dll 2007-10-09 00:59 44400 C:\WINDOWS\system32\fsp_lmwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\GEMEIN~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnetrj] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Programme\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Programme\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "VIDC.XFR1"= xfcodec.dll "vidc.yv12"= yv12vfw.dll "VIDC.mjpg"= mcmjpg32.dll "vidc.XVID"= xvid.dll "vidc.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmdb3dea68] --a------ 2008-05-26 15:32 90624 C:\WINDOWS\system32\ctkgbjdk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d80ed9f4] --a------ 2008-05-26 15:37 80384 C:\WINDOWS\system32\suprrkmu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\indxstoresvr_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] --a------ 2008-02-28 17:07 1828136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd] C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stylexp] C:\Programme\TGTSoft\StyleXP\StyleXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) "UxTuneUp"=2 (0x2) "TapiSrv"=3 (0x3) "PnkBstrA"=2 (0x2) "NMIndexingService"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acrobat Assistant 7.0"="C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Call of Duty 4\\iw3mp.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= R0 dcpp2k;dcpp2k;C:\WINDOWS\system32\drivers\dcpp2k.sys [2008-01-06 18:18] R2 DCPP2Svc;SecurStar DCPP 3.81+ Service;C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe [2007-07-05 13:35] R3 LMPC4;LMPC4;C:\WINDOWS\system32\drivers\LMPC4.sys [2007-10-09 00:59] S4 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners "2008-03-28 16:16:16 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-26 20:25:58 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\DCPPGina.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\Programme\AlienGUIse\wbload.exe C:\Programme\Lock My PC 4\lockpc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-26 20:28:58 - machine was rebooted [Zip] ComboFix-quarantined-files.txt 2008-05-26 18:28:54 9 Verzeichnis(se), 19,601,633,280 Bytes frei 12 Verzeichnis(se), 19,559,890,944 Bytes frei 230 |
|
26.05.2008, 20:46
| #6 |
| | Firefox braucht ewig um Seite aufzubaun möp ach mist....^^ ok googel geht immer noch net und manche seiten lädt er net fertig oder gar net....(z.B: bilder oder so werden nicht geladen) hab ma spybot gezogen auf anraten von nem freund ...hat auch diverse dinge gefunden hab ich aber behoben... jetzt kommt alle 5 sekunden ne fehlermeldung: Rundll Fehler beim Laden von Das angegebene Modul wurde nicht gefunden des is glaub ich von der rundll32.exe...was auch immer des is sry noch ma, dass ich euch noch weiter nerv^^.... Hier noch ma die log-file vom hijacker: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:55, on 26.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\Programme\AlienGUIse\wbload.exe C:\Programme\Lock My PC 4\lockpc.exe C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender10\bdagent.exe C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe C:\WINDOWS\system32\ctfmon.exe E:\Install\WALLPA~1\WALLPA~1.EXE C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\QIP\qip.exe C:\Programme\Last.fm\LastFM.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Softwin\BitDefender10\vsserv.exe D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Winamp\winamp.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\Programme\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general...14128518008938 O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P O4 - HKLM\..\Run: [Lescos Warcraft Toolkit] "D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe" -minimized O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WallPaper] E:\Install\WALLPA~1\WALLPA~1.EXE /h O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [QIP2005] C:\Programme\QIP\qip.exe O4 - HKCU\..\Run: [Last.fm] C:\Programme\Last.fm\LastFM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB6118] command /c del "C:\WINDOWS\system32\dDSjkHBQ.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD3736] cmd /c del "C:\WINDOWS\system32\dDSjkHBQ.dll_old" O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: My_AutoWarkey_Script.lnk = D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: Warkeys Update.lnk = D:\Warcraft III\Tools\Warkeys\update\Warkeys Update.exe O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: SecurStar DCPP 3.81+ Service (DCPP2Svc) - Unknown owner - C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8491 bytes |
|
26.05.2008, 21:41
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Firefox braucht ewig um Seite aufzubaun Hijackthis Log sieht schon mal ganz okay aus. Zitat:
Führe nochmal den Avenger wie vorhin aus, nur diesmal das als script hineinkopieren: Code:
ATTFilter Drivers to disable:
kgpfr2.cfg
kgpfr2
Drivers to delete:
kgpfr2.cfg
kgpfr2
Files to delete:
C:\WINDOWS\system32\ilxxixnx.dll
C:\WINDOWS\system32\suprrkmu.dll
C:\WINDOWS\system32\drivers\kgpfr2.cfg
C:\WINDOWS\system32\ctkgbjdk.dll
C:\WINDOWS\system32\hoihgnwn.dll
C:\WINDOWS\b157.exe.bin
C:\WINDOWS\b152.exe.bin
C:\WINDOWS\system32\dDSjkHBQ.dll
C:\WINDOWS\17PHolmes1535.exe
C:\WINDOWS\system32\sywtdxaz.sys
C:\WINDOWS\system32\xfcodec.dll
C:\-670115493
C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe
Registry keys to delete:
HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{9dfc1140-f0ae-45a0-9f22-bf935ee60550}
HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{c8029905-3ece-4120-982b-f61bfe5a0863}
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnetrj
HKLM\software\microsoft\shared tools\msconfig\startupreg\bmdb3dea68
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d80ed9f4
HKLM\software\microsoft\shared tools\msconfig\startupreg\bmdb3dea68
HKLM\software\microsoft\shared tools\msconfig\startupreg\d80ed9f4
HKLM\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd
Klick danach bitte nochmal auf den silentrunners Link in meiner Signatur und poste das Logfile. Diesmal alle Logs in [code] tags umschlossen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2008, 16:56
| #8 |
| | Firefox braucht ewig um Seite aufzubaun jo ..also geht soweit wieder...musst en nur rebooten^^...öhm joar hab des script noch ma drüber laufen lassen: hier die logs: Code:
ATTFilter //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue May 27 17:35:19 2008
17:35:14: Error: Invalid syntax in command:
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d80ed9f4"
Skipping line. (Registry value deletion mode)
17:35:17: Error: Invalid syntax in command:
"HKLM\software\microsoft\shared tools\msconfig\startupreg\bmdb3dea68"
Skipping line. (Registry value deletion mode)
17:35:18: Error: Invalid syntax in command:
"HKLM\software\microsoft\shared tools\msconfig\startupreg\d80ed9f4"
Skipping line. (Registry value deletion mode)
17:35:18: Error: Invalid syntax in command:
"HKLM\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd"
Skipping line. (Registry value deletion mode)
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open driver "kgpfr2.cfg"
Disablement of driver "kgpfr2.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open driver "kgpfr2"
Disablement of driver "kgpfr2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kgpfr2.cfg" not found!
Deletion of driver "kgpfr2.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kgpfr2" not found!
Deletion of driver "kgpfr2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\ilxxixnx.dll" deleted successfully.
File "C:\WINDOWS\system32\suprrkmu.dll" deleted successfully.
File "C:\WINDOWS\system32\drivers\kgpfr2.cfg" deleted successfully.
File "C:\WINDOWS\system32\ctkgbjdk.dll" deleted successfully.
File "C:\WINDOWS\system32\hoihgnwn.dll" deleted successfully.
File "C:\WINDOWS\b157.exe.bin" deleted successfully.
File "C:\WINDOWS\b152.exe.bin" deleted successfully.
Error: file "C:\WINDOWS\system32\dDSjkHBQ.dll" not found!
Deletion of file "C:\WINDOWS\system32\dDSjkHBQ.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\17PHolmes1535.exe" deleted successfully.
File "C:\WINDOWS\system32\sywtdxaz.sys" deleted successfully.
File "C:\WINDOWS\system32\xfcodec.dll" deleted successfully.
File "C:\-670115493" deleted successfully.
Error: file "C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe" not found!
Deletion of file "C:\DOKUME~1\Zip\LOKALE~1\Temp\csrssc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{9dfc1140-f0ae-45a0-9f22-bf935ee60550}" not found!
Deletion of registry key "HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{9dfc1140-f0ae-45a0-9f22-bf935ee60550}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{c8029905-3ece-4120-982b-f61bfe5a0863}" not found!
Deletion of registry key "HKLM\software\microsoft\windows\explorer\Browser Helper Objects\{c8029905-3ece-4120-982b-f61bfe5a0863}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnetrj" not found!
Deletion of registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnetrj" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKLM\software\microsoft\shared tools\msconfig\startupreg\bmdb3dea68" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
|
27.05.2008, 17:03
| #9 |
| | Firefox braucht ewig um Seite aufzubaun musst 2 posts machen....warn zu viele zeichen hier der log vom silent runner: un jetzt des silent runner ding  musste es kürzen weils zu lang is...)Code:
ATTFilter Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"WallPaper" = "E:\Install\WALLPA~1\WALLPA~1.EXE /h" [null data]
"TrueCrypt" = ""C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites" ["TrueCrypt Foundation"]
"QIP2005" = "C:\Programme\QIP\qip.exe" ["The Author of QIP"]
"Last.fm" = "C:\Programme\Last.fm\LastFM.exe" ["Last.fm"]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMAXPnP" = "C:\Programme\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDAgent" = ""C:\Programme\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]
"RouterControl" = "C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" ["Mirko Böer"]
"GrooveMonitor" = ""C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"DCPPaid" = "C:\WINDOWS\system32\DCPPaid.exe /P" [null data]
"Lescos Warcraft Toolkit" = ""D:\Warcraft III\Tools\www.ingame.de_lwt\LWT.exe" -minimized" [null data]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"BMdb3dea68" = "Rundll32.exe "C:\WINDOWS\system32\hwcdsjee.dll",s" [MS]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6f74-2d53-2644-206d7942484f}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Programme\Illustrate\dBpoweramp\dMCShell.dll" ["Illustrate"]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data]
"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"
-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"
\InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data]
"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"
-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"
\InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {HKLM...CLSID} = "MCPShellInstantiator Class"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\Stardock\MCPCore.dll" ["Stardock"]
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "DCPPGina.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\dDSjkHBQ"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> fsp_lmwl\DLLName = "fsp_lmwl.dll" ["FSPro Labs"]
<<!>> MCPClient\DLLName = "C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll" ["Stardock"]
<<!>> WB\DLLName = "C:\Programme\AlienGUIse\fastload.dll" ["Stardock"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Programme\Illustrate\dBpoweramp\dBShell.dll" ["Illustrate"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Secure Eraser\(Default) = "{2A8DEC8D-934E-4FF8-825A-05A800047649}"
-> {HKLM...CLSID} = "Secure Eraser"
\InProcServer32\(Default) = "C:\Programme\ASCOMP Software\Secure Eraser\SecEraser.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Secure Eraser\(Default) = "{2A8DEC8D-934E-4FF8-825A-05A800047649}"
-> {HKLM...CLSID} = "Secure Eraser"
\InProcServer32\(Default) = "C:\Programme\ASCOMP Software\Secure Eraser\SecEraser.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Install\WALLPA~1\Wallpaper.bmp"
Windows Portable Device AutoPlay Handlers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
dMCAudioCDInput\
"Provider" = "dBpoweramp CD Ripper"
"InvokeProgID" = "dMC.AudioCD.Autorun"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\dMC.AudioCD.Autorun\shell\open\command\(Default) = ""C:\Programme\Illustrate\dBpoweramp\CDGrab.exe" %1" ["Illustrate"]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Programme\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Programme\Winamp\winamp.exe"" ["Nullsoft"]
Startup items in "Zip" & "All Users" startup folders:
C:\Dokumente und Einstellungen\Zip\Startmenü\Programme\Autostart
"My_AutoWarkey_Script" -> shortcut to: "D:\Warcraft III\Tools\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ..\My_AutoWarkey_Script.ahk" [null data]
"Warkeys Update" -> shortcut to: "D:\Warcraft III\Tools\Warkeys\update\Warkeys Update.exe" [null data]
"Xfire" -> shortcut to: "C:\Programme\Xfire\Xfire.exe" ["Xfire Inc."]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data]
Enabled Scheduled Tasks:
"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "An OneNote senden"
"MenuText" = "An OneNote s&enden"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["SOFTWIN S.R.L"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]
SecurStar DCPP 3.81+ Service, DCPP2Svc, "C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "lmpc4" ["FSPro Labs"]
Print Monitors:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
|
|
27.05.2008, 17:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Firefox braucht ewig um Seite aufzubaun Du kannst die Logfiles wenn sie zu lang sind auch bei file-upload.net hochladen und hier verlinken. Wenns mehrere sind, solltest Du sie vorher zippen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2008, 02:22
| #11 |
 |  Firefox braucht ewig um Seite aufzubaun Huhu Leute :> Ich habe so ziemlich das selbe Problem wie Nexus05. ._. [edit] Bitte eröffne, wie jeder andere hier auch, für dein Problem einen eigenen Beitrag. Nur so wird sichergestellt as jedem User übersichtlich und individuell geholfen werden kann. Danke. [/edit] Geändert von Sunny (13.06.2008 um 07:55 Uhr) |
|
| Themen zu Firefox braucht ewig um Seite aufzubaun |
| 0 bytes, aus sicherheitsgründen, defender, desktop, dll, downloadgeschwindigkeit, dsl, explorer, fehlermeldung, firefox, firewall, geht nicht mehr, gservice, hijack, hijackthis, keine firewall, konvertieren, lache, log-file, nmindexstoresvr.exe, pdf, pdf-datei, preferences, programm, programme, router, rundll, senden, server, sicherheitsgründe, sicherheitsgründen, software, syskontroller, system, tan, temp, virus |
Linear-Darstellung
