diverse sites werden nicht angezeigt

  • #1
B

Bloodsnake

Mitglied
Themenersteller
Dabei seit
07.06.2005
Beiträge
12
Reaktionspunkte
0
Hallo erstmal!

Ich habe jetzt schon sämtliche Foren durch(die geladen werden).
Das problem wurde des öfteren schon behandelt, aber bei mir hat das nichts genutzt.

Mein Problem: Einige www-Seiten werden nicht geladen. Da wären z.B.: amazon.de, amzon.com oder heise.de usw.

Folgende Lösungen habe ich schon probiert:

anderen Browser - IE und Firefox
MTU-Wert angepasst
Netzwerkkarte neu installiert

Hab auch ein hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:37, on 14.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Programme\Spyware Doctor\pctsAuxs.exe
E:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
E:\Programme\Spyware Doctor\pctsTray.exe
E:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
E:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {39B15A4A-8C87-43B7-9859-E98F429DDEBB} - (no file)
O2 - BHO: (no name) - {5391AA74-6A1D-431E-A08C-730DDF38A845} - C:\WINDOWS\system32\urqQjhFU.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [ISTray] E:\Programme\Spyware Doctor\pctsTray.exe
O4 - HKLM\..\Run: [BM7bbde090] Rundll32.exe C:\WINDOWS\system32\damlisbs.dll,s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe autostart
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] E:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User->Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: in/mit BitSpirit runterladen - E:\Programme\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://rtl.king.de/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1221413288187
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: geBtRLDV - geBtRLDV.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6809 bytes


Ich hoffe jemand kann mir helfen!

Danke im voraus.

greetz Snake

[br][blue]*PCDpan_fee: Verschoben aus "Windows XP"*[/blue]
 
  • #2
Hab mir den IE8 heruntergeladen und jetzt kann ich die Seiten aufrufen.

greetz
Snake
 
  • #3
Bloodsnake schrieb:
O2 - BHO: (no name) - {39B15A4A-8C87-43B7-9859-E98F429DDEBB} - (no file)
O2 - BHO: (no name) - {5391AA74-6A1D-431E-A08C-730DDF38A845} - C:\WINDOWS\system32\urqQjhFU.dll (file missing)
O20 - Winlogon Notify: geBtRLDV - geBtRLDV.dll (file missing)
Zum Vergrößern anklicken....

dein System ist aber nicht sauber .....

pan_fee
 
  • #4
den schönsten hast du unterschlagen :D

O4 - HKLM\..\Run: [BM7bbde090] Rundll32.exe C:\WINDOWS\system32\damlisbs.dll,s
Zum Vergrößern anklicken....
 
  • #5
Hallo PCDpan_fee und schrauber!

Könnt ihr mir helfen mein System sauber zu bekommen?

Vielen Dank im voraus

Snake
 
  • #7
hi schrauber!

zuerst die uninstall_list.txt:

Acoustica MP3 To Wave Converter PLUS
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0 - Deutsch
Adobe Shockwave Player
AGEIA PhysX v7.09.13
Avira AntiVir Personal - Free Antivirus
BearShare
Bink and Smacker
BitSpirit v3.1.0.077 Stable Release
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss REBEL 300D WIA-Treiber
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Creative-Audiokonsole
Crysis(R)
DFÜ-Speed
Hellgate: London
HijackThis 2.0.2
InterVideo WinDVD 4
IsoBuster 2.2
Java(TM) SE Runtime Environment 6 Update 1
KhalSetup
king.com (remove only)
Logitech Gaming Software
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
PC Connectivity Solution
Pop-Up Stopper Free Edition
PunkBuster Services
RealPlayer
Rhapsody Player Engine
Spyware Doctor 6.0
TuneUp Utilities 2006
UltraStar Deluxe
Virtua Tennis 3
Win2day Poker
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
WinRAR Archivierer
Xbox 360 Controller for Windows
 
  • #8
und nun die silent runners:

Silent Runners.vbs, revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by {++}


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe [MS]
PopUpStopperFreeEdition = E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [Panicware, Inc.]
TuneUp MemOptimizer = E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe autostart [TuneUp Software GmbH]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
ZboardTray = E:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe /autolaunch [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SBDrvDet = C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r [Creative Technology Ltd]
Logitech Hardware Abstraction Layer = C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE [Logitech Inc.]
CTHelper = CTHELPER.EXE [Creative Technology Ltd]
CTxfiHlp = CTXFIHLP.EXE [Creative Technology Ltd]
(Default) = (empty string) [file not found]
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE [Logitech Inc.]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [MS]
nwiz = nwiz.exe /install [NVIDIA Corporation]
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [MS]
avgnt = E:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min [Avira GmbH]
ISTray = E:\Programme\Spyware Doctor\pctsTray.exe [PC Tools]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = SSVHelper Class
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42071714-76d4-11d1-8b24-00a0c9068ff3} = CPL-Erweiterung für Anzeigeverschiebung
-> {HKLM...CLSID} = CPL-Erweiterung für Anzeigeverschiebung
\InProcServer32\(Default) = deskpan.dll [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Erweiterung für HyperTerminal-Icons
-> {HKLM...CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\System32\hticons.dll [Hilgraeve, Inc.]
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = TuneUp Shredder Shell Context Menu Extension
-> {HKLM...CLSID} = TuneUp Shredder Shell Context Menu Extension
\InProcServer32\(Default) = E:\Programme\TuneUp Utilities 2006\sdshelex.dll [TuneUp Software GmbH]
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser
-> {HKLM...CLSID} = Nokia Phone Browser
\InProcServer32\(Default) = E:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia]
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension
-> {HKLM...CLSID} = KbLogiExt Class
\InProcServer32\(Default) = E:\Programme\Logitech\SetPoint\kbcplext.dll [Logitech Inc.]
{B9B9F083-2B04-452A-8691-83694AC1037B} = Logitech Setpoint Extension
-> {HKLM...CLSID} = LogiExt Class
\InProcServer32\(Default) = E:\Programme\Logitech\SetPoint\mcplext.dll [Logitech Inc.]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = E:\Programme\WinRAR\rarext.dll [null data]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM...CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.]
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
-> {HKLM...CLSID} = NVIDIA CPL Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer
-> {HKLM...CLSID} = Desktop Explorer
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu
-> {HKLM...CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = E:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM...CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> Authentication Packages = msv1_0|C:\WINDOWS\system32\urqQjhFU

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = C:\WINDOWS\System32\dimsntfy.dll [MS]
<<!>> geBtRLDV\DLLName = geBtRLDV.dll [file not found]
<<!>> Zboard\DLLName = Winlognotif.dll [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
M2WShlExMenu\(Default) = {DC6FA7E0-6666-11D5-8CE2-444553540000}
-> {HKLM...CLSID} = MP3ToWave Shell Extension
\InProcServer32\(Default) = E:\Programme\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [Acoustica]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = E:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = E:\Programme\WinRAR\rarext.dll [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = E:\Programme\WinRAR\rarext.dll [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MP3ToWave\(Default) = {DC6FA7E0-6666-11D5-8CE2-444553540000}
-> {HKLM...CLSID} = MP3ToWave Shell Extension
\InProcServer32\(Default) = E:\Programme\Acoustica MP3 To Wave Converter PLUS\M2WShlEx.dll [Acoustica]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = E:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = E:\Programme\WinRAR\rarext.dll [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoWelcomeScreen = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoWelcomeScreen = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

undockwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Dokumente und Einstellungen\Bloodsnake\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonZB4PicturesOnArrival\
Provider = ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Programme\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY %1 [empty string]

IviDVDEventHandler\
Provider = InterVideo WinDVD
InvokeProgID = DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\DVD\shell\play\command\(Default) = E:\Programme\InterVideo\WinDVD4\WinDVD.exe [InterVideo Inc.]

IviVideoCDHandler\
Provider = InterVideo WinDVD
InvokeProgID = Ivi.MediaFile
InvokeVerb = play
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = E:\Programme\InterVideo\WinDVD4\WinDVD.exe %1 [InterVideo Inc.]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

NMMPlayCDAudioOnArrival\
Provider = Nokia Music Manager
InvokeProgID = NokiaMusicManager
InvokeVerb = NMMPlayCD
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = E:\Programme\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD %L [Nokia]

NMMRipCDAudioOnArrival\
Provider = Nokia Music Manager
InvokeProgID = NokiaMusicManager
InvokeVerb = NMMRipCD
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = E:\Programme\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD %L [Nokia]

RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /burn %1 [RealNetworks, Inc.]

RPDeviceOnArrival\
Provider = RealPlayer
ProgID = RealPlayer.HWEventHandler
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2}
-> {HKLM...CLSID} = RealNetworks Scheduler
\LocalServer32\(Default) = C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -autoplay [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /play %1 [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /dvd %1 [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /autoplay %1 [RealNetworks, Inc.]


Startup items in Bloodsnake & All Users startup folders:
------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint -> shortcut to: E:\Programme\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]


Enabled Scheduled Tasks:
------------------------

1-Klick-Wartung -> launches: E:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart [TuneUp Software GmbH]
RegistrySmart Scheduled Scan -> launches: C:\Programme\RegistrySmart\RegistrySmart.exe scheduled [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
MenuText = Sun Java Konsole
CLSIDExtension = {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
-> {HKCU...CLSID} = Java Plug-in 1.6.0_01
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]
-> {HKLM...CLSID} = Java Plug-in 1.6.0_01
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Microsystems, Inc.]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Programme\Messenger\msmsgs.exe [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to Reset Web Settings)

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: MS_START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 2 lines

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> TuneUp = file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css [file not found]
<<H>> InPrivate = res://ieframe.dll/inprivate.htm [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH]
Avira AntiVir Personal - Free Antivirus Planer, AntiVirScheduler, E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH]
NVIDIA Display Driver Service, NVSvc, C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
PC Tools Auxiliary Service, sdAuxService, E:\Programme\Spyware Doctor\pctsAuxs.exe [PC Tools]
PC Tools Security Service, sdCoreService, E:\Programme\Spyware Doctor\pctsSvc.exe [PC Tools]
PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup {C:\WINDOWS\System32\WUDFSvc.dll [MS]}


---------- (launch time: 2008-09-18 18:49:32)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 60 seconds.
 
  • #9
  • #10
ich beneide dich, schrauber (ehrlich), du strahst so eine herrliche innere ruhe aus, die sogar durch diese zwei langen drähte (für dsl) zu spüren ist.....

schönes wochenende.
 
  • #12
hast du die funde löschen lassen bei antimalware? steht da nämlich nicht ???

wenn ja, guddi :), wenn nein, prog updaten, scannen, funde entfernen lassen.

BTW::

das tool würd ich auf der platte behalten, ist besser als dieser spybot und adaware-müll.


nun bitte aus obiger anleitung das tool combofix anwenden.

les dir die anleitung genau durch, bei fragen vorher fragen, log hier in den thread posten

hau rein :1[br][br]Erstellt am: 20.09.08 um 10:57:08
[br]@W.E

du strahst so eine herrliche innere ruhe aus, die sogar durch diese zwei langen drähte (für dsl) zu spüren ist.....
Zum Vergrößern anklicken....

ich rauch zuviel von dem grünen zeug ;)
 
  • #13
  • #14
Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm neu herunter und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen. Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
  • Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
Code: 
File::
C:\WINDOWS\[u]0[/u]05292_.tmp
C:\WINDOWS\system32\uvdqyfaq.dll
C:\WINDOWS\system32\jkrwdrwa.ini
C:\WINDOWS\system32\tgxvmkik.ini
C:\WINDOWS\system32\nfrgjgin.ini
C:\WINDOWS\system32\tqoikgll.ini
C:\WINDOWS\system32\hgjgypct.ini
C:\WINDOWS\system32\UFhjQqru.ini2
C:\WINDOWS\system32\UFhjQqru.ini
C:\Programme\DaemonTools_WhenUSave_Installer
Folder::
C:\VundoFix Backups
  • Speichere dies als CFScript.txt auf Deinem Desktop

    CFScriptB.gif

  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


und diesmal das log hier posten, nicht hochladen !
 
  • #15
wie jetzt, du rauchst jasmin-tee? ;) :D
 
  • #16
jepp, so titulier ich das in der öffentlichkeit auch ;) :coolsmiley:
 
Thema:

diverse sites werden nicht angezeigt

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums

Themen
113.838
Beiträge
707.961
Mitglieder
51.491
Neuestes Mitglied
haraldmuc
Oben