pc bleibt immer hängen, stürzt teilweise ab.

#1 Hallo zusammen

Vielleicht kann mir jemand von Euch helfen, ich wäre Euch wirklich sehr dankbar. Seit einigen Tagen spinnt mein PC total... Am Morgen muss ich den teilweise bis 5 mal aufstarten - er bleibt immer hängen und es geht absolut nichts mehr. ich muss ihn dann kalt starten.... wieder hochfahren, bis er wieder hängen bleibt...
habe schon x-scan (add-on, etc.. laufen lassen - es nützt nichts... ) wenn ich z.b. spyware terminator laufen lasse, stürzt der pc plötzlich ab und startet wieder.... weiss vielleicht jemand, was ich eingfangen habe?

hier mal mein hijack file.....



Logfile of HijackThis v1.99.1
Scan saved at 12:19:36, on 12.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\vphc600.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programme\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Dantz\Retrospect Express HD\retrorun.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Spyware Terminator\SpywareTerminator.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.practicalwellness.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quick Help.lnk = C:\Programme\Bluewin\Quick Help\bin\matcli.exe
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYCH
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {86EFAE20-7DBF-11D3-ADAA-00600826D81F} (ClusterUpload2 Package) - https://webridge.gategourmet.com/Common/_gg/Mainspan/ClusterUpload/ClusterUpload.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://hpt1up.bluewin.ch/app/static/activex/msxml4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Retrospect Helper (RetroExp Helper) - Dantz Development Corporation - C:\Programme\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Programme\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#2 Poste bitte ein Combofix Report http://virus-protect.org/artikel/tools/combofix.html aber auf anhieb sehe ich nichts. Ist temperaturmaessig alles im gruenen Bereich bei deinem PC?
__________
MfG Ralf
SEO-Spam Hunter

#3 Hallo Ralf
Hier der Report.... Während des Report hat spyware terminator viele trojaner gesehen... habe diese alle blockiert....

ComboFix 07-06-11.3
"yoga" - 2007-06-12 12:36:36 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-12 12:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 11:22 <DIR> d-------- C:\Programme\CCleaner
2007-06-12 10:49 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-06-12 10:12 <DIR> d-------- C:\Programme\Trojancheck 6
2007-06-12 08:57 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spyware Terminator
2007-06-11 18:39 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-11 18:37 <DIR> d-------- C:\Programme\Spyware Terminator
2007-06-11 18:37 <DIR> d-------- C:\Programme\Crawler
2007-06-11 09:57 <DIR> d-------- C:\Programme\Windows Live Safety Center
2007-06-08 07:43 <DIR> d-------- C:\DOKUME~1\yoga\Phone Browser
2007-05-30 06:44 <DIR> d-------- C:\DOKUME~1\yoga\ANWEND~1\vlc
2007-05-30 06:40 <DIR> d-------- C:\Programme\VideoLAN
2007-05-30 06:36 <DIR> d-------- C:\DOKUME~1\yoga\ANWEND~1\Media Player Classic


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 10:41:23 -------- d-----w C:\Programme\Symantec AntiVirus
2007-06-12 09:15:14 -------- d-----w C:\Programme\TuneUp Utilities 2006
2007-06-11 14:06:42 -------- d-----w C:\DOKUME~1\yoga\ANWEND~1\Skype
2007-06-08 05:46:02 -------- d-----w C:\DOKUME~1\yoga\ANWEND~1\PC Suite
2007-05-29 13:32:35 -------- d-----w C:\Programme\PartyGaming.Net
2007-05-22 14:54:19 1,940 ----a-w C:\DOKUME~1\yoga\ANWEND~1\ViewerApp.dat
2007-05-22 13:47:15 -------- d-----w C:\Programme\Yahoo!
2007-05-17 08:01:02 -------- d-----w C:\Programme\Google
2007-05-17 06:21:06 -------- d-----w C:\Programme\Creative
2007-05-16 05:01:30 -------- d-----w C:\Programme\DivX
2007-05-16 05:01:15 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-05-16 04:39:39 -------- d-----w C:\Programme\Ahead
2007-05-16 04:38:55 -------- d-----w C:\Programme\Musicmatch
2007-04-25 08:07:03 -------- d-----w C:\DOKUME~1\yoga\ANWEND~1\Nokia
2007-04-25 08:00:05 -------- d-----w C:\Programme\DIFX
2007-04-25 07:59:43 -------- d-----w C:\Programme\Gemeinsame Dateien\PCSuite
2007-04-25 07:59:40 -------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2007-04-25 07:58:31 -------- d-----w C:\Programme\PC Connectivity Solution
2007-04-25 07:57:42 -------- d-----w C:\Programme\Nokia
2007-04-19 06:14:11 -------- d-----w C:\Programme\Skype
2007-04-19 06:14:11 -------- d-----w C:\Programme\Gemeinsame Dateien\Skype
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-31 06:27:47 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-30 12:48:55 64,598 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-30 12:48:55 394,500 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-20 09:37:46 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}=C:\Programme\Crawler\Toolbar\ctbr.dll [2007-06-08 02:17]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-03-30 13:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTrueImage Monitor"="C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-14 22:51]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2005-11-14 22:51]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-07-12 13:29]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-08-19 17:58]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 10:23]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-11-20 22:16]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:58 C:\WINDOWS\system32\bthprops.cpl]
"@"="" []
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-03-11 11:49]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 C:\WINDOWS\soundman.exe]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]
"Omnipage"="C:\Programme\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"SpywareTerminator"="C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-11 18:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57]
"gStart"="C:\Garmin\gStart.exe" [2007-03-04 23:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
"phc600"=C:\WINDOWS\vphc600.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-01 15:16:27 C:\WINDOWS\tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 12:45:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTrueImage Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-12 12:47:55 - machine was rebooted

--- E O F ---


Gruss
Marcel

#4 Was hat spywareterminator gemeldet?
__________
MfG Ralf
SEO-Spam Hunter

#5 verschiedene trojaner wie z. b.

trojan/directU
trojan/goldun.v03
trojan/goldun-01
trojan/haxdoor.fan

etc. etc...

und wenn ich z. b. auf die homepage.... rtl2.de gehe...

dann bleibt mein pc hängen und ich muss ihn kalt starten... warum weiss ich nicht....

#6 Wau, da waere ich neugierig auf den Report, in welcher Datei das gefunden worden sein sollte. Das sieht mir eher nach fehlalarm aus, bzw das er die Dinge in Combofix meldet, die es braucht um exakt diese gemeldeten Trojaner zu entfernen.

Nachtrag. Du koenntest C:\Programme\Crawler\Toolbar\ctbr.dll mal bei Jotti oder v-t! pruefen lassen.
__________
MfG Ralf
SEO-Spam Hunter