IE Problem-hängt ständig

#1 Hi an Alle.
Seit paar Tagen habe ich folgendes problem mit IE und zwar:Gehe ich mit dem IE ins Netz reagiert der IE nach 10 Sek. gar nicht mehr und lässt sich nicht ausschalten(keine Rückmeldung)manchmal startet sogar mit der Meldung.
Comp. habe ich auf Viren überprüft mit Spybot und Antyvir.Alle andere programe funktionieren einwandfrei.
Woran könnte das liegen?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:34, on 01.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eltern\Desktop\Neuer Ordner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teltarif.de/arch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.33/g_bin/pl/solitaire_2_0_0_28.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6662 bytes

#2 Hallo jominek

1.
lade den browser Firefox
http://www.virus-protect.org/firefox.html

2.
arbeite combofix ab - und post hier das log
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 Hallo Pinguin
Hier ist das log,danke für schnelle Antwort.

ComboFix 07-12-31.4 - Eltern 2008-01-01 17:39:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1356 [GMT 1:00]
ausgeführt von:: C:\Users\Eltern\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-01 bis 2008-01-01 ))))))))))))))))))))))))))))))
.

2008-01-01 17:37 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2007-12-29 15:54 . 2008-01-01 12:10 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\skypePM
2007-12-29 15:54 . 2007-12-29 15:54 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-29 15:54 . 2007-12-29 15:54 32 --a------ C:\ProgramData\ezsid.dat
2007-12-29 15:51 . 2008-01-01 12:11 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\Skype
2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Users\All Users\Skype
2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\ProgramData\Skype
2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Program Files\Skype
2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-26 12:46 . 2007-12-26 12:46 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\toshiba
2007-12-25 15:44 . 2007-12-25 15:45 <DIR> d-------- C:\Program Files\Neostrada TP
2007-12-25 15:44 . 2007-12-25 15:45 21 --a------ C:\Windows\kit.ini
2007-12-21 17:33 . 2007-12-26 12:32 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\ICQ
2007-12-21 17:27 . 2007-12-21 17:27 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\ICQ Toolbar
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\Template
2007-12-21 16:38 . 2007-12-21 16:38 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\Macromedia
2007-12-21 16:38 . 2007-12-21 16:38 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\Adobe
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\ATI
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Videos
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Searches
2007-12-21 16:31 . 2007-12-21 16:34 <DIR> dr------- C:\Users\$$Camill$$\Saved Games
2007-12-21 16:31 . 2007-12-21 16:44 <DIR> dr------- C:\Users\$$Camill$$\Pictures
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Music
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Links
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Favorites
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Downloads
2007-12-21 16:31 . 2007-12-21 17:27 <DIR> dr------- C:\Users\$$Camill$$\Documents
2007-12-21 16:31 . 2007-12-31 15:58 <DIR> dr------- C:\Users\$$Camill$$\Desktop
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> dr------- C:\Users\$$Camill$$\Contacts
2007-12-21 16:31 . 2007-12-26 12:36 <DIR> d---s---- C:\Users\$$Camill$$\AppData\Roaming\Microsoft
2007-12-21 16:31 . 2006-11-02 13:37 <DIR> d-------- C:\Users\$$Camill$$\AppData\Roaming\Media Center Programs
2007-12-21 16:31 . 2007-12-21 16:31 <DIR> d--h----- C:\Users\$$Camill$$\AppData
2007-12-21 16:31 . 2008-01-01 17:38 786,432 --ahs---- C:\Users\$$Camill$$\NTUSER.DAT
2007-12-17 10:00 . 2007-12-17 10:00 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-17 09:56 . 2007-12-17 10:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-17 08:55 . 2007-12-17 08:55 3,120 --------- C:\Windows\.lfa
2007-12-17 08:40 . 2007-12-17 08:40 3,120 --a------ C:\Windows\MF_C426.lfa
2007-12-13 12:05 . 2007-12-13 12:05 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\ArcSoft
2007-12-13 12:04 . 2007-12-13 12:04 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-12-13 12:04 . 2005-02-23 14:58 11,776 --a------ C:\Windows\System32\drivers\afc.sys
2007-12-13 12:03 . 2007-12-13 12:03 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-13 12:03 . 2004-12-07 10:11 258,352 --a------ C:\Windows\System32\unicows.dll
2007-12-13 12:03 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2007-12-13 12:02 . 2005-10-26 12:05 192,512 --a------ C:\Windows\System32\GTVendor.dll
2007-12-13 12:02 . 2006-08-24 18:42 184,396 --a------ C:\Windows\System32\TMController.exe
2007-12-13 12:02 . 2006-08-24 17:11 139,264 --a------ C:\Windows\System32\RmCard.dll
2007-12-13 12:02 . 2006-07-07 16:43 6,301 --a------ C:\Windows\System32\TMController.xml
2007-12-13 12:01 . 2006-09-28 15:03 245 --a------ C:\Windows\System32\AF15IRTBL.bin
2007-12-13 12:00 . 2007-12-13 12:00 283,776 --a------ C:\Windows\System32\drivers\AF15BDA.sys
2007-12-13 11:15 . 2007-12-13 12:00 28,672 --a------ C:\Windows\System32\AF15BDAEX.dll
2007-12-12 18:49 . 2007-12-12 18:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 18:48 . 2007-12-12 18:48 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 18:48 . 2007-12-12 18:48 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 18:48 . 2007-12-12 18:48 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 18:46 . 2007-12-12 18:46 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-12 18:46 . 2007-12-12 18:46 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-12 18:46 . 2007-12-12 18:46 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-12 18:46 . 2007-12-12 18:46 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-12 18:45 . 2007-12-12 18:45 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 18:44 . 2007-12-12 18:45 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 18:44 . 2007-12-12 18:44 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-10 19:35 . 2007-12-27 19:56 766 --a------ C:\Windows\CoD.INI
2007-12-09 16:01 . 2007-12-09 16:01 <DIR> d-------- C:\Users\All Users\InterVideo
2007-12-09 16:01 . 2007-12-09 16:01 <DIR> d-------- C:\ProgramData\InterVideo
2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\Ulead Systems
2007-12-09 15:49 . 1998-06-17 18:07 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2007-12-09 15:39 . 2004-03-29 04:06 90,464 --a------ C:\Windows\System32\drivers\MarvinBus.sys
2007-12-09 15:30 . 2003-03-15 23:15 90,112 --a------ C:\Windows\unvise32.exe
2007-12-09 15:26 . 2007-12-09 15:26 63 --a------ C:\Windows\PixieTool.INI
2007-12-09 15:24 . 2007-12-09 15:24 <DIR> d-------- C:\Users\All Users\Pinnacle
2007-12-09 15:24 . 2007-12-09 15:24 <DIR> d-------- C:\ProgramData\Pinnacle
2007-12-09 15:24 . 2007-12-15 07:34 <DIR> d-------- C:\Program Files\Pinnacle
2007-12-09 09:53 . 2007-12-09 09:53 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-12-09 09:53 . 2007-12-09 09:53 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-12-09 09:53 . 2007-12-09 09:53 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-12-08 14:28 . 2007-12-08 14:28 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\ICQ Toolbar
2007-12-08 14:26 . 2007-12-08 14:26 <DIR> d-------- C:\Program Files\Magentic
2007-12-08 14:26 . 2007-10-09 13:42 745,547 --a------ C:\Windows\System32\Magentic Screensaver.scr
2007-12-08 11:15 . 2007-12-08 11:15 <DIR> d-------- C:\Users\All Users\Avira
2007-12-08 11:15 . 2007-12-08 11:15 <DIR> d-------- C:\ProgramData\Avira
2007-12-08 11:15 . 2007-12-08 11:15 <DIR> d-------- C:\Program Files\Avira
2007-12-08 11:12 . 2007-12-08 11:12 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\AdobeUM
2007-12-08 02:00 . 2007-12-08 02:00 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\Template
2007-12-08 01:54 . 2007-12-08 01:58 <DIR> d-------- C:\Program Files\Metin2_Germany
2007-12-08 01:51 . 2007-12-08 01:55 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-08 01:50 . 2007-12-31 17:10 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-08 01:49 . 2007-12-19 14:02 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\ICQ
2007-12-08 01:49 . 2007-12-18 11:23 <DIR> d-------- C:\Program Files\ICQ6
2007-12-08 01:48 . 2007-12-08 01:48 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\InstallShield
2007-12-08 01:15 . 2007-12-08 01:15 <DIR> d-------- C:\Users\Eltern\AppData\Roaming\Talkback
2007-12-08 01:15 . 2007-12-08 01:15 <DIR> d-------- C:\Users\All Users\Google
2007-12-08 01:14 . 2007-12-08 01:14 <DIR> d-------- C:\Users\All Users\Mozilla
2007-12-08 01:14 . 2007-12-08 01:37 <DIR> d-------- C:\Program Files\Google
2007-12-08 00:34 . 2007-12-08 00:34 3,120 --a------ C:\Windows\MF_C432.lfa
2007-12-08 00:18 . 2007-12-08 00:18 3,120 --a------ C:\Windows\MF_C425.lfa
2007-12-08 00:18 . 2007-12-08 00:18 3,120 --a------ C:\Windows\MF_C421.lfa
2007-12-08 00:18 . 2007-12-08 00:18 3,120 --a------ C:\Windows\MF_C420.lfa
2007-12-08 00:17 . 2007-12-17 08:25 <DIR> d-------- C:\Program Files\IncrediMail
2007-12-08 00:15 . 2007-12-08 00:16 <DIR> d-------- C:\Program Files\Winamp
2007-12-08 00:13 . 2007-12-08 00:13 <DIR> d-------- C:\Program Files\Screamer Radio

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:38 786,432 --sha-w C:\Users\$$Camill$$\NTUSER.DAT
2007-12-26 11:46 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\toshiba
2007-12-26 11:36 --------- d-s---w C:\Users\$$Camill$$\AppData\Roaming\Microsoft
2007-12-26 11:32 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\ICQ
2007-12-21 16:27 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\ICQ Toolbar
2007-12-21 16:01 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\Template
2007-12-21 15:38 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\Macromedia
2007-12-21 15:38 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\Adobe
2007-12-21 15:32 --------- d-----w C:\Users\$$Camill$$\AppData\Roaming\ATI
2007-12-17 10:44 --------- d-----w C:\ProgramData\Symantec
2007-12-17 10:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-17 10:40 --------- d-----w C:\Program Files\Symantec
2007-12-15 06:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 17:47 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 17:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 17:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-09 09:07 --------- d-----w C:\Program Files\Windows Mail
2007-12-07 23:44 174 --sha-w C:\Program Files\desktop.ini
2007-12-07 23:37 --------- d-----w C:\Program Files\Windows Calendar
2007-12-07 23:07 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-07 23:07 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-07 23:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-07 23:07 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-07 23:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-07 23:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-07 23:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-07 23:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-07 23:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-07 23:07 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-07 23:07 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-07 23:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-07 23:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-07 23:07 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-07 23:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-07 23:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-07 23:07 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-07 23:07 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-07 23:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-07 23:06 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-07 23:06 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-07 23:06 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-07 23:06 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-07 23:06 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-12-07 23:06 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-07 23:06 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-07 23:06 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-07 23:06 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-07 23:06 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-07 23:06 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-07 23:06 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-07 22:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-07 22:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-07 22:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-07 22:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-07 22:51 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-07 22:51 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-07 22:51 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-07 22:51 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-07 22:51 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-07 22:51 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-07 22:51 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-07 22:51 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-07 22:51 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-07 22:51 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-07 22:51 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-07 22:51 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-07 22:51 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-07 22:51 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-07 22:51 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-07 22:07 --------- d-----w C:\Program Files\Intel
2007-12-07 21:56 --------- d-sh--w C:\ProgramData\Vorlagen
2007-12-07 21:56 --------- d-sh--w C:\ProgramData\Startmenü
2007-12-07 21:56 --------- d-sh--w C:\ProgramData\Favoriten
2007-12-07 21:56 --------- d-sh--w C:\ProgramData\Dokumente
2007-12-07 21:56 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2007-12-07 21:56 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2007-12-07 20:50 --------- d-----w C:\Program Files\TOSHIBA
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 09:29 413696]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-12-17 08:51 214456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-08 11:18 249896]

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 10:36]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 21:09]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\DRIVERS\AF15BDA.sys [2007-12-13 12:00]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]
S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80db5a26-a503-11dc-8e5e-806e6f6e6963}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2007-12-31 17:15:23 C:\Windows\Tasks\User_Feed_Synchronization-{EDE362CD-AD69-4BA4-91ED-E1A3B532AA1F}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 17:44:47
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-01 17:47:23
.
2007-12-29 08:31:54 --- E O F ---

#4 Hallo,

wende sdfix im angesicherten Modus an - und poste hier das log
http://www.virus-protect.org/artikel/tools/sdfix.html

Frage: seit wann nutzt du IncrediMail ?
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 sorry aber ich kann RunThis.bat im abgesicherten Modus nicht starten,es passiert nix-es kommt ein blaues Fenster und verschwindet wieder(ich bin sicher ,ich habe alles richtig gemacht.

Incredimail benutze ich schon seit langem,vor 2 Wochen habe ich neue Version instaliert.
jominek

#6 Hallo,
ich finde nichts, was den IE beeintraechtigen koennte - deshalb versuche es mal mit einer Systemwiederherstellung
http://www.netzwerktotal.de/vistawiederherstellungspunkt.htm

Frage: passiert das Gleiche beim Firefox ?
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 ich versuche mit einer Systemwiederherstellung.
Firefox arbeitet einwandfrei.
Gruss Jominek

#8 Hallo,
berichte dann, ob es was gebracht hat .
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#9 hab`mit systemwiederherstellung versucht und IE funktioniert wieder OK. Danke für Hilfe.)
Jominek