Internet-Browser wird plötzlich geschlossen |
||
---|---|---|
#0
| ||
22.01.2008, 19:42
Member
Beiträge: 20 |
||
|
||
22.01.2008, 20:38
Moderator
Beiträge: 7805 |
#2
Poste bitte die fehlenden Reporte aus deisem Thread: http://board.protecus.de/t23187.htm
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
10.02.2008, 12:11
Member
Themenstarter Beiträge: 20 |
#3
@RAMAN:
OK - Danke für den Hinweis... hier die entsprechenden Logfiles/Reports: COMBOFIX: ComboFix 08-02.05.3 - Boris 2008-02-10 11:52:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.214 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\Boris\Desktop\ComboFix.exe [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-01-10 bis 2008-02-10 )))))))))))))))))))))))))))))) . 2008-02-10 11:52 . 2008-02-10 11:56 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE 2008-02-10 09:00 . 2004-08-04 08:57 401,408 --a------ C:\kmd.exe 2008-02-04 00:20 . 2008-02-08 00:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-04 00:20 . 2008-02-04 00:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-27 01:30 . 2008-01-27 01:36 <DIR> d-------- C:\Programme\GameSpy Arcade 2008-01-27 01:29 . 2008-01-27 01:29 <DIR> d-------- C:\GameSpy Arcade Setup 2008-01-21 23:41 . 2008-01-21 23:41 <DIR> d-------- C:\Programme\Winamp Toolbar 2008-01-21 23:41 . 2008-01-21 23:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar 2008-01-19 01:53 . 2008-01-19 01:53 <DIR> d-------- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Grisoft 2008-01-19 01:53 . 2008-01-19 01:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft 2008-01-19 01:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-17 23:25 . 2008-01-17 23:25 <DIR> d-------- C:\WINDOWS\system32\bak . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 10:34 --------- d-----w C:\Programme\Burn4Free 2008-02-10 09:59 --------- d-----w C:\Programme\Spiele 2008-02-10 09:44 --------- d-----w C:\Programme\QuickTime 2008-02-10 09:00 --------- d-----w C:\Programme\IrfanView 2008-02-08 22:44 --------- d-----w C:\Programme\iTunes 2008-02-07 19:44 --------- d-----w C:\Programme\FreePDF_XP 2008-02-07 19:44 --------- d-----w C:\Programme\0900 Alarm 2008-01-21 22:42 --------- d-----w C:\Programme\Winamp 2008-01-18 15:34 --------- d-----w C:\Programme\TVAnts 2008-01-17 19:01 --------- d-----w C:\Programme\Plaxo 2007-12-30 22:53 --------- d-----w C:\Programme\HJSplit 2007-12-28 00:23 232,033 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3265.exe 2007-12-28 00:23 --------- d-----w C:\Programme\Burn4Free Toolbar 2007-05-09 17:02 87,608 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\ezpinst.exe 2007-05-09 17:02 47,360 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\pcouffin.sys 2005-12-11 21:46 5,528,528 ----a-w C:\Programme\winamp512_full_emusic-7plus.exe 2004-03-15 10:11 868 ---ha-w C:\Programme\hpothb07.dat 2004-03-15 10:11 169 ---ha-w C:\Dokumente und Einstellungen\All Users\hpothb07.dat 2004-03-15 10:11 161 ---ha-w C:\Dokumente und Einstellungen\Boris\hpothb07.dat 2004-03-15 10:11 1,507 ---ha-w C:\Programme\hpothb07.tif 2004-01-09 23:40 9,745,592 ----a-w C:\Programme\RealOnePlayerV2GOLD_de.exe 2003-12-13 22:15 168 ----a-w C:\Programme\_DEISREG.ISR 2003-12-13 22:15 1,862 ----a-w C:\Programme\DeIsL1.isu 1999-12-02 12:54 91,648 ------w C:\Programme\xcacls.exe 1998-04-20 19:14 1,182,208 ----a-w C:\Programme\Digibib.exe 1998-04-19 21:59 48,655 ----a-w C:\Programme\babylon.ini 1997-04-23 02:16 40,960 ----a-w C:\Programme\_ISREG32.DLL 2004-05-22 19:39 157 --sha-w C:\WINDOWS\it.bat 2007-04-02 21:57 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 61,440 2003-02-11 11:02:48 C:\hp\KBD\bak\KBD.EXE ----a-w 245,248 2003-09-09 10:28:13 C:\Programme\0900 Alarm\bak\0900Alarm.exe ----a-r 313,472 2006-03-30 14:45:08 C:\Programme\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe ----a-w 88,064 2005-04-15 08:26:42 C:\Programme\Agnitum\Outpost Firewall 1.0\bak\outpost.exe ----a-w 249,896 2007-10-11 21:48:36 C:\Programme\AntiVir PersonalEdition Classic\bak\avgnt.exe ----a-w 249,896 2008-01-18 22:36:42 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe ----a-w 598,528 2002-08-02 16:02:14 C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\bak\UIWatcher.exe ----a-w 310,272 2005-05-27 09:24:52 C:\Programme\FreePDF_XP\bak\fpassist.exe ----a-w 180,269 2005-11-18 22:08:02 C:\Programme\Gemeinsame Dateien\Real\Update_OB\bak\realsched.exe ----a-w 155,648 2003-02-12 23:01:00 C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\bak\sgtray.exe ----a-w 278,528 2006-02-23 13:45:20 C:\Programme\iTunes\bak\iTunesHelper.exe ----a-w 477,696 2004-09-23 12:19:52 C:\Programme\MSI\Live Update 3\bak\LMonitor.exe ----a-w 155,648 2006-05-09 07:08:48 C:\Programme\QuickTime\bak\qttask.exe ----a-w 590,336 2002-11-14 15:23:10 C:\Programme\SICHERHEIT\Trojancheck 6\bak\tcguard.exe ----a-w 81,920 2005-01-24 18:58:02 C:\Programme\Sony\SonicStage\bak\SsAAD.exe ----a-w 35,328 2007-05-14 22:22:22 C:\Programme\Winamp\bak\winampa.exe ----a-w 37,376 2008-01-15 22:54:54 C:\Programme\Winamp\winampa.exe ----a-w 116,736 2004-12-03 13:20:30 C:\WINDOWS\Plaxo\2.1.0.80\bak\InstallStub.exe ----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\ctfmon.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 17:49 1185120 --a------ C:\Programme\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {981FE6A8-260C-4930-960F-C3BC82746CB0} {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UIWatcher"="C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe" [ ] "0900 Alarm"="C:\Programme\0900 Alarm\0900Alarm.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57 15360] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [ ] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472] "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "StorageGuard"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [ ] "Trojancheck 6 Guard"="C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe" [ ] "SoundMan"="SOUNDMAN.EXE" [2003-01-20 10:48 47104 C:\WINDOWS\SOUNDMAN.EXE] "LiveMonitor"="C:\Programme\MSI\Live Update 3\LMonitor.exe" [ ] "Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [ ] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [ ] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [ ] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [ ] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-18 23:36 249896] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [ ] "!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-15 23:54 37376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] hp psc 2000 Series.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646] hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 11 (0xb) R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22] R1 ewido security suite driver;ewido security suite driver;C:\Programme\ewido\security suite\guard.sys [2004-11-22 15:15] R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2005-04-15 09:26] R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-05-15 14:04] R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-05-15 14:04] R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10] S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2005-04-15 09:26] S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2005-04-15 09:26] S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2005-04-15 09:26] S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2005-04-15 09:26] S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2005-04-15 09:26] S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2005-04-15 09:26] S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2005-04-15 09:26] S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2005-04-15 09:26] S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2005-04-15 09:26] S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2005-04-15 09:26] S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2005-04-15 09:26] . Inhalt des "geplante Tasks" Ordners "2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe "2004-06-24 08:19:36 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1071339507.job" - C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2004-06-05 17:57:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1077732969.job" - C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-02-10 00:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1088034557.job" - C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-02-10 10:15:38 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 11:57:01 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-02-10 12:01:30 ComboFix-quarantined-files.txt 2008-02-10 11:01:25 ComboFix2.txt 2008-02-10 08:11:30 ComboFix3.txt 2008-01-27 11:39:25 . 2008-01-11 01:26:45 --- E O F --- **************************************************** **************************************************** **************************************************** **************************************************** HIJACKTHIS-LOGFILE Logfile of HijackThis v1.99.1 Scan saved at 12:02, on 2008-02-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\0900 Alarm\bak\0900Alarm.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\explorer.exe C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\bak\0900Alarm.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125672066500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125672051046 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4571/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe **************************************************** **************************************************** **************************************************** **************************************************** DATFIND.BAT LOGFILE Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS\system32 2008-02-10 10:49 1,374 wpa.dbl 2008-01-02 19:21 17,642,616 MRT.exe 2007-12-12 20:14 387,188 TZLog.log 2007-11-13 12:31 60,416 tzchange.exe 2007-11-07 10:27 729,600 lsasrv.dll 2199 Datei(en) 463,832,601 Bytes 0 Verzeichnis(se), 9,848,320,000 Bytes frei . . . Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\DOKUME~1\Boris\LOKALE~1\Temp 2008-02-10 12:03 107,580 datfind.txt 1 Datei(en) 107,580 Bytes 0 Verzeichnis(se), 9,848,340,480 Bytes frei . . . Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS 2008-02-10 11:56 227 system.ini 2008-02-10 11:56 53,248 PSEXESVC.EXE 2008-02-10 10:48 0 0.log 2008-02-10 10:48 4,210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 2008-02-10 10:48 1,346,429 WindowsUpdate.log 2008-02-10 10:48 159 wiadebug.log 2008-02-10 10:48 50 wiaservc.log 2008-02-10 10:46 2,048 bootstat.dat 2008-02-10 10:46 32,482 SchedLgU.Txt 2008-02-10 00:51 826,355 setupapi.log 2008-02-08 00:53 54,156 QTFont.qfn 2008-02-04 00:20 1,409 QTFont.for 2008-01-17 20:02 525 ODBC.INI 2008-01-17 20:02 49 transp.gif 2008-01-16 19:54 449,397 wmsetup.log 2008-01-16 19:44 162,361 CDPLAYER.INI 2008-01-11 02:25 193,917 iis6.log 2008-01-11 02:25 410,668 comsetup.log 2008-01-11 02:25 1,374 imsins.log 2008-01-11 02:25 56,714 ocmsn.log 2008-01-11 02:25 245,704 ntdtcsetup.log 2008-01-11 02:25 494,662 tsoc.log 2008-01-11 02:25 11,229 KB941644.log 2008-01-11 02:25 638,946 ocgen.log 2008-01-11 02:25 62,626 msgsocm.log 2008-01-11 02:25 1,299,618 FaxSetup.log 2008-01-11 02:25 1,374 imsins.BAK 2008-01-11 02:25 11,445 KB943485.log 2007-12-28 01:23 232,033 Burn4Free_Toolbar_Uninstaller_3265.exe 2007-12-12 20:15 28,691 KB942763.log 2007-12-12 20:14 15,734 KB941569.log 2007-12-12 20:14 22,560 KB942615-IE7.log 2007-12-12 20:14 96,815 updspapi.log 2007-12-12 20:13 10,578 KB941568.log 2007-12-12 20:13 11,261 KB944653.log 2007-11-15 02:08 7,747 KB943460.log 353 Datei(en) 39,042,526 Bytes 0 Verzeichnis(se), 9,848,303,616 Bytes frei . . . Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS\temp . . . Datenträger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS\Downloaded Program Files 2008-02-06 01:00 224 zdone.dat 2008-02-06 01:00 1,957 tinfl.dat 2008-02-06 01:00 128,368 naveng32.dll 2008-02-06 01:00 943,472 navex32a.dll 2008-02-06 01:00 69,307 tscan1.dat 2008-02-06 01:00 3,678 tscan1hd.dat 2008-02-06 01:00 4,778 v.grd 2008-02-06 01:00 2,267 v.sig 2008-02-06 01:00 97,776 scrauth.dat 2008-02-06 01:00 32 virscant.dat 2008-02-06 01:00 453 tinf.dat 2008-02-06 01:00 2,504 catalog.dat 2008-02-06 01:00 5,616,216 virscan9.dat 2008-02-06 01:00 1,937,195 virscan8.dat 2008-02-06 01:00 22,250,096 virscan7.dat 2008-02-06 01:00 392,918 virscan6.dat 2008-02-06 01:00 6,062,071 virscan5.dat 2008-02-06 01:00 320,253 virscan4.dat 2008-02-06 01:00 151,328 virscan3.dat 2008-02-06 01:00 571,098 virscan2.dat 2008-02-06 01:00 998,934 virscan1.dat 2008-02-06 01:00 106,244 virscan.inf 2008-02-06 01:00 11,816 symaveng.cat 2008-02-06 01:00 1,061 symaveng.inf 2008-02-06 01:00 403,505 tcdefs.dat 2008-02-06 01:00 2,840,968 tcscan7.dat 2008-02-06 01:00 441,991 tcscan8.dat 2008-02-06 01:00 6,899 ecbootil.vxd 2008-02-06 01:00 1,028,956 tcscan9.dat 2008-02-06 01:00 284,016 ecmsvr32.dll 2008-02-06 01:00 148 tinfidx.dat 2008-01-15 22:12 296,336 rufsi.dll 2008-01-15 22:12 255,336 avsniffdlgs.dll 2008-01-15 22:12 312,680 avsniff.dll 2008-01-15 22:04 241 CabSA.inf 2008-01-15 22:04 773 avsniff.inf 2008-01-15 22:02 6,850 navapi.vxd 2008-01-15 22:02 201,896 navapi32.dll 2008-01-15 22:02 42,112 ecmldr32.dll 2008-01-04 09:51 144 swdir.inf 138 Datei(en) 63,173,353 Bytes 0 Verzeichnis(se), 9,848,311,808 Bytes frei |
|
|
||
10.02.2008, 13:08
Ehrenmitglied
Beiträge: 1441 |
#4
boris77
HijackThis Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked + starte den Rechner neu. Zitat O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll«« Download und auf dem Desktop entzippen: http://virus-protect.org/zip/IEreg.zip entzippen Klicke: iereg.bat PC neustarten und prüfen, ob der IE korrekt funktioniert »» überprüfe, ob es identische Probleme mit dem Firefox-Browser gibt http://virus-protect.org/firefox.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
10.02.2008, 23:33
Member
Themenstarter Beiträge: 20 |
#5
@Pinguin
OK - mach ich... Zu Firefox: hab keinen FF-Browser und bisher auch noch nie einen verwendet... war mit IE bisher immer zufrieden und hab mir deshalb Firefox nie besorgt. Soll ich Ihn mir jetzt besorgen? |
|
|
||
11.02.2008, 09:46
Ehrenmitglied
Beiträge: 1441 |
#6
Hallo Boris,
als Alternativ-Browser ist der Firefox immer zu empfehlen, in deinem Fall, um festzustellen, ob das Problem nur am IE liegt, oder generell. Ich z.b. surfe mit dem Firefox und mache die Windowsupdates und Viren-Onlinescans mit dem IE, denn nur mit dem funktionieren sie Berichte, wie es läuft.... __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
ich bin mir zwar nicht sicher, ob ich in dieser Sektion des Forums richtig bin, aber ich probiers einfach mal...
Folgendes Problem:
In letzter Zeit passiert es mir öfter mal, dass wenn ich mich ins Internet einlogge (mit IE7-Browser) ich nach wenigen Minuten automatisch rausgeschmisen werde - manchmal 2 - 5 hintereinander. Es passiert plötzlich, ohne eine Vorankündigung.
Ich habe bereits meine beiden Antivirenprogramme (AntiVir + AVG Antispyware 7.5) aktualisiert & damit die Festplatte gecheckt. Auch einige Bösewichte gefunden und gelöscht - aber das mit dem Internet-Rausschmiss geht weiter!
Wäre über Hilfe dankbar.
Hier ein aktueller Hijackthis.log-File
Logfile of HijackThis v1.99.1
Scan saved at 19:25:17, on 22.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Winamp Remote\bin\OrbTray.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Winamp Remote\bin\Orb.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ArcorOnline\AOButler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\0900Alarm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125672066500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125672051046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4571/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5CFD3-FCE5-48BD-90CA-D7C26A44ACE5}: NameServer = 195.50.140.178 195.50.140.114
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe