Internet-Browser wird plötzlich geschlossen

#0
22.01.2008, 19:42
Member

Beiträge: 20
#1 Hallo miteinander,

ich bin mir zwar nicht sicher, ob ich in dieser Sektion des Forums richtig bin, aber ich probiers einfach mal...

Folgendes Problem:
In letzter Zeit passiert es mir öfter mal, dass wenn ich mich ins Internet einlogge (mit IE7-Browser) ich nach wenigen Minuten automatisch rausgeschmisen werde - manchmal 2 - 5 hintereinander. Es passiert plötzlich, ohne eine Vorankündigung.

Ich habe bereits meine beiden Antivirenprogramme (AntiVir + AVG Antispyware 7.5) aktualisiert & damit die Festplatte gecheckt. Auch einige Bösewichte gefunden und gelöscht - aber das mit dem Internet-Rausschmiss geht weiter!

Wäre über Hilfe dankbar.


Hier ein aktueller Hijackthis.log-File


Logfile of HijackThis v1.99.1
Scan saved at 19:25:17, on 22.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Winamp Remote\bin\OrbTray.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Winamp Remote\bin\Orb.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ArcorOnline\AOButler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\0900Alarm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125672066500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125672051046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4571/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5CFD3-FCE5-48BD-90CA-D7C26A44ACE5}: NameServer = 195.50.140.178 195.50.140.114
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Seitenanfang Seitenende
22.01.2008, 20:38
Moderator

Beiträge: 7805
#2 Poste bitte die fehlenden Reporte aus deisem Thread: http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
10.02.2008, 12:11
Member

Themenstarter

Beiträge: 20
#3 @RAMAN:

OK - Danke für den Hinweis... hier die entsprechenden Logfiles/Reports:


COMBOFIX:


ComboFix 08-02.05.3 - Boris 2008-02-10 11:52:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.214 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Boris\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-10 bis 2008-02-10 ))))))))))))))))))))))))))))))
.

2008-02-10 11:52 . 2008-02-10 11:56 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-10 09:00 . 2004-08-04 08:57 401,408 --a------ C:\kmd.exe
2008-02-04 00:20 . 2008-02-08 00:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 00:20 . 2008-02-04 00:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 01:30 . 2008-01-27 01:36 <DIR> d-------- C:\Programme\GameSpy Arcade
2008-01-27 01:29 . 2008-01-27 01:29 <DIR> d-------- C:\GameSpy Arcade Setup
2008-01-21 23:41 . 2008-01-21 23:41 <DIR> d-------- C:\Programme\Winamp Toolbar
2008-01-21 23:41 . 2008-01-21 23:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar
2008-01-19 01:53 . 2008-01-19 01:53 <DIR> d-------- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Grisoft
2008-01-19 01:53 . 2008-01-19 01:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-01-19 01:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-17 23:25 . 2008-01-17 23:25 <DIR> d-------- C:\WINDOWS\system32\bak

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 10:34 --------- d-----w C:\Programme\Burn4Free
2008-02-10 09:59 --------- d-----w C:\Programme\Spiele
2008-02-10 09:44 --------- d-----w C:\Programme\QuickTime
2008-02-10 09:00 --------- d-----w C:\Programme\IrfanView
2008-02-08 22:44 --------- d-----w C:\Programme\iTunes
2008-02-07 19:44 --------- d-----w C:\Programme\FreePDF_XP
2008-02-07 19:44 --------- d-----w C:\Programme\0900 Alarm
2008-01-21 22:42 --------- d-----w C:\Programme\Winamp
2008-01-18 15:34 --------- d-----w C:\Programme\TVAnts
2008-01-17 19:01 --------- d-----w C:\Programme\Plaxo
2007-12-30 22:53 --------- d-----w C:\Programme\HJSplit
2007-12-28 00:23 232,033 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3265.exe
2007-12-28 00:23 --------- d-----w C:\Programme\Burn4Free Toolbar
2007-05-09 17:02 87,608 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\ezpinst.exe
2007-05-09 17:02 47,360 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\pcouffin.sys
2005-12-11 21:46 5,528,528 ----a-w C:\Programme\winamp512_full_emusic-7plus.exe
2004-03-15 10:11 868 ---ha-w C:\Programme\hpothb07.dat
2004-03-15 10:11 169 ---ha-w C:\Dokumente und Einstellungen\All Users\hpothb07.dat
2004-03-15 10:11 161 ---ha-w C:\Dokumente und Einstellungen\Boris\hpothb07.dat
2004-03-15 10:11 1,507 ---ha-w C:\Programme\hpothb07.tif
2004-01-09 23:40 9,745,592 ----a-w C:\Programme\RealOnePlayerV2GOLD_de.exe
2003-12-13 22:15 168 ----a-w C:\Programme\_DEISREG.ISR
2003-12-13 22:15 1,862 ----a-w C:\Programme\DeIsL1.isu
1999-12-02 12:54 91,648 ------w C:\Programme\xcacls.exe
1998-04-20 19:14 1,182,208 ----a-w C:\Programme\Digibib.exe
1998-04-19 21:59 48,655 ----a-w C:\Programme\babylon.ini
1997-04-23 02:16 40,960 ----a-w C:\Programme\_ISREG32.DLL
2004-05-22 19:39 157 --sha-w C:\WINDOWS\it.bat
2007-04-02 21:57 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-11 11:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 245,248 2003-09-09 10:28:13 C:\Programme\0900 Alarm\bak\0900Alarm.exe

----a-r 313,472 2006-03-30 14:45:08 C:\Programme\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 88,064 2005-04-15 08:26:42 C:\Programme\Agnitum\Outpost Firewall 1.0\bak\outpost.exe

----a-w 249,896 2007-10-11 21:48:36 C:\Programme\AntiVir PersonalEdition Classic\bak\avgnt.exe
----a-w 249,896 2008-01-18 22:36:42 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

----a-w 598,528 2002-08-02 16:02:14 C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\bak\UIWatcher.exe

----a-w 310,272 2005-05-27 09:24:52 C:\Programme\FreePDF_XP\bak\fpassist.exe

----a-w 180,269 2005-11-18 22:08:02 C:\Programme\Gemeinsame Dateien\Real\Update_OB\bak\realsched.exe

----a-w 155,648 2003-02-12 23:01:00 C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\bak\sgtray.exe

----a-w 278,528 2006-02-23 13:45:20 C:\Programme\iTunes\bak\iTunesHelper.exe

----a-w 477,696 2004-09-23 12:19:52 C:\Programme\MSI\Live Update 3\bak\LMonitor.exe

----a-w 155,648 2006-05-09 07:08:48 C:\Programme\QuickTime\bak\qttask.exe

----a-w 590,336 2002-11-14 15:23:10 C:\Programme\SICHERHEIT\Trojancheck 6\bak\tcguard.exe

----a-w 81,920 2005-01-24 18:58:02 C:\Programme\Sony\SonicStage\bak\SsAAD.exe

----a-w 35,328 2007-05-14 22:22:22 C:\Programme\Winamp\bak\winampa.exe
----a-w 37,376 2008-01-15 22:54:54 C:\Programme\Winamp\winampa.exe

----a-w 116,736 2004-12-03 13:20:30 C:\WINDOWS\Plaxo\2.1.0.80\bak\InstallStub.exe

----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Programme\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{981FE6A8-260C-4930-960F-C3BC82746CB0}
{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe" [ ]
"0900 Alarm"="C:\Programme\0900 Alarm\0900Alarm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57 15360]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"StorageGuard"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [ ]
"Trojancheck 6 Guard"="C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 10:48 47104 C:\WINDOWS\SOUNDMAN.EXE]
"LiveMonitor"="C:\Programme\MSI\Live Update 3\LMonitor.exe" [ ]
"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [ ]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [ ]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-18 23:36 249896]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [ ]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-15 23:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
hp psc 2000 Series.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R1 ewido security suite driver;ewido security suite driver;C:\Programme\ewido\security suite\guard.sys [2004-11-22 15:15]
R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2005-04-15 09:26]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-05-15 14:04]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-05-15 14:04]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2005-04-15 09:26]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2005-04-15 09:26]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2005-04-15 09:26]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2005-04-15 09:26]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2005-04-15 09:26]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2005-04-15 09:26]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2005-04-15 09:26]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2005-04-15 09:26]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2005-04-15 09:26]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2005-04-15 09:26]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2005-04-15 09:26]

.
Inhalt des "geplante Tasks" Ordners
"2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe
"2004-06-24 08:19:36 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1071339507.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2004-06-05 17:57:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1077732969.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-10 00:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1088034557.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-10 10:15:38 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 11:57:01
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-10 12:01:30
ComboFix-quarantined-files.txt 2008-02-10 11:01:25
ComboFix2.txt 2008-02-10 08:11:30
ComboFix3.txt 2008-01-27 11:39:25
.
2008-01-11 01:26:45 --- E O F ---




****************************************************
****************************************************
****************************************************
****************************************************




HIJACKTHIS-LOGFILE


Logfile of HijackThis v1.99.1
Scan saved at 12:02, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\0900 Alarm\bak\0900Alarm.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\bak\0900Alarm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125672066500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125672051046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4571/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe




****************************************************
****************************************************
****************************************************
****************************************************



DATFIND.BAT LOGFILE

Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS\system32

2008-02-10 10:49 1,374 wpa.dbl
2008-01-02 19:21 17,642,616 MRT.exe
2007-12-12 20:14 387,188 TZLog.log
2007-11-13 12:31 60,416 tzchange.exe
2007-11-07 10:27 729,600 lsasrv.dll

2199 Datei(en) 463,832,601 Bytes
0 Verzeichnis(se), 9,848,320,000 Bytes frei
.
.
.
Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\DOKUME~1\Boris\LOKALE~1\Temp

2008-02-10 12:03 107,580 datfind.txt
1 Datei(en) 107,580 Bytes
0 Verzeichnis(se), 9,848,340,480 Bytes frei
.
.
.
Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS

2008-02-10 11:56 227 system.ini
2008-02-10 11:56 53,248 PSEXESVC.EXE
2008-02-10 10:48 0 0.log
2008-02-10 10:48 4,210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
2008-02-10 10:48 1,346,429 WindowsUpdate.log
2008-02-10 10:48 159 wiadebug.log
2008-02-10 10:48 50 wiaservc.log
2008-02-10 10:46 2,048 bootstat.dat
2008-02-10 10:46 32,482 SchedLgU.Txt
2008-02-10 00:51 826,355 setupapi.log
2008-02-08 00:53 54,156 QTFont.qfn
2008-02-04 00:20 1,409 QTFont.for
2008-01-17 20:02 525 ODBC.INI
2008-01-17 20:02 49 transp.gif
2008-01-16 19:54 449,397 wmsetup.log
2008-01-16 19:44 162,361 CDPLAYER.INI
2008-01-11 02:25 193,917 iis6.log
2008-01-11 02:25 410,668 comsetup.log
2008-01-11 02:25 1,374 imsins.log
2008-01-11 02:25 56,714 ocmsn.log
2008-01-11 02:25 245,704 ntdtcsetup.log
2008-01-11 02:25 494,662 tsoc.log
2008-01-11 02:25 11,229 KB941644.log
2008-01-11 02:25 638,946 ocgen.log
2008-01-11 02:25 62,626 msgsocm.log
2008-01-11 02:25 1,299,618 FaxSetup.log
2008-01-11 02:25 1,374 imsins.BAK
2008-01-11 02:25 11,445 KB943485.log
2007-12-28 01:23 232,033 Burn4Free_Toolbar_Uninstaller_3265.exe
2007-12-12 20:15 28,691 KB942763.log
2007-12-12 20:14 15,734 KB941569.log
2007-12-12 20:14 22,560 KB942615-IE7.log
2007-12-12 20:14 96,815 updspapi.log
2007-12-12 20:13 10,578 KB941568.log
2007-12-12 20:13 11,261 KB944653.log
2007-11-15 02:08 7,747 KB943460.log

353 Datei(en) 39,042,526 Bytes
0 Verzeichnis(se), 9,848,303,616 Bytes frei
.
.
.
Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS\temp

.
.
.
Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS\Downloaded Program Files

2008-02-06 01:00 224 zdone.dat
2008-02-06 01:00 1,957 tinfl.dat
2008-02-06 01:00 128,368 naveng32.dll
2008-02-06 01:00 943,472 navex32a.dll
2008-02-06 01:00 69,307 tscan1.dat
2008-02-06 01:00 3,678 tscan1hd.dat
2008-02-06 01:00 4,778 v.grd
2008-02-06 01:00 2,267 v.sig
2008-02-06 01:00 97,776 scrauth.dat
2008-02-06 01:00 32 virscant.dat
2008-02-06 01:00 453 tinf.dat
2008-02-06 01:00 2,504 catalog.dat
2008-02-06 01:00 5,616,216 virscan9.dat
2008-02-06 01:00 1,937,195 virscan8.dat
2008-02-06 01:00 22,250,096 virscan7.dat
2008-02-06 01:00 392,918 virscan6.dat
2008-02-06 01:00 6,062,071 virscan5.dat
2008-02-06 01:00 320,253 virscan4.dat
2008-02-06 01:00 151,328 virscan3.dat
2008-02-06 01:00 571,098 virscan2.dat
2008-02-06 01:00 998,934 virscan1.dat
2008-02-06 01:00 106,244 virscan.inf
2008-02-06 01:00 11,816 symaveng.cat
2008-02-06 01:00 1,061 symaveng.inf
2008-02-06 01:00 403,505 tcdefs.dat
2008-02-06 01:00 2,840,968 tcscan7.dat
2008-02-06 01:00 441,991 tcscan8.dat
2008-02-06 01:00 6,899 ecbootil.vxd
2008-02-06 01:00 1,028,956 tcscan9.dat
2008-02-06 01:00 284,016 ecmsvr32.dll
2008-02-06 01:00 148 tinfidx.dat
2008-01-15 22:12 296,336 rufsi.dll
2008-01-15 22:12 255,336 avsniffdlgs.dll
2008-01-15 22:12 312,680 avsniff.dll
2008-01-15 22:04 241 CabSA.inf
2008-01-15 22:04 773 avsniff.inf
2008-01-15 22:02 6,850 navapi.vxd
2008-01-15 22:02 201,896 navapi32.dll
2008-01-15 22:02 42,112 ecmldr32.dll
2008-01-04 09:51 144 swdir.inf

138 Datei(en) 63,173,353 Bytes
0 Verzeichnis(se), 9,848,311,808 Bytes frei
Seitenanfang Seitenende
10.02.2008, 13:08
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#4 boris77

HijackThis
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked + starte den Rechner neu.

Zitat

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll

O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programme\del.icio.us\Internet Explorer Buttons\dlcsIE.dll

O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll

O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe

O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe

O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing)

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)

««
Download und auf dem Desktop entzippen:
http://virus-protect.org/zip/IEreg.zip

entzippen
Klicke: iereg.bat
PC neustarten und prüfen, ob der IE korrekt funktioniert

»»
überprüfe, ob es identische Probleme mit dem Firefox-Browser gibt
http://virus-protect.org/firefox.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
10.02.2008, 23:33
Member

Themenstarter

Beiträge: 20
#5 @Pinguin

OK - mach ich...

Zu Firefox: hab keinen FF-Browser und bisher auch noch nie einen verwendet... war mit IE bisher immer zufrieden und hab mir deshalb Firefox nie besorgt. Soll ich Ihn mir jetzt besorgen?
Seitenanfang Seitenende
11.02.2008, 09:46
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#6 Hallo Boris,

als Alternativ-Browser ist der Firefox immer zu empfehlen, in deinem Fall, um festzustellen, ob das Problem nur am IE liegt, oder generell.
Ich z.b. surfe mit dem Firefox und mache die Windowsupdates und Viren-Onlinescans mit dem IE, denn nur mit dem funktionieren sie ;)

Berichte, wie es läuft....
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende