Rechner Unendlich Langsam - Wie überprüfen?

#1 Hallo,

bin noch relativ neu hier und habe in einen Tread geschaut, der bei dem gleichen Problem geraten hat - erstmal ein scan mit ComboFix zu machen.
Stelle gleich mal den Report hier rein:
Kann man da schon was sehen?

"Hartmut" - 2007-07-19 13:57:52 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-19 11:46 <DIR> d-------- C:\Programme\Security Task Manager
2007-07-19 11:46 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-07-09 16:24 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-05 11:48 <DIR> d-------- C:\Programme\Norton Internet Security
2007-07-04 09:49 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-02 12:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 19:43 <DIR> d-------- C:\Neuer Ordner NC
2007-07-01 12:28 <DIR> d-------- C:\Programme\iPod
2007-07-01 12:27 <DIR> d-------- C:\Programme\iTunes
2007-07-01 12:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-01 12:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-01 12:25 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-07-01 10:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 23:36 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-29 02:46 <DIR> d-------- C:\DOKUME~1\HARTMU~1\ANWEND~1\Sammsoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 11:53:25 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-07-19 11:53:06 -------- d-----w C:\Programme\PacificPoker
2007-07-19 11:51:02 -------- d-----w C:\Programme\PokerStars.NET
2007-07-05 09:52:08 -------- d-----w C:\Programme\Symantec
2007-07-05 09:52:06 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-05 09:52:06 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-05 09:35:20 -------- d-----w C:\DOKUME~1\HARTMU~1\ANWEND~1\Symantec
2007-07-05 08:21:33 -------- d-----w C:\Programme\STA-Verwaltung Neu
2007-07-04 23:03:03 -------- d-----w C:\DOKUME~1\HARTMU~1\ANWEND~1\Apple Computer
2007-07-01 10:48:48 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-29 22:42:17 -------- d-----w C:\Programme\Opera
2007-06-28 09:00:51 -------- d-----w C:\Programme\QuickTime
2007-06-21 12:01:12 -------- d--h--w C:\Programme\WindowsUpdate
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll []
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 01:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinnacle WebUpdater"="C:\Programme\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" []
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2003-05-16 16:51]
"PMCRemote"="C:\Programme\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 20:35]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41]
"InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2004-09-13 12:51]
"Dit"="Dit.exe" [2002-08-28 14:43 C:\WINDOWS\Dit.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-19 17:29]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"PMCS"="C:\Programme\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" []
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 18:22]
"AROReminder"="C:\Programme\Advanced Registry Optimizer\ARO.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCMON11

Contents of the 'Scheduled Tasks' folder
2007-07-16 21:07:23 C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - Hartmut Lipke.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 14:07:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-19 14:09:06
C:\ComboFix-quarantined-files.txt ... 2007-07-02 12:33
C:\ComboFix2.txt ... 2007-07-02 12:33

--- E O F ---

Kann man schon etwas erkennen?

Vielen Dank für das Suchen und Mithelfen.


Hartmut

#2 Combofix ist für Schädlinge gut.

Lass mal HJT drüber laufen, damit sieht man wieviele Prozesse laufen.

Und dann lass mal CCleaner drüber laufen

#3 Hallo NeedHelp2007,

was heißt Combofix ist für Schädlinge gut? Können die sich dort besser verstecken?

Und was ist HJT (vielleicht Hijack?).

Vielen Dank für die Antwort.


Hartmut

#4 Hi, mit Combofix kannst du erkennen ob du schädlinge auf deinem PC hast...
Hijackthis drüber laufen lassen und den Bericht posten, damit man sieht wieviele Prozesse du so laufen hast.

UNd hast du CCleaner drüber laufnen lassen ?

#5 Hallo allerseits,

hatte viel zu tun und heute endlich mal Zeit für meinen PC:

Habe also folgendes als letztes überprüft:

1. CLEAN UP laufen lassen

Weiß nicht, ob das sehr erfolgreich war. Folgendes Ergebnis habe ich kopiert:

CleanUp! started on 07/29/07 16:54:06.
C:\Dokumente und Einstellungen\Hartmut\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Dokumente und Einstellungen\Hartmut\Lokale Einstellungen\Verlauf\History.IE5\index.dat - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
'Typed URLs' (MSN) - removed from the registry.
Visited: Hartmut@http://www.phil-flash-cash.com/potd/index.php?site=blueyez&type=large&id=515814 - deleted
Visited: Hartmut@http://onlinesecurityworld.com/shandler.php?sg=2 - deleted
C:\Dokumente und Einstellungen\Hartmut\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Hartmut\Local Settings\Application Data\Identities\{1873CC4B-58AA-4B3F-BEE8-23490D7D76D9}\Microsoft\Outlook Express\cleanup.log - deleted
C:\Dokumente und Einstellungen\Hartmut\Anwendungsdaten\Microsoft\Outlook Express\News\cleanup.log - deleted
C:\Programme\Opera\download.dat - deleted
C:\Programme\Opera\opera.win - deleted
C:\Programme\Opera\opera.dir - deleted
C:\Programme\Opera\global.dat - deleted
C:\Programme\Opera\Opera.win - deleted
C:\Programme\Opera\Opera.win - deleted
C:\Programme\Opera\opera.lnk - deleted
C:\Programme\Opera\vlink.dat - deleted
C:\Programme\Opera\vlink4.dat - deleted
C:\Programme\Opera\cookies.dat - deleted
C:\Programme\Opera\cookies4.dat - deleted
C:\Programme\Opera\newslist.elm - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\osCheck Vista Migration 2007-07-29 16h52m26s.log - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\~DF4D32.tmp - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\~DFE50B.tmp - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\WPDNSE\ - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\osCheck Vista Migration 2007-07-29 16h52m26s.log - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\~DF4D32.tmp - deleted
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\~DFE50B.tmp - deleted
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Hartmut\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Hartmut\Cookies\index.dat - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 9.3 MB of disk space from 31 files.
CleanUp! finished on 07/29/07 16:54:07.








2. Dann habe ich COMBO - FIX benutzt und folgenden Bericht kopieren können:

"Hartmut" - 2007-07-29 17:00:51 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-19 14:51 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-07-19 14:50 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-07-19 14:50 <DIR> d-------- C:\DOKUME~1\HARTMU~1\ANWEND~1\TuneUp Software
2007-07-19 14:49 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-07-19 11:46 <DIR> d-------- C:\Programme\Security Task Manager
2007-07-19 11:46 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
2007-07-09 16:24 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-05 11:48 <DIR> d-------- C:\Programme\Norton Internet Security
2007-07-04 09:49 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-02 12:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 19:43 <DIR> d-------- C:\Neuer Ordner NC
2007-07-01 12:28 <DIR> d-------- C:\Programme\iPod
2007-07-01 12:27 <DIR> d-------- C:\Programme\iTunes
2007-07-01 12:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-01 12:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple
2007-07-01 12:25 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
2007-07-01 10:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 23:36 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-29 02:46 <DIR> d-------- C:\DOKUME~1\HARTMU~1\ANWEND~1\Sammsoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 14:54:06 -------- d-----w C:\Programme\Opera
2007-07-29 09:58:15 76,928 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-29 09:58:15 421,388 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-07-28 15:58:53 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-07-19 12:49:24 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-19 11:53:06 -------- d-----w C:\Programme\PacificPoker
2007-07-19 11:51:02 -------- d-----w C:\Programme\PokerStars.NET
2007-07-05 09:52:08 -------- d-----w C:\Programme\Symantec
2007-07-05 09:52:06 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-05 09:52:06 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-05 09:52:06 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-05 09:52:06 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-05 09:35:20 -------- d-----w C:\DOKUME~1\HARTMU~1\ANWEND~1\Symantec
2007-07-05 08:21:33 -------- d-----w C:\Programme\STA-Verwaltung Neu
2007-07-04 23:03:03 -------- d-----w C:\DOKUME~1\HARTMU~1\ANWEND~1\Apple Computer
2007-06-28 09:00:51 -------- d-----w C:\Programme\QuickTime
2007-06-21 12:01:12 -------- d--h--w C:\Programme\WindowsUpdate
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-03-07 23:03:54 5,632 --sha-w C:\Programme\Thumbs.db
2007-01-05 20:12:53 70,088 -c--a-w C:\DOKUME~1\HARTMU~1\ANWEND~1\GDIPFONTCACHEV1.DAT
2005-09-29 21:16:36 774,144 ----a-w C:\Programme\RngInterstitial.dll
2003-07-26 13:16:14 2,508,800 -c--a-w C:\Programme\Wolle.mpg
2003-07-26 13:10:32 1,884,160 -c--a-w C:\Programme\Watte.mpg
1997-09-03 23:00:00 311,296 -c----w C:\Programme\Gemeinsame Dateien\MSACC8.OLB


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2003-05-16 16:51]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 C:\WINDOWS\SOUNDMAN.EXE]
"Microsoft Works Update Detection"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 19:43]
"InCD"="C:\Programme\Ahead\InCD\InCD.exe" [2004-09-13 12:51]
"Dit"="Dit.exe" [2002-08-28 14:43 C:\WINDOWS\Dit.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-19 17:29]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
OnlineControl.lnk - C:\Programme\OnlineControl\ocontrol.exe [2006-02-03 14:00:48]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"PCMService"=C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe

R1 PCLEPCI;PCLEPCI;\??\C:\WINDOWS\system32\drivers\pclepci.sys
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 HidUsb;Microsoft HID Class-Treiber;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 usbehci;Miniporttreiber f�r erweiterten Microsoft USB 2.0-Hostcontroller;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2-aktivierter Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Miniporttreiber f�r Microsoft USB Open Host-Controller;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbstor;USB-Massenspeichertreiber;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 uscbs108;uscbs108;C:\WINDOWS\system32\DRIVERS\uscbs108.sys
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S2 InCDsrvR;InCD Helper (read only);C:\Programme\Ahead\InCD\InCDsrv.exe -r
S3 ATWPKT;ATWPKT;\??\C:\WINDOWS\system32\Drivers\ATWPKT.SYS
S3 EraserUtilDrv10622;EraserUtilDrv10622;\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv10622.sys
S3 MPE;BDA MPE-Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS;"C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
S3 PCTV;PCTV 4XXe USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\pctv4XXe.sys
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS;"C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 TDSLAdapter;T-DSL-Adapter (T-Online);C:\WINDOWS\system32\DRIVERS\TDSLAdap.sys
S3 TDSLProtocol;T-DSL-Protocol (T-Online);C:\WINDOWS\system32\DRIVERS\TDSLProt.sys
S3 usbccgp;Microsoft Standard-USB-Haupttreiber;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys
S3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-27 15:16:54 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-07-23 20:42:49 C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - Hartmut.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 17:06:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 17:08:42
C:\ComboFix-quarantined-files.txt ... 2007-07-02 12:33
C:\ComboFix2.txt ... 2007-07-19 14:09
C:\ComboFix3.txt ... 2007-07-02 12:33

--- E O F ---

3. Habe dann HJT drüberlaufen lassen und einen Bericht bekommen:

ogfile of HijackThis v1.99.1
Scan saved at 17:15:00, on 29.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOKUME~1\HARTMU~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/mms_upload_1104.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16756c74754dc506ef14/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/de/win/QuickTimeInstaller.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom.lycos.de/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylom.lycos.de/activex/zylomloader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F2779A8-22BD-4354-A381-1E495554FCEE}: NameServer = 192.168.2.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe







4. Zum Schluss noch DAT FIND bat:




.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 287D-6AB8

Verzeichnis von C:\WINDOWS\system32

29.07.2007 16:52 2.206 wpa.dbl
29.07.2007 11:58 411.066 perfh009.dat
29.07.2007 11:58 66.164 perfc009.dat
29.07.2007 11:58 421.388 perfh007.dat
29.07.2007 11:58 76.928 perfc007.dat
29.07.2007 11:58 987.928 PerfStringBackup.INI
22.07.2007 18:39 279.552 swreg.exe
05.07.2007 12:11 16 coh.cache
05.07.2007 11:52 48.776 S32EVNT1.DLL
28.06.2007 09:57 16.256.984 MRT.exe
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 10:59 3.583.488 mshtml.dll
27.04.2007 09:42 65.536 QuickTimeVR.qtx
27.04.2007 09:42 49.152 QuickTime.qts
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 124.928 advpack.dll
25.04.2007 09:41 230.400 ieaksie.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 132.608 extmgr.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 11:32 1.485.696 LegitCheckControl.DLL
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 22:47 33.624 wups.dll
16.04.2007 22:47 30.040 wuapi.dll.mui
16.04.2007 22:47 30.040 wuaucpl.cpl.mui
16.04.2007 22:45 1.710.936 wuaueng.dll
16.04.2007 22:45 549.720 wuapi.dll
16.04.2007 22:45 325.976 wucltui.dll
16.04.2007 22:45 216.408 wuaucpl.cpl
16.04.2007 22:45 203.096 wuweb.dll
16.04.2007 22:45 92.504 cdm.dll
16.04.2007 22:45 43.352 wups2.dll
16.04.2007 22:45 53.080 wuauclt.exe
16.04.2007 22:45 20.824 wuaueng.dll.mui
16.04.2007 22:44 34.136 wucltui.dll.mui
16.04.2007 17:53 1.058.304 kernel32.dll
04.04.2007 12:48 251.088 FNTCACHE.DAT
28.03.2007 19:42 29.704 uxtuneup.dll
17.03.2007 15:44 293.376 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:32 1.843.712 win32k.sys
28.02.2007 18:02 2.182.656 ntoskrnl.exe
28.02.2007 18:02 2.059.904 ntkrnlpa.exe

Kann man etwas erkennen? Ist irgendetwas überflüssig.
Ist noch ein Spy oder Trojaner anwesend?
Vielen Dank für jede Antwort.


Hartmut

#6

Zitat

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install/installer.exe

FIXEN !!!

#7 Hallo NeedHelp2007,

danke für die Antwort - aber leider kann ich sie nicht umsetzen,
weil ich nicht weiß, was das heißt: FIXEN!

Könntest Du mir einen Tipp für Anfänger geben?

Danke,


Hartmut

#8 Hi,

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install/installer.exe

Alle Anwendungen bis auf HJ müssen geschlossen sein!

Chris

#9 moin, ich hab auch so ein ähnliches problem der rechner ist total langsam hab jetzt auch combofix laufen lassen hier das log file:
ComboFix 07-08-04.3 - "Sergej" 2007-08-04 15:21:18.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.Wahr
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))


2007-08-03 17:25 <DIR> d----c--- C:\DriveCleaner78981782901
2007-07-31 18:57 <DIR> d-------- C:\Programme\Bullfrog
2007-07-31 16:20 <DIR> d----c--- C:\DOKUME~1\Sergej\ANWEND~1\WinRAR
2007-07-31 13:58 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-07-31 13:58 <DIR> d-------- C:\Programme\Electronic Arts
2007-07-30 14:11 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2007-07-30 14:11 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2007-07-29 19:53 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-07-29 19:50 <DIR> d-------- C:\Programme\Microsoft Works
2007-07-29 19:49 <DIR> d-------- C:\Programme\MSBuild
2007-07-29 19:47 <DIR> d-------- C:\Programme\Microsoft.NET
2007-07-29 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-07-29 19:44 <DIR> d-------- C:\Programme\Microsoft Visual Studio 8
2007-07-29 19:39 <DIR> d----c--- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft Help
2007-07-29 19:38 <DIR> dr-h-c--- C:\MSOCache
2007-07-29 19:34 <DIR> d-------- C:\Programme\Smart Projects
2007-07-26 16:17 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-07-26 16:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-07-13 17:30 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-07-13 17:30 9,006 --a--c--- C:\clean.bat
2007-07-13 17:30 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-07-13 17:30 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-07-13 15:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 15:08 <DIR> d----c--- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Panasonic
2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi3.dll
2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi2.dll
2007-07-13 15:04 <DIR> d-------- C:\Programme\Gemeinsame Dateien\CNC
2007-07-13 14:56 77,824 --a------ C:\WINDOWS\system32\PAvFilt.dll
2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvWrite.dll
2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvRead.dll
2007-07-13 14:56 253,952 --a------ C:\WINDOWS\system32\PCodec.dll
2007-07-13 14:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panasonic
2007-07-13 14:55 <DIR> d-------- C:\Programme\Panasonic


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 11:56 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-08-03 23:02 --------- d----c--- C:\DOKUME~1\Sergej\ANWEND~1\Azureus
2007-08-03 20:21 --------- d-------- C:\Programme\eMule
2007-08-02 11:41 --------- d-------- C:\Programme\PokerStars.NET
2007-07-31 14:25 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-07-29 21:02 --------- d----c--- C:\DOKUME~1\Sergej\ANWEND~1\Skype
2007-07-26 16:17 --------- d-------- C:\Programme\TuneUp Utilities 2007
2007-07-13 00:43 78238 --a------ C:\WINDOWS\system32\perfc007.dat
2007-07-13 00:43 423550 --a------ C:\WINDOWS\system32\perfh007.dat
2007-07-13 00:41 6 --a------ C:\WINDOWS\system32\TMcnt.bin
2007-06-29 00:35 --------- d----c--- C:\DOKUME~1\Sergej\ANWEND~1\Lavasoft
2007-06-28 21:54 --------- d----c--- C:\DOKUME~1\Sergej\ANWEND~1\OpenOffice.org2
2007-06-28 20:27 --------- d-------- C:\Programme\Google
2007-06-28 20:19 --------- d-------- C:\Programme\PokerStars
2007-06-27 19:00 --------- d-------- C:\Programme\themexp
2007-06-27 18:43 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-27 16:28 5504 --a------ C:\WINDOWS\system32\xdrve9d.sys.ren
2007-06-20 09:14 --------- d-------- C:\Programme\Microsoft ActiveSync
2007-06-20 09:12 --------- d-------- C:\Programme\Yahoo!
2007-06-20 09:10 --------- d----c--- C:\DOKUME~1\Sergej\ANWEND~1\GoPal Assistant
2007-06-20 09:10 --------- d-------- C:\Programme\Medion GoPal Assistant
2007-06-09 21:28 --------- d-------- C:\Programme\Common Files
2007-06-09 21:28 --------- d-------- C:\Programme\AvantGo Connect
2007-05-29 11:18 1044480 --a------ C:\WINDOWS\system32\VchReg.dll
2007-05-16 17:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:11 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:11 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:11 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:11 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-04 14:59 3085312 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-06-04 18:57 1124 --a--c--- C:\DOKUME~1\Sergej\ANWEND~1\wklnhst.dat
2006-03-17 18:16 457 --a--c--- C:\Programme\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [2004-07-14 17:01]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-03 01:00 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCMTR.EXE]
"HerculesCamService"="C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 19:44]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 19:15]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-11-15 13:50]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56]
"CCleaner"="C:\Programme\CCleaner\CCleaner.exe" [2007-05-10 13:01]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=HDAShCut.exe
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HerculesCamService"=C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
"DriveCleaner 2006"="c:\programme\drivecleaner 2006\dc2006.exe" /min
"TopDesk"=C:\Programme\TopDesk\topdesk.exe
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 ACEDRV07;ACEDRV07;\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys
R3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
S3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys
S3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 StMp3Rec;Treiber f�r Player-Wiederherstellungsger„t;C:\WINDOWS\system32\Drivers\StMp3Rec.sys
S3 TNPacket;T-Systems Nova Packet Capture Driver;\??\C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
S3 TSMPacket;T-DSL SpeedManager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
S3 USBAV191;Instant VideoXpress;C:\WINDOWS\system32\DRIVERS\USBAV191.SYS
S3 usbvideo;USB-Videoger„t (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-03 15:16:30 C:\WINDOWS\Tasks\1-Klick-Wartung.job
2007-07-30 20:08:32 C:\WINDOWS\Tasks\Norton Internet Security - Systemprüfung ausführen - Sergej.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 15:25:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="1C44105747899ED76DB044F2E03F1F0536D48611F64B4C60673BA9EDC49708F830BCE029359BCEA437DDB082182B63EC6479E8F0748019C12EBEA979E52BA00789FE856A8E3B6C6959C5A4538F4D2489FBCA065B1B58A6725AA7C45B96D71CE3926EF457C0BD16682E7A0EB5F4B649C169A5E656FCBF479C86C03AEE6789D49D376149BE7DACD0B6137E028D3EB01FCF9BDA38FA6B5C2EC0D4C572A12E608B9A6C23C3843CC4833E6CC9B852A032D54207B0CA760185F5B26A6AF4F40332DF142472459FB678F83C9E490C1317EC82FC23DE940B18451D1AED55F180C3065A95D903D51A6AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D14080AE4F9A8FC2D7344B86C05BF6B4B557D2C811823882E4310E55B626D250AB6DDE50C06A6561137E3EBA9271F69A4555997074ADB9F11EBE54BF7018DC25E36E0E7A8E01F042FB324538155CBABA95DF051233D4E1E7F26E0AE675217A3F1D6E6B37BE81912FA2B64F485FA25B7714CCAE25708D19CCF8E4FBB3D3B7816FC10A83BCAEF3D24AF90E6274AF6AC22D63254A92B3662489EF3E6770F1648FAFB8CC3C55E3D5BEFC88DD1186A1B8A177655D957A848215F4B563FB6FBAE3E482EAC3AEF820AE2C0887D2F4982B088D534AF91725FB250B877EED5A6A146B807170470298804EA73F271ED8EB5F017B2B4EC1253625DD83A8B288AC3A313B7D20159B0B544CDAEFAD22D6091A80BC79362F1562946A3C5E1321E21E12A3C5F60F629A8AC8F7D895EB4AABD4D05235174EBD0BCF4A6D6483FDAA5C128E0DFF971C8A268FA451C7F37E8161F9479CD8F64C2D40B0DA3B932F5B744FA91760FF3610B29E6DE4829B4B385CE040BB61A81071FFA6799DC84FD4041353BEA9FCE5E9B96D3FB6DFB167495E26ACCA971034914F7F55D9B7C64C568B266D7D993176DA486EE668DC8C7AC349EB1C23DE57E2ED48D2ADC61AAF7494F89F988D28ED5FA8E3AF946FA1B9A6E79999F0EE54F711B2AE1B0381396D3EDE90B476B21506C0304D7A7A247E5597063F9E63E1A71399E073BD727A9737F3B403CD8FDE41BAF2742C661E3539AC98B05A86AC52110A16DF22321C4F2F7785CEEE96CA68E3867AC9AB2405659B41F3E0351437A98F4705B89E642928FDDAD212422F42E67F1D2FAF28C15ADE32F05AA1AE63D96F06F5CE4799AA3F0F6E383FD26391A3F8819219FC207E3FD528A1816969C5A39ED508F2A859364A8724ED10B4DC5B4EAE000F8CC181C62415A4CEBEADAED4E642B6C296B856B55662061E38405A25327347F715595867ED381FC05375D16027E121E3C12E481FAB771EA7A48CE6E3ACA97739834EE47D57825295E2DA91791D1E5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000005fc

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 15:26:46
C:\ComboFix-quarantined-files.txt ... 2007-08-04 15:26
C:\ComboFix2.txt ... 2007-07-13 17:57
C:\ComboFix3.txt ... 2007-07-13 15:32
C:\combofixlog.txt ... 2007-07-13 15:34

--- E O F ---



und nun das hjk file:


Logfile of HijackThis v1.99.1
Scan saved at 15:31:26, on 04.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Sergej\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:25
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


bin für jede hilfe dankbar