Computer verdächtig langsam

#1 Hi,

Mein Computer wird von tag zu Tag langsamer ich hoffe ihr könnt mir da helfen.

combofix:

ComboFix 09-02-06.04 - hp 2009-02-08 12:39:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3069.2275 [GMT 1:00]
ausgeführt von:: c:\users\hp\Desktop\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2009-01-08 bis 2009-02-08 ))))))))))))))))))))))))))))))
.

2009-02-08 12:34 . 2009-02-08 12:34 <DIR> d-------- c:\users\hp\AppData\Roaming\Malwarebytes
2009-02-08 12:34 . 2009-02-08 12:34 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-08 12:34 . 2009-02-08 12:34 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-08 12:34 . 2009-02-08 12:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 12:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-08 12:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-07 17:09 . 2009-02-07 17:09 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-02-06 19:27 . 2009-02-06 19:37 <DIR> d-------- c:\program files\WC3Banlist
2009-02-06 19:27 . 2005-01-22 20:12 679,936 --a------ c:\windows\System32\D3DX81ab.dll
2009-02-06 17:54 . 2009-02-06 17:54 <DIR> d-------- c:\windows\Sun
2009-02-05 19:47 . 2009-02-05 19:47 <DIR> d-------- c:\program files\WinPcap
2009-01-17 17:09 . 2009-01-17 17:09 <DIR> d-------- c:\users\hp\AppData\Roaming\InstallShield
2009-01-17 17:09 . 2009-02-07 14:05 <DIR> d-------- c:\program files\Garena
2009-01-15 18:18 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-10 15:22 . 2009-01-10 15:22 <DIR> d-------- c:\program files\directx
2009-01-10 15:20 . 2009-01-10 15:20 <DIR> d-------- c:\program files\Common Files\3DO Shared
2009-01-10 15:20 . 2009-01-10 15:20 <DIR> d-------- c:\program files\3DO

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 02:21 --------- d-----w c:\users\hp\AppData\Roaming\Skype
2009-02-08 02:09 --------- d-----w c:\program files\Warcraft III
2009-02-07 23:07 --------- d-----w c:\users\hp\AppData\Roaming\skypePM
2009-01-17 16:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 13:07 --------- d-----w c:\program files\Windows Mail
2008-12-28 15:34 --------- d-----w c:\programdata\Skype
2008-12-28 15:34 --------- d-----w c:\program files\Skype
2008-12-28 15:34 --------- d-----w c:\program files\Common Files\Skype
2008-12-26 20:08 --------- d-----w c:\program files\Veoh Networks
2008-12-14 19:22 --------- d-----w c:\program files\DivX
2008-12-14 19:22 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-12 18:08 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-11 07:08 315,392 ----a-w c:\windows\HideWin.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-29 46416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"vidc.iv31"= c:\windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-04-07 02:56 132760 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BAD16E3-EDD6-40C4-AE35-0591D0B63135}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{AA86A294-19F6-4685-9BB0-63EAAAE399DA}"= UDP:c:\users\hp\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{E5802DB7-091F-42C1-BAEB-29A23679D367}"= TCP:c:\users\hp\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{3F1AA353-7B2E-402B-8EE2-E31CA5CF3F7A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{37C16800-4A3C-4120-9E0C-227BCCA88600}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B98DE95-F835-4BDB-B6A1-4B2E62A5EC90}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{5178FA4A-F62A-4715-8D3E-26005E0ABF43}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{7860F71E-85CE-42DC-A8E6-EA90A87D0A63}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4435E078-98D9-49B1-A4C3-55C712FA847C}"= UDP:6111:wc3
"{36463767-E07D-4A6C-A305-4C0B757AC3AA}"= TCP:6111:wc32
"{7613752E-0FB4-4D21-A621-CFC7E8CB411D}"= UDP:6112:wc33
"{62FD7318-0339-443E-AE79-770F61262571}"= TCP:6112:wc34
"{1F97BE18-47DA-4ADD-AE18-56FC16040588}"= UDP:6113:wc35
"{C33622FC-E651-4816-8E9F-099B688666BD}"= TCP:6113:wc36
"{11F45ECD-803D-4468-BA4F-FDA94E60664A}"= UDP:6114:wc37
"{E0195619-E5EE-4B66-BF64-B9D710903C90}"= TCP:6114:wc38
"{F3709281-D269-446E-B16C-F6345D7A96CD}"= UDP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III
"{845E0E90-7C7D-4414-AE48-5F153E61AB8A}"= TCP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III
"{D279001C-1E82-4FCC-9994-BB5513221847}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{7B491475-ABC8-425A-9EA6-3139E53F45C3}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{7739359E-C208-44F2-A95F-3EB44E2A62B6}"= UDP:c:\program files\Warcraft III\war3.exe:war3.exe
"{1D03E841-D378-44B8-BD13-302468C67A88}"= TCP:c:\program files\Warcraft III\war3.exe:war3.exe
"{EB4F4A12-ACF6-4251-9882-8321205C4F52}"= UDP:c:\program files\Warcraft III\BNUpdate.exe:BNUpdate.exe
"{57987C63-CD61-49EB-B4FE-8D72FBB791E9}"= TCP:c:\program files\Warcraft III\BNUpdate.exe:BNUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-01-25 42000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ffacf45-afbd-11dd-b143-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cndt
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {0A31E876-3DA9-45F9-81D5-52C470172CFA} = 192.168.1.1,192.168.1.2
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\1wfvhhre.default\
FF - prefs.js: browser.startup.homepage - www.google.de/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 12:40:23
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-02-08 12:41:58
ComboFix-quarantined-files.txt 2009-02-08 11:41:56

Vor Suchlauf: 15 Verzeichnis(se), 388.841.738.240 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 389,249,470,464 Bytes frei

145 --- E O F --- 2009-02-07 12:25:33



hyjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:41, on 08.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\hp\Desktop\Neuer Ordner (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A31E876-3DA9-45F9-81D5-52C470172CFA}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A31E876-3DA9-45F9-81D5-52C470172CFA}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A31E876-3DA9-45F9-81D5-52C470172CFA}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5194 bytes

hyhack 2:

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
AOL Toolbar 5.0
Apple Software Update
Catalyst Control Center - Branding
Compatibility Pack für 2007 Office System
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Garena
Hardware Diagnose Tools
Heroes of Might and Magic IV: Winds of War
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Total Care Advisor
HP Update
ICQ6
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.12.37.1
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.6)
muvee autoProducer 6.1
My HP Games
Power2Go
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Skype™ 3.8
TeamSpeak 2 RC2
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Veoh Web Player Beta
Warcraft III
WinPcap 4.0
WinRAR

#2 http://board.protecus.de/t23188.htm
noch malwarebytes bitte

#3

Zitat

virenfinder postete
http://board.protecus.de/t23188.htm
noch malwarebytes bitte

Ah vergessen das hinzuschreiben... Malwarebytes hat nix gefunden:

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

mfg

#4 gehe start ausfüren tippe ein
regedit
drücke enter
navigiere zu:
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
wähle auf der rechten seite:
"AntiVirusOverride"=dword:00000001
die 1 in eine null endern
dafür musst du auf bearbeiten klicken die 1 löschen und durch eine null ersetzen
schließe bitte wieder regedit.
gehe noch mal auf start ausfüren schreibe
combofix /u
drücke enter

öffne hijackthis klicke scan hake an:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O13 - Gopher Prefix:
nun kommen einträge, die den autostart betreffen meiner meinung aber unnötig sind und gefixt werden sollten:
Also hake weiterhin an:
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

kommen wir zu den updates und zu den programmen wo cih persönlich sag das sie unnötig sind:
also deinstaliere erst mal:
Adobe Reader 8.1.2 - Deutsch
www.adobe.com/de/products/reader/ - 32k -
der neuner ist der neueste.
hierrauf würde ich verzichten:
AOL Toolbar 5.0
ICQ6
www.icq.com/download/ - 55k -
bitte neueste version laden
Java(TM) SE Runtime Environment 6 Update 1
deinstalieren. lasse dieses programm laufen zur restlosen entfernung:
www.heise.de/software/download/javara/56676 - 78k -
neueste version laden und instalieren:
http://java.sun.com/javase/downloads/index.jsp

wie voll ist deine sidebar, ich hab gehört das die zu verlangsamung füren kann!
Schlimmer ist, das du kein antivirenprogramm hast, bitte nutze erst mal die 6 monate testversion von avira premium:
https://license.avira.com/de/promoti...3fgnsu051rwq81
wenn die net mehr läuft, 30 tage testen reicht auch.
www.avira.com/de - 32k -
instaliere nun avira update es scanne aber noch nicht.
erst wie folgt einstellen:
http://board.protecus.de/t23979.htm
nun scanne all deine laufwerke, funde in quarantäne und poste das log.
+ neues hijackthis + wie läuft dein rechner