Mein Laptop bootet seid einiger Zeit ziemlich langsam .
wollte deshalb mein Logfile von HiJackThis überprüfen lassen.
2 GB RAM , Windows XP .
Bootvorgang dauert so ca. 5 min . Hab mit CCleaner alles gesäubert.
Defragmentiert hat auch nichts weiter gebracht.
Norten Antivir hat auch nix weiter gefunden.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:43, on 27.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\T-Online\Storagemanager\TOnlineStorageMgrSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Hotkey Management\FuncKey.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Atheros\ACU.exe
C:\Programme\Vista Drive Icon\DrvIcon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AlfaClock\AlfaClock.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\***\Desktop\My eBooks\Software\Laptop Reinigungssoftware\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [FuncKey] "C:\Programme\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ACU] C:\Programme\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programme\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Programme\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=http://www.ebay.de (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3D4089B-1FA9-4FC7-AF6B-19A4866D4FDF} (TOIDownloadCtrl Class) - http://drm1.t-online.de/MeineFilmeVoD/TOIDownloadManager.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-Konfigurationsdienst (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOnlineStorageMgrSvc - TODO: <Company name> - C:\Programme\T-Online\Storagemanager\TOnlineStorageMgrSvc.exe

--
End of file - 13468 bytes

Hallo mzolker.

Deaktiviere bitte den Windows Defender und Deinstalliere Lavasoft's AdAware. Die sind beide nicht überzeugend und belasten das System enorm.

Dein log ist soweit sauber daher müssen wir etwas tiefer graben..

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten..

4) Lasse Silentrunners laufen und poste das logFile

5) Folge dieser Anleitung.

6) Run Combofix. Poste den erscheinenden Text.

7) Überprüfe dein System mit SASW.

8) Durchsuche mit dem Kaspersky Online Scanner dein System.

9) Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

10) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht: Kürze im log bitte die 032 und 033 redirected Einträge. (Diese wurden von Spybot erstellt.)

11) Danach machst du einen eScan nach Anleitung in meiner Signatur und postest das log.

Erst mal Danke für die schnelle Antwort !!!!

Hier ist das log von Blacklight

03/28/08 20:20:50 [Info]: BlackLight Engine 1.0.67 initialized
03/28/08 20:20:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/28/08 20:20:50 [Note]: 7019 4
03/28/08 20:20:50 [Note]: 7005 0
03/28/08 20:20:55 [Note]: 7006 0
03/28/08 20:20:55 [Note]: 7011 996
03/28/08 20:20:55 [Note]: 7026 0
03/28/08 20:20:55 [Note]: 7026 0
03/28/08 20:21:00 [Note]: FSRAW library version 1.7.1024
03/28/08 20:33:44 [Note]: 7007 0


und noch das log von silentrunners

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IncrediMail" = "C:\Programme\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AlfaClock Classic" = ""C:\Programme\AlfaClock\AlfaClock.exe" /startup" ["AlfaSoft Research Labs"]
"T-Online_Software_6\WLAN-Access Finder" = "C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized" ["T-Online International AG, Marmiko IT-Solutions GmbH"]
"H/PC Connection Agent" = "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [MS]
"SUPERAntiSpyware" = "C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"FuncKey" = ""C:\Programme\Hotkey Management\FuncKey.exe"" [empty string]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"ACU" = "C:\Programme\Atheros\ACU.exe -nogui" ["Atheros Communications, Inc."]
"DrvIcon" = "C:\Programme\Vista Drive Icon\DrvIcon.exe" ["artArmin"]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Programme\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"
-> {HKLM...CLSID} = "IE7Pro BHO"
\InProcServer32\(Default) = "C:\Programme\IEPro\iepro.dll" ["IE7Pro.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Download Manager Browser Helper Object"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL" ["Protect Software GmbH"]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "NCO 2.0 IE BHO"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll" ["Symantec Corporation"]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll" ["Symantec Corporation"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
"{C9CF278C-460E-4917-BC43-3F75E6E47D3D}" = "fluxDVD Shell Extension"
-> {HKLM...CLSID} = "fluxDVD Shell Information Extractor"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll" ["ACE GmbH"]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobiles Gerät"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Michael Zolker\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "***" & "All Users" startup folders:
----------------------------------------------------------------

C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart
"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]
"Thoosje Vista Sidebar" -> shortcut to: "C:\Programme\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"Auf Updates für Windows Live Toolbar prüfen" -> launches: "C:\Programme\Windows Live Toolbar\MSNTBUP.EXE" [MS]
"Norton Internet Security Online - Systemprüfung ausführen - ***" -> launches: "C:\Programme\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
-> {HKLM...CLSID} = "Norton-Symbolleiste anzeigen"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "NCO Toolbar 2.0"
-> {HKLM...CLSID} = "Norton-Symbolleiste anzeigen"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\
"ButtonText" = "IE7Pro Preferences"
"MenuText" = "IE7Pro Preferences"
"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"
-> {HKLM...CLSID} = "IE7Pro ToolsExt"
\InProcServer32\(Default) = "C:\Programme\IEPro\iepro.dll" ["IE7Pro.com"]

{00951C02-5731-44E9-B2F5-544EC2279417}\
"ButtonText" = "ZuneIt"
"CLSIDExtension" = "{00951C02-5731-44e9-B2F5-544EC2279417}"
-> {HKLM...CLSID} = "ZuneIEPlugin.ZuneExtension"
\InProcServer32\(Default) = "mscoree.dll" [MS]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{8B69DB2E-015D-4C4F-B97E-95EF5326BDA8}\
"ButtonText" = "eBay Startseite"
"Exec" = "http://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=http://www.ebay.de" [file not found]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@c:\Programme\Messenger\Msgslang.dll,-61144"
"MenuText" = "@c:\Programme\Messenger\Msgslang.dll,-61144"
"Exec" = "c:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Atheros-Konfigurationsdienst, ACS, "C:\WINDOWS\system32\acs.exe" ["Atheros"]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, "C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe" ["Symantec Corporation"]
LiveUpdate Notice, LiveUpdate Notice, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
T-Online WLAN Adapter Steuerungsdienst, MZCCntrl, "C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe" ["T-Online International AG, Marmiko IT-Solutions GmbH"]
TOnlineStorageMgrSvc, TOnlineStorageMgrSvc, ""C:\Programme\T-Online\Storagemanager\TOnlineStorageMgrSvc.exe"" ["TODO: <Company name>"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Programme\Windows Media Player\WMPNetwk.exe"" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


---------- (launch time: 2008-03-28 20:39:36)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 64 seconds, including 8 seconds for message boxes)

hier noch die Combofix

ComboFix 08-03-27.1 - 2008-03-28 20:58:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1520 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Script messages for sUBs --
C:\WINDOWS\system32\CF6588.exe /S /D /c" 1>>d-delA.dat 2>nul ( Findstr -MIRF:/ "This.program.cannot.be.run.in.DOS.mode zhengtu.dat appinit_dlls" )"
Findstr -MIRF:/ "This.program.cannot.be.run.in.DOS.mode zhengtu.dat appinit_dlls"

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\SmartVideoCodec
C:\WINDOWS\system32\cee0_g.dll
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-14 20:49 . 2008-03-14 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Symantec
2008-03-14 20:46 . 2008-03-14 20:46 <DIR> d-------- C:\Programme\Windows Sidebar
2008-03-14 20:45 . 2008-03-15 17:19 <DIR> d-------- C:\Programme\Norton Internet Security
2008-03-14 20:44 . 2008-03-14 21:59 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-14 20:44 . 2008-03-14 21:59 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-14 20:44 . 2008-03-14 21:59 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-14 20:44 . 2008-03-14 21:59 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-09 11:38 . 2008-03-09 11:38 <DIR> d-------- C:\Programme\Vista Drive Icon
2008-03-09 09:58 . 2008-03-13 18:44 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-03-09 09:58 . 2008-03-09 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\**\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-09 09:58 . 2008-03-09 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-09 09:15 . 2008-03-09 09:16 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-03-09 09:14 . 2008-03-28 19:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-09 09:06 . 2008-03-09 09:06 <DIR> d-------- C:\Programme\MyTube
2008-03-08 00:31 . 2008-03-08 00:35 <DIR> d-------- C:\Programme\LEGO Desktop Toys
2008-03-08 00:23 . 2008-03-08 00:23 <DIR> d-------- C:\Programme\Actual Earth 3D
2008-03-08 00:23 . 2008-03-08 00:23 111,616 --a------ C:\WINDOWS\system32\ActualEarth.scr
2008-03-08 00:14 . 2008-03-08 00:14 <DIR> d-------- C:\Programme\Actual Moon 3D
2008-03-08 00:14 . 2008-03-08 00:14 102,400 --a------ C:\WINDOWS\system32\ActualMoon.scr
2008-03-07 23:47 . 2008-03-28 20:16 <DIR> d-------- C:\Programme\Thoosje Sidebar V2.3
2008-03-06 00:29 . 2008-03-06 00:29 <DIR> d-------- C:\Programme\Autostart ok-s
2008-03-05 23:44 . 2008-03-05 23:57 <DIR> d-------- C:\Programme\RegSupreme
2008-03-05 23:44 . 2008-03-05 23:44 23 --a------ C:\WINDOWS\system32\aafffa_g.ocx
2008-03-05 23:02 . 2008-03-05 23:05 <DIR> d-------- C:\Programme\Wise Registry Cleaner 3
2008-03-05 22:57 . 2008-03-05 23:00 <DIR> d-------- C:\Programme\Registry Easy

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 20:03 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-03-28 19:07 --------- d-----w C:\Programme\Java
2008-03-28 18:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-03-21 10:18 --------- d-----w C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChessBase
2008-03-14 20:59 --------- d-----w C:\Programme\Symantec
2008-03-09 09:36 --------- d-----w C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org2
2008-03-08 12:27 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laconic Software
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 19:32 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-04 22:01 --------- d-----w C:\Programme\SmartTRAK
2008-02-24 18:17 --------- d-----w C:\Programme\Opera
2008-02-16 10:55 --------- d-----w C:\Programme\NT Registry Optimizer
2008-02-12 18:48 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-01-18 14:15 200,704 ----a-w C:\WINDOWS\system32\ConTest.dll
2007-02-06 12:02 0 -c--a-w C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-14 21:33 116088 --a------ C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Programme\IncrediMail\bin\IncMail.exe" [2007-03-01 17:01 208946]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 30208]
"AlfaClock Classic"="C:\Programme\AlfaClock\AlfaClock.exe" [2005-07-13 18:38 1378304]
"T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2005-09-14 15:18 626740]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 21:09 1211176]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 19:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 09:42 7585792]
"nwiz"="nwiz.exe" [2006-08-16 09:42 1617920 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 15:56 16280064 C:\WINDOWS\Rthdcpl.exe]
"FuncKey"="C:\Programme\Hotkey Management\FuncKey.exe" [2006-09-05 20:29 139264]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"ACU"="C:\Programme\Atheros\ACU.exe" [2006-08-09 22:20 344187]
"DrvIcon"="C:\Programme\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 30208]
"DWQueuedReporting"="C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264]
"T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2005-09-14 15:18 626740]
"InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.exe" [2005-11-29 11:04 847872]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Dokumente und Einstellungen\Michael Zolker\Startmen�\Programme\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
Thoosje Vista Sidebar.lnk - C:\Programme\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-22 01:28:57 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^movie - XL.lnk]
backup=C:\WINDOWS\pss\movie - XL.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a------ 2006-01-25 17:45 53248 C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
--a------ 2006-05-19 14:23 55808 C:\Programme\Schlecker Fotoservice\dd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 21:09 1211176 C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-03-09 16:15 40960 C:\Programme\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programme\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-03-09 15:54 57393 C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 22:18 443968 C:\Programme\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 09:54 282624 C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-04-15 16:13 45056 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 19:29 68856 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
--a------ 2005-06-27 13:32 278528 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:56 204288 C:\Programme\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Programme\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Programme\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\SecondLife\\SecondLife.exe"=
"C:\\Programme\\Opera\\Opera.exe"=
"C:\\Programme\\SecondLife\\SLVoice.exe"=
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"= C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Dokumente und Einstellungen\\***\\Desktop\\My eBooks\\Software\\Internet Software\\incredimail_install.exe"=
"C:\\Dokumente und Einstellungen\\***\\Lokale Einstellungen\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-04-23 18:05]
R2 TOnlineStorageMgrSvc;TOnlineStorageMgrSvc;"C:\Programme\T-Online\Storagemanager\TOnlineStorageMgrSvc.exe" [2006-04-07 12:34]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2004-03-01 16:03]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 04:49]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-06-02 11:52]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 11:49]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe []
S3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys [2006-09-18 09:40]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2005-09-28 09:58]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
"2008-03-28 19:54:01 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Programme\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 22:33:52 C:\WINDOWS\Tasks\Norton Internet Security Online - Systemprüfung ausführen - ***.job"
- C:\Programme\Norton Internet Security\Norton AntiVirus\Navw32.exel/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 21:03:49
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_6\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized"
.
Zeit der Fertigstellung: 2008-03-28 21:05:08
ComboFix-quarantined-files.txt 2008-03-28 20:04:20
30 Verzeichnis(se), 75,939,274,752 Bytes frei
34 Verzeichnis(se), 75,924,312,064 Bytes frei
.
2008-03-28 18:45:03 --- E O F ---

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\Programme\Hotkey Management\FuncKey.exe

C:\Programme\Vista Drive Icon\DrvIcon.exe

C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll

C:\WINDOWS\system32\aafffa_g.ocx

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 03/28/2008 at 11:19 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type : Complete Scan
Total Scan Time : 01:40:38

Memory items scanned : 568
Memory threats detected : 0
Registry items scanned : 6568
Registry threats detected : 0
File items scanned : 149843
File threats detected : 4

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\***\Cookies\***@statsweb.bnpparibas[1].txt

Trojan.Security Toolbar
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAMME\EVEREST POKER.NET\CASINO.EXE

Datei FuncKey.exe empfangen 2008.03.28 23:51:51 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/32 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 4.
Geschätzte Startzeit is zwischen 50 und 72 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.28 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.28 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.28 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.28 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.28 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2982 2008.03.28 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.28 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.28.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.28 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 139264 bytes
MD5: 5f2093010b5cabe780e0a37d3aec9add
SHA1: d20e55188d508dc85b8b8578877f6bb87ef41f85
PEiD: Armadillo v1.71

Datei XEBShell.dll empfangen 2008.03.29 00:22:58 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.28 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.28 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.28 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.29 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 Suspicious File
eTrust-Vet 31.3.5651 2008.03.28 -
Ewido 4.0 2008.03.28 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.29 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2982 2008.03.28 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.28 Suspicious file
Prevx1 V2 2008.03.29 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.28.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.28 -
Webwasher-Gateway 6.6.2 2008.03.28 Virus.Win32.FileInfector.gen!90 (suspicious)
weitere Informationen
File size: 224256 bytes
MD5: 7d9fdf76e25e515ae58552b1fb5266ce
SHA1: 289b9d68057c4d884f3ac534b7ac8485c76b14b6
PEiD: PECompact 2.xx --&gt; BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact

Datei aafffa_g.ocx empfangen 2008.03.29 00:30:30 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.28 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.28 -
Avast 4.7.1098.0 2008.03.28 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.29 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.29 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.28 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.28 -
FileAdvisor 1 2008.03.29 -
Fortinet 3.14.0.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.28 -
Kaspersky 7.0.0.125 2008.03.28 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2982 2008.03.28 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.28 -
Prevx1 V2 2008.03.29 -
Rising 20.37.41.00 2008.03.28 -
Sophos 4.28.0 2008.03.28 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.28 -
TheHacker 6.2.92.257 2008.03.27 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.28 -
Webwasher-Gateway 6.6.2 2008.03.28 -
weitere Informationen
File size: 23 bytes
MD5: 4724c1060e9c9f286c12dd1d8a8c5d7a
SHA1: 98ab2af1b85b7a6bebf89c09b643c30f9866fa24
PEiD: -

Datei DrvIcon.exe empfangen 2008.03.29 12:54:14 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.29.0 2008.03.28 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.29 -
Avast 4.7.1098.0 2008.03.28 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.29 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.29 -
DrWeb 4.44.0.09170 2008.03.28 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.28 -
FileAdvisor 1 2008.03.29 -
Fortinet 3.14.0.0 2008.03.29 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.28 -
Ikarus T3.1.1.20 2008.03.29 -
Kaspersky 7.0.0.125 2008.03.29 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2983 2008.03.29 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.29 -
Prevx1 V2 2008.03.29 -
Rising 20.37.51.00 2008.03.29 -
Sophos 4.28.0 2008.03.29 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.29 -
TheHacker 6.2.92.258 2008.03.29 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.28 -
Webwasher-Gateway 6.6.2 2008.03.29 -
weitere Informationen
File size: 45056 bytes
MD5: 53a63d37acc05e8ffbad4e9a1622ab59
SHA1: b040e1e621512350c878b2d6984f6d4640054c3d
PEiD: -

Also ich kann da keine Infizierung feststellen..

Ab welchem Schritt bootet der Rechnerlangsam? Nach, oder vorderAnmeldung bzw. beim Laden von welchem Programm?

Und was bedeutet der Fund: Virus.Win32.FileInfector.gen!90 (suspicious)

Auf der Willkommen Seite dauert es ziemlich lange.

Gruß Michael

Aber trotzdem recht vielen Dank

Der Fund bedeutet das en Virenscanner die Datei verdächtig findet. Wenn duganz sichergehen möchtest verschiebe sie in den Papierkorb und lasse sie dort eine Weile.. Ich denke aber eigentlich nicht, dass sie schädlich ist...
Nach 'ner Zeit (wenn du sicher bist, dass sie nicht wichtig für's System ist) kannst du sie löschen.

Hast du Lavasoft deinstalliert und den Windows Defender deaktiviert?
Norton kann zu Systeminstabillität führen und ist eh nicht besonders gut...

Hallo Undoreal

habe jetzt noch mal alles afgeräumt auf meienem Laptop und habe noch mal alle Programme die am Anfang mit hochladen etwas abgespeckt und jetzt braucht er noch um die 3 min.
Denke das is OK.
Ja ich glaube auch das es an Norton liegt weil es am Anfang glaub ich immer einen scan macht. Und mein mail Programm durchsucht auch gleich beim start meine Konten.
Werde dies jetzt auch mal kurz deaktivieren und mal sehen ob es daran liegt.

Also recht vielen Dank für deine Hilfe
Gruß mzolker

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:36, on 02.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\a-squared Anti-Dialer\a2service.exe
C:\Programme\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\MediaMonkey\MediaMonkey.exe
C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Dokumente und Einstellungen\Mitchell\Desktop\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: (no name) - {060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} - C:\WINDOWS\system32\cbXNEVll.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {bfdc43bb-03bc-4415-9b76-579a78e21d57} - C:\WINDOWS\system32\fccCrqrq.dll
O2 - BHO: {1334ade9-bab1-aa4a-2d34-02d7f5b6565d} - {d5656b5f-7d20-43d2-a4aa-1bab9eda4331} - C:\WINDOWS\system32\ykmxrvbf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BM9f2d8660] Rundll32.exe "C:\WINDOWS\system32\dsuhmykv.dll",s
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206563162987
O20 - Winlogon Notify: cbXNEVll - C:\WINDOWS\SYSTEM32\cbXNEVll.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programme\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Ashampoo AntiSpyWare 2 Service (aasw2_service) - Unknown owner - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 5727 bytes



Danke schonmal.