Problem mit Win32.Warezov-BUI / odtemdt2.exe in ..\system32

#1 Hallo,

als Anfänger in diesem Forum bitte ich euch mir bei meinen Problem zu helfen. Auch ich habe diesen Virus und versuche ihn los zu werden.

Vielen Danke.

Der Name des Virus lautet:Win32:Warezov-BUI [Wrm] - C:\WINDOWS\System32\odtemdt2.exe\[Upack]


Logfile of HijackThis v1.99.1
Scan saved at 10:55:39, on 09.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\PowerS.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\DOKUME~1\Julia\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.de.ag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu256\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu256\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu256\toolbaru.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: strmatkc.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

Verzeichnis von C:\WINDOWS\system32

09.04.2007 10:44 1.158 wpa.dbl
08.04.2007 15:17 20 PDBootState
04.04.2007 11:20 345.808 FNTCACHE.DAT
01.04.2007 02:10 3.002 CONFIG.NT
31.03.2007 17:23 4 odtemdt2.dat
31.03.2007 11:18 394.778 perfh009.dat
31.03.2007 11:18 60.112 perfc009.dat
31.03.2007 11:18 408.686 perfh007.dat
31.03.2007 11:18 72.512 perfc007.dat
31.03.2007 11:18 945.622 PerfStringBackup.INI
22.03.2007 17:09 77.824 nmevmsas.dll
22.03.2007 17:09 61.440 wmpcmsyu.exe
22.03.2007 17:09 77.824 strmatkc.dll
22.03.2007 17:09 241.664 odtemdt2.dll
15.03.2007 18:19 1.476.992 LegitCheckControl.dll
15.03.2007 18:17 337.280 WgaTray.exe
15.03.2007 18:16 236.928 WgaLogon.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:32 1.843.712 win32k.sys
07.03.2007 22:36 12.619.736 MRT.exe
17.02.2007 14:50 16.832 amcompat.tlb
17.02.2007 14:50 23.392 nscompat.tlb
17.02.2007 11:49 120.320 czip.ocx
17.02.2007 11:49 29.696 sfx32.dll


Verzeichnis von C:\DOKUME~1\Julia\LOKALE~1\Temp

09.04.2007 11:33 1.228 TWAIN.LOG
09.04.2007 11:33 3 Twain001.Mtx
09.04.2007 11:33 156 Twunk001.MTX
09.04.2007 10:58 0 Twunk002.MTX
09.04.2007 10:55 16.384 ~DF12AF.tmp
09.04.2007 10:52 49.152 ~DF8A64.tmp
6 Datei(en) 66.923 Bytes
0 Verzeichnis(se), 15.608.934.400 Bytes frei

Verzeichnis von C:\WINDOWS

09.04.2007 11:37 32.604 SchedLgU.Txt
09.04.2007 10:50 273 system.ini
09.04.2007 10:50 1.015 win.ini
09.04.2007 10:42 0 0.log
09.04.2007 10:42 1.253.280 WindowsUpdate.log
09.04.2007 10:42 159 wiadebug.log
09.04.2007 10:42 50 wiaservc.log
09.04.2007 10:42 2.048 bootstat.dat
08.04.2007 18:29 54.156 QTFont.qfn
02.04.2007 05:21 116 NeroDigital.ini
29.03.2007 08:24 0 x0h7bh.reg
22.03.2007 19:26 0 r81j7l4g.pif
22.03.2007 19:22 0 j2xbgwck2.bmp
22.03.2007 18:16 0 9ergx.dat
22.03.2007 18:16 35.328 sk.exe
19.03.2007 22:54 1.648 ODBC.INI
04.03.2007 23:33 7.680 Thumbs.db
26.02.2007 23:26 202 tsctv.ini
26.02.2007 23:26 5.223 TSCTNDBG.INI
26.02.2007 23:26 17.891 Tsctvfm.ini
26.02.2007 23:26 804 TSCTVDIV.BIN
26.02.2007 23:26 9.858 TSCTVDIV.INI
26.02.2007 23:26 454 TSCFM.INI
20.02.2007 17:24 1.409 QTFont.for
20.02.2007 15:35 109 TSNV_I2C.INI
17.02.2007 13:40 18 xkalFree2007.dat
16.02.2007 17:42 1.920 ModemLog_Standardmodem.txt
07.02.2007 19:35 0 mngui.INI
17.01.2007 03:10 316.640 WMSysPr9.prx
17.01.2007 01:38 7.608 ModemLog_Nokia E61 USB Modem.txt
15.01.2007 02:43 19 SoundConverter.INI


Verzeichnis von C:\WINDOWS\Temp

09.04.2007 10:42 16.384 Perflib_Perfdata_7a4.dat
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 15.608.918.016 Bytes frei


Verzeichnis von C:\WINDOWS\Downloaded Program Files

13.10.2006 00:24 361 OGAControl.inf
27.08.2005 14:30 5.065 swflash.inf
29.09.2003 11:04 65 desktop.ini
25.08.2003 18:12 1.096 iuctl.inf
31.05.2002 10:19 117.328 PURde-de.dll
5 Datei(en) 123.915 Bytes
0 Verzeichnis(se), 15.608.918.016 Bytes frei


Verzeichnis von C:\

09.04.2007 11:45 0 sys.txt
09.04.2007 11:45 494 down.txt
09.04.2007 11:44 289 tmp.txt
09.04.2007 11:43 8.910 system.txt
09.04.2007 11:42 538 systemtemp.txt
09.04.2007 11:17 122.995 system32.txt
09.04.2007 10:50 211 boot.ini
09.04.2007 10:42 536.403.968 hiberfil.sys
09.04.2007 10:41 402.653.184 pagefile.sys
07.04.2007 11:40 134.683 dirdat.txt
24.03.2007 04:30 312.679 hpfr5100.log
18.03.2007 07:48 26.624 Aufbau der Sponsorrings-SK_Sbija.xls
20.02.2007 15:35 15.872 preview1.grf
17.02.2007 13:48 13.030 PDOXUSRS.NET

#2 Nutze bitte einmal diesen Cleaner: http://www.viry.cz/forum/viewtopic.php?t=21484#243785

Er sollte sich fuer deine Variante eignen..
__________
MfG Ralf
SEO-Spam Hunter

#3 Vielen Dank,

das ist dabei herausgekommen. Was ist bitte als nächstes zu tun?

MfG
Tkozla

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pinksrtb

*******************

Script file located at: \??\C:\WINDOWS\ngeuoghd.txt
Script file opened successfully.

Script file read successfully

#4 Poste bitte ein neues Hijackthis log.
__________
MfG Ralf
SEO-Spam Hunter

#5 Hallo Ralf,

vielen Dank für deine Hilfe. Es hat scheinbar funktioniert. Ich bekomme keine Virusmeldung von Avast!

MfG

Tkozla

#6 Logfile of HijackThis v1.99.1
Scan saved at 17:57:03, on 25.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Buhl\Virus Killer Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Buhl\Virus Killer\bdnagent.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Buhl\Virus Killer\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\odtemdt2.exe
C:\Programme\Gemeinsame Dateien\Buhl\Virus Killer Scan Server\bdss.exe
C:\Programme\Buhl\Virus Killer\vsserv.exe
c:\progra~1\buhl\virusk~1\bdmcon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Dokumente und Einstellungen\Ramona\Desktop\Spiele\avenger.exe
C:\Dokumente und Einstellungen\Ramona\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WP27OXQR\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buffy.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Buhl\VIRUSK~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Buhl\Virus Killer\bdnagent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Buhl\Virus Killer\bdswitch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O20 - AppInit_DLLs: sockspy.dll strmatkc.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Virus Killer Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Buhl\Virus Killer Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virus Killer Virus Shield (VSSERV) - Unknown owner - C:\Programme\Buhl\Virus Killer\vsserv.exe" /service (file missing)
O23 - Service: Virus Killer Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Buhl\Virus Killer Communicator\xcommsvr.exe" /service (file missing)