Nach der Anmeldung hängt der Computer

#1 Hallo

Mein Problem ist, dass der Computer sich nach der Anmeldung aufhängt. Nichts reagiert, man kann nur noch den Mauszeiger bewegen. Ich vermute das es ein Virus o.ä. ist, weil im abgesicherten Modus funktioniert alles normal, weil ja nur die wichtigsten Dienste gestartet wurden.

HijackThis:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 15:23:27, on 02.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Programme\IE7pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19AC4170-A45D-4AC8-9E57-FC42C8D2B8B6} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0D2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EasyTuneV] E:\Programme\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [LDM] E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0D2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [StartCCC] E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://E:\Programme\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://E:\Programme\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?9916d93b1fcd4061a05bf38fdf7d5366
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://E:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?9916d93b1fcd4061a05bf38fdf7d5366
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word öffnen (PDF Converter 3.0) - res://E:\Programme\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /500
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Programme\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Programme\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bw+0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {CED31220-871F-44C3-B5C4-8BE15DC54D91} - E:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkzr32 - winkzr32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FPSC - Unknown owner - C:\DOKUME~1\Benutzer\LOKALE~1\Temp\FPSC.exe (file missing)
O23 - Service: HNNGRYN - Unknown owner - C:\DOKUME~1\Benutzer\LOKALE~1\Temp\HNNGRYN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - e:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - E:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PAGGFKG - Unknown owner - C:\DOKUME~1\Benutzer\LOKALE~1\Temp\PAGGFKG.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Programme\UltraVNC\winvnc.exe" -service (file missing)
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - F:\Downloads\tools\aircrack-ng-0.6.2-win\aircrack-ng-0.6.2-win\bin\wzcook.exe" (file missing)

ComboFix:

Zitat

"Benutzer" - 2007-06-02 15:24:20 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.BV - Running from: "C:\Dokumente und Einstellungen\Benutzer\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\components"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\LEGACY_NM
-------\Iprip
-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


2007-06-01 19:46 <DIR> d-------- C:\WINDOWS\CSC
2007-05-29 17:57 720,896 --a------ C:\DOKUME~1\LOCALS~1\ntuser.dat
2007-05-28 13:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Office Genuine Advantage
2007-05-27 13:17 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
2007-05-23 18:14 <DIR> dr-h----- C:\MSOCache
2007-05-22 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GDMcom
2007-05-22 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GDMcom
2007-05-22 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Eltima
2007-05-22 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Eltima
2007-05-22 16:48 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-17 21:38 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Autodesk Shared
2007-05-17 21:38 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Autodesk Shared
2007-05-17 15:02 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\Engelmann Media
2007-05-17 14:48 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Elaborate Bytes
2007-05-17 14:23 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\DVD Shrink
2007-05-16 16:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2007-05-16 16:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EZB Systems
2007-05-16 09:16 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-05-15 14:30 <DIR> d-------- C:\Testbilder
2007-05-15 10:16 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\Ahead
2007-05-15 10:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-05-15 10:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-05-15 10:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
2007-05-14 21:08 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\JAM Software
2007-05-13 16:09 <DIR> d-------- C:\TEMP
2007-05-11 02:09 1,050,120 --a------ C:\WINDOWS\system32\oodag.exe
2007-05-11 02:08 2,512,392 --a------ C:\WINDOWS\system32\oodtray.exe
2007-05-11 02:08 194,056 --a------ C:\WINDOWS\system32\oodbs.exe
2007-05-11 02:07 206,344 --a------ C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 02:07 16,904 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-05-11 02:07 15,880 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-05-11 02:07 10,248 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-05-10 23:19 38,160 --a------ C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 23:18 15,368 --a------ C:\WINDOWS\system32\ootmapi.dll
2007-05-10 16:23 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-05-10 16:23 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-05-10 16:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-05-10 16:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-05-10 14:39 322,560 --a------ C:\WINDOWS\SSSUn.EXE
2007-05-09 14:38 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\ABBYY
2007-05-08 18:13 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\Zeon
2007-05-07 17:58 10 --a------ C:\WINDOWS\popcinfo.dat
2007-05-07 17:01 4 --a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\817CFDEC.DAT
2007-05-07 17:00 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\MilkShape 3D 1.x.x
2007-05-06 17:18 <DIR> d-------- C:\DOKUME~1\Benutzer\ANWEND~1\Flock
2007-05-06 13:40 <DIR> d-------- C:\WINDOWS\system32\DocucomRes6
2007-05-06 13:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\zeon
2007-05-05 14:16 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-05-02 17:54 968,976 --a------ C:\WINDOWS\system32\CalcPlus.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 17:26:40 -------- d-----w E:\Programme\HHVcdV6Sys
2007-06-01 17:12:36 -------- d-----w E:\Programme\Windows Live Toolbar
2007-06-01 17:00:52 -------- d-----w E:\Programme\Steam
2007-06-01 16:13:33 -------- d--h--w E:\Programme\InstallShield Installation Information
2007-06-01 16:13:30 -------- d-----w E:\Programme\Virtual CD v6
2007-05-30 11:41:13 -------- d-----w E:\Programme\PSFtp Free
2007-05-29 16:44:14 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\teamspeak2
2007-05-28 11:20:21 600,388 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-28 11:20:21 137,764 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-28 11:19:35 -------- d-----w E:\Programme\IE7pro
2007-05-28 10:41:00 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\uTorrent
2007-05-27 17:55:45 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\Hamachi
2007-05-26 09:01:04 -------- d-----w E:\Programme\Futuremark
2007-05-25 15:21:24 -------- d-----w E:\Programme\MSN Messenger
2007-05-25 12:52:11 -------- d-----w E:\Programme\UnH Solutions
2007-05-25 05:18:22 -------- d-----w E:\Programme\nLite
2007-05-24 17:43:03 -------- d-----w E:\Programme\vLite
2007-05-22 17:52:22 -------- d-----w E:\Programme\GDMcom
2007-05-22 14:48:14 -------- d-----w E:\Programme\Microsoft Works
2007-05-22 14:47:59 -------- d-----w E:\Programme\Microsoft Expression
2007-05-17 19:44:32 -------- d-----w E:\Programme\Autodesk
2007-05-17 18:59:47 -------- d-----w E:\Programme\depends22_x86
2007-05-17 13:12:53 -------- d-----w E:\Programme\Mafia
2007-05-17 13:02:43 -------- d-----w E:\Programme\S.A.D
2007-05-17 12:35:30 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\SlySoft
2007-05-17 12:23:09 -------- d-----w E:\Programme\DVD Shrink DE
2007-05-16 14:26:15 -------- d-----w E:\Programme\UltraISO
2007-05-16 07:14:06 -------- d-----w E:\Programme\OO Software
2007-05-15 15:25:50 -------- d-----w E:\Programme\Electronic Arts
2007-05-15 15:17:44 -------- d-----w E:\Programme\EA GAMES
2007-05-15 11:17:35 -------- d-----w E:\Programme\Lavalys
2007-05-15 08:14:01 -------- d-----w E:\Programme\Nero
2007-05-14 19:08:30 -------- d-----w E:\Programme\JAM Software
2007-05-13 19:45:20 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\AUC
2007-05-13 19:39:09 -------- d-----w E:\Programme\Google
2007-05-13 10:24:56 -------- d-----w E:\Programme\CamStudio
2007-05-12 19:05:44 -------- d-----w E:\Programme\Deluxe Snake
2007-05-10 14:18:51 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\Real
2007-05-10 14:13:31 -------- d-----w C:\Programme\Gemeinsame Dateien\Real
2007-05-10 12:40:57 -------- d-----w E:\Programme\SSS
2007-05-09 12:28:44 -------- d-----w E:\Programme\Digitale Bibliothek 4
2007-05-09 09:11:41 -------- d-----w E:\Programme\Microsoft CAPICOM 2.1.0.2
2007-05-09 07:11:28 -------- d-----w E:\Programme\Paint.NET
2007-05-08 17:22:38 -------- d-----w E:\Programme\Fraps
2007-05-07 15:00:48 -------- d-----w E:\Programme\MilkShape 3D 1.8.0
2007-05-07 14:50:12 -------- d-----w E:\Programme\LingoPad
2007-05-07 14:48:54 -------- d-----w E:\Programme\MilkShape 3D 1.7.7a
2007-05-06 15:29:13 -------- d-----w E:\Programme\Flock
2007-05-06 15:29:12 -------- d-----w E:\Programme\Opera 9
2007-05-06 11:40:42 -------- d-----w E:\Programme\ScanSoft
2007-05-06 10:34:13 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\ScanSoft
2007-05-05 15:04:23 -------- d-----w E:\Programme\WinFAQ
2007-05-05 14:46:24 -------- d-----w E:\Programme\Mozilla Thunderbird
2007-05-05 13:38:47 -------- d-----w E:\Programme\Mailbomber
2007-05-05 12:16:31 -------- d-----w E:\Programme\MagicDisc
2007-05-03 13:41:02 -------- d-----w E:\Programme\LimeWire
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-29 16:10:13 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\The Labyrinth Plus! Edition
2007-04-29 16:09:07 -------- d-----w E:\Programme\Microsoft Plus!
2007-04-28 19:47:34 -------- d-----w E:\Programme\MagicISO
2007-04-28 11:24:40 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\Offline Explorer
2007-04-24 17:32:00 7,031 ----a-w C:\WINDOWS\mozver.dat
2007-04-24 17:02:06 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\Talkback
2007-04-24 04:58:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-24 04:26:08 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-20 18:27:55 -------- d-----w E:\Programme\Prime95
2007-04-20 18:01:12 -------- d-----w E:\Programme\Gigabyte
2007-04-19 05:46:41 -------- d-----w E:\Programme\Yahoo!
2007-04-18 18:43:01 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\ATI
2007-04-18 18:42:19 -------- d-----w E:\Programme\ATI Technologies
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 15:16:21 -------- d-----w E:\Programme\MSDN
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-14 12:30:18 -------- d-----w C:\DOKUME~1\Benutzer\ANWEND~1\SiteAdvisor
2007-04-11 12:30:31 -------- d-----w E:\Programme\a-squared Free
2007-04-11 11:47:02 -------- d-----w E:\Programme\uTorrent
2007-04-11 06:44:18 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-04-10 16:36:34 -------- d-----w E:\Programme\SiMoCo
2007-04-09 18:28:54 524,800 ----a-w C:\WINDOWS\system32\Carmen Electra.scr
2007-04-09 18:12:55 78,336 ----a-w C:\WINDOWS\pysoft_uninstaller.exe
2007-04-09 12:26:45 -------- d-----w E:\Programme\movie maker
2007-04-09 10:23:58 -------- d-----w E:\Programme\TippGeneratorFree
2007-04-08 17:48:41 -------- d-----w E:\Programme\Formatwandler
2007-04-08 12:18:21 -------- d-----w E:\Programme\IrfanView
2007-04-08 11:23:03 -------- d-----w E:\Programme\CHIP System-Check-Tool
2007-04-08 10:34:57 -------- d-----w E:\Programme\Digibib4
2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-01 12:34:21 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-03-29 17:48:02 148,056 ----a-w C:\DOKUME~1\steve\ANWEND~1\GDIPFONTCACHEV1.DAT
2007-03-22 19:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-13 17:58:53 194,560 ----a-w C:\WINDOWS\Evolution IX screensaver.scr
2007-03-13 17:58:36 606,848 ----a-w C:\WINDOWS\flashax.exe
2007-03-13 17:58:36 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-12 11:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
2007-03-02 09:40:42 549,888 ----a-w C:\WINDOWS\system32\stdvcl40.dll
2007-03-02 09:40:42 25,600 ----a-w C:\WINDOWS\system32\borlndmm.dll
2007-01-19 15:45:06 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-19 15:45:03 88 --sh--r C:\WINDOWS\system32\0E3762BDD0.sys
2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00011268-E188-40DF-A514-835FCD78B1BF}=E:\Programme\IE7pro\IE7Pro.dll [2007-05-15 16:43]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 15:06]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=E:\Programme\ICQToolbar\toolbaru.dll []
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=E:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" []
"Launch LGDCore"="E:\Programme\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31]
"Launch LCDMon"="E:\Programme\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Adobe Photo Downloader"="E:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"@"="" []
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"EasyTuneV"="E:\Programme\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="E:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-09-02 22:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0D2.exe" [2003-09-12 03:00]
"Steam"="" []
"@"="" []
"StartCCC"="E:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"WMPNSCFG"="E:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkzr32]
winkzr32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Privoxy.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^MagicDisc.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benutzer^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
path=C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"E:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
E:\Programme\avmwlanstick\wlangui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Batdatei]
"C:\Dokumente und Einstellungen\Benutzer\Desktop\löschen.bat"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"E:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
E:\Programme\SimonTools\CyberGhost\CGhost.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
E:\Programme\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"E:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"E:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
E:\Programme\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JoyThe]
C:\DOKUME~1\Benutzer\ANWEND~1\STOPFA~1\Pollshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
"E:\Programme\ScanSoft\OmniPage15.0\OpScheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
"E:\Programme\ScanSoft\OmniPage15.0\Opware15.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE3]
"E:\Programme\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
"E:\Programme\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
"E:\Programme\PDFDrucker\PDF24Updater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Programme\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"E:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
E:\Programme\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"E:\Programme\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
E:\MAGIX\Video_deluxe_2007_e-version\TrayServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
"E:\Programme\Vidalia\vidalia.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"E:\Programme\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"E:\Programme\UltraVNC\winvnc.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
E:\Programme\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XTIC]
e:\programme\lg xtick2.91\xtick.exe sys_auto_run E:\Programme\LG XTICK2.91

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
"VC6SecS"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"AVM WLAN Connection Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="E:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]
AutoRun\command- R:\CD_Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85725776-3a91-11db-85bd-000fea848dab}]
AutoRun\command- O:\

*Newly Created Service* - LBEEPKE

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 15:50:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C84 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0D2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"???????;???????9????????????????a?w,????????????????????????????????????b?w????????????????8???????????h??w????????????z??w???????????????|???????

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-02 15:52:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-02 15:52

--- E O F ---

Der Benutzer heißt "Benutzer", weil der als einziger Adminrechte hat auf dem Familiernpc.

#2 Ich Poste mal Stumpf etwas, das du nicht in die Doppelpostsperre laeufst.
__________
MfG Ralf
SEO-Spam Hunter

#3 Danke für deinen Post. So habe jetzt alles reingestellt siehe oben.
Schon mal vielen Danke.
Ich hoffe doch es ist ein Virus.