Hallo,
ich merke Schwergängigkeiten bei meinem System und da alle Schutzprogramme den Geist aufgeben brauche ich nun Rat von Experten.

Anbei der Log von Hijack.
Schonmal vielen Dank für die Hilfe.

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Zitat:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia\Common\852f004c19.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191598018468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4946B3-FE44-4990-8CB2-1DFAB7105F03}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CB01BF-93E6-48CC-B606-FB2CB6B20B83}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe

--
End of file - 7469 bytes

Hallo und

Das Logfile ist unvollständig, es fehlt der Kopf vom HJT-Log. Führe bitte den CCleaner und RSIT aus, poste die Logs von RSIT.

Ist alles was drin war.

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:20, on 21.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia\Common\852f004c19.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1659004503-152049171-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Surfen')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191598018468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4946B3-FE44-4990-8CB2-1DFAB7105F03}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CB01BF-93E6-48CC-B606-FB2CB6B20B83}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe

--
End of file - 7561 bytes

Was ist mit CCleaner + RSIT?

Verzeihung, die Logs werden noch folgen.
Über die Feiertage war ich kaum an meinem PC.

Gruß

Hier das geforderte LOG-File.
Seit neustem macht mir der Process svchost.exe Probleme, er nimmt sich 90-99% der Prozessor-Leistung. Alle Vorschläge die ich dazu gefunden habe waren ohne Erfolg.

Gruß

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Popgl at 2009-12-28 14:35:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (29%) free of 153 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:30, on 28.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\scrnsave.scr
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Popgl\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\Popgl.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia\Common\852f004c19.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1659004503-152049171-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Surfen')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191598018468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4946B3-FE44-4990-8CB2-1DFAB7105F03}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CB01BF-93E6-48CC-B606-FB2CB6B20B83}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe

--
End of file - 7979 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-11-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus Xtreme G"=C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe [2003-11-04 2502656]
"ANIWZCSService"=C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe [2003-08-21 32768]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"zzzHPSETUP"=E:\Setup.exe []
"Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"Realtime Audio Engine"=mmrtkrnl.exe /i []
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-11-03 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"rundll32.exe"= []
"WAB"=C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia\Common\852f004c19.exe [2009-12-22 24576]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

C:\Dokumente und Einstellungen\Popgl\Startmenü\Programme\Autostart
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Programme\UnrealTournament\System\UnrealTournament.exe"="C:\Programme\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\Programme\World of Warcraft\BackgroundDownloader.exe"="D:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\EA GAMES\Command and Conquer Generäle\game.dat"="C:\Programme\EA GAMES\Command and Conquer Generäle\game.dat:*:Enabled:game"
"D:\Programme\World of Warcraft\WoW-2.0.3-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.3-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Backup\Sierra\Counter-Strike\cstrike.exe"="D:\Backup\Sierra\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\Programme\Counter-Strike\cstrike.exe"="C:\Programme\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\Programme\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Programme\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Programme\Croteam\Serious Sam\Bin\SeriousSam.exe"="C:\Programme\Croteam\Serious Sam\Bin\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Programme\Diablo II\Game.exe"="C:\Programme\Diablo II\Game.exe:*:Enablediablo II"
"C:\Programme\GTA2\gta2.icd"="C:\Programme\GTA2\gta2.icd:*:Enabled:GTA2 main executable"
"C:\Team17\Worms2\frontend.exe"="C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Programme\Firefly Studios\Stronghold\Stronghold.exe"="C:\Programme\Firefly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold"
"C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe"="C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh"
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\Steam\SteamApps\huntedhunter\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\huntedhunter\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe"="C:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Programme\Steam\SteamApps\huntedhunter\source sdk base\hl2.exe"="C:\Programme\Steam\SteamApps\huntedhunter\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\SIERRA\Half-Life\hl.exe"="C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Programme\Team Factor\tf.exe"="C:\Programme\Team Factor\tf.exe:*:Enabled:tf"
"C:\Westwood\Dune2000\DUNE2000.DAT"="C:\Westwood\Dune2000\DUNE2000.DAT:*:Enabledune2000"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Westwood\AR2\game.exe"="C:\Westwood\AR2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Programme\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe"="C:\Programme\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh"
"C:\Programme\Anno 1701\Anno1701.exe"="C:\Programme\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Dokumente und Einstellungen\Popgl\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - a21b5fd8\Launcher.exe"="C:\Dokumente und Einstellungen\Popgl\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - a21b5fd8\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Dokumente und Einstellungen\Popgl\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 117aa3d0\Launcher.exe"="C:\Dokumente und Einstellungen\Popgl\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 117aa3d0\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programme\Hamachi\hamachi.exe"="C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Dokumente und Einstellungen\Popgl\Desktop\GTA2\gta2.exe"="C:\Dokumente und Einstellungen\Popgl\Desktop\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Programme\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Westwood\SUN\Game.exe"="C:\Westwood\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"D:\Programme\World of Warcraft\Launcher.exe"="D:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Croteam\Serious Sam - The Second Encounter\Bin\SeriousSam.exe"="C:\Programme\Croteam\Serious Sam - The Second Encounter\Bin\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\Dokumente und Einstellungen\Popgl\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Dokumente und Einstellungen\Popgl\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Programme\Steamless Left4Dead Pack\left4dead.exe"="C:\Programme\Steamless Left4Dead Pack\left4dead.exe:*:Enabled:left4dead"
"D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"I:\Need For Speed Underground\Speed.exe"="I:\Need For Speed Underground\Speed.exe:*isabled:Speed"
"C:\Dokumente und Einstellungen\Popgl\Desktop\Need For Speed Underground\Speed.exe"="C:\Dokumente und Einstellungen\Popgl\Desktop\Need For Speed Underground\Speed.exe:*isabled:Speed"
"C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\RetailExe\1.2\cnc3ep1.dat"="C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\RetailExe\1.2\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kanes Rache"
"G:\Games\GTA2\gta2.exe"="G:\Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe"="C:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"C:\Programme\Electronic Arts\BattleForge\BattleForge.exe"="C:\Programme\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"C:\Programme\Soldier of Fortune Payback\sof3.exe"="C:\Programme\Soldier of Fortune Payback\sof3.exe:*isabled:sof3"
"C:\Programme\Activision Value\Soldier of Fortune Payback\sof3.exe"="C:\Programme\Activision Value\Soldier of Fortune Payback\sof3.exe:*isabled:sof3"
"C:\Programme\Acclaim Entertainment\Turok 2\Turok2MP.exe"="C:\Programme\Acclaim Entertainment\Turok 2\Turok2MP.exe:*isabled:Turok2MP"
"J:\Games\blobby\volley.exe"="J:\Games\blobby\volley.exe:*isabled:volley"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f647a8-93fc-11de-8dfa-000f3d869723}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-28 14:35:47 ----D---- C:\rsit
2009-12-27 15:52:58 ----D---- C:\Programme\RegCleaner
2009-12-27 13:26:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-23 16:48:41 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-23 16:48:41 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-23 16:48:41 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-23 16:48:40 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-23 16:48:39 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-23 16:48:37 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-23 16:48:37 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-23 16:48:34 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-23 16:48:33 ----D---- C:\WINDOWS\Logs
2009-12-21 22:51:21 ----D---- C:\Programme\CCleaner
2009-12-21 13:01:44 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Malwarebytes
2009-12-21 13:01:38 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-21 13:01:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-21 12:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-12-21 12:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-12-21 12:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-12-20 19:05:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-20 19:05:23 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-12-20 19:05:06 ----D---- C:\Programme\Windows Media Connect 2
2009-12-20 19:04:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-12-20 19:03:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-12-20 19:03:10 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-12-20 12:04:26 ----A---- C:\WINDOWS\rasqervy.dll
2009-12-20 12:04:25 ----A---- C:\WINDOWS\sdfinacs.dll
2009-12-20 12:04:18 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-12-20 03:38:33 ----A---- C:\WINDOWS\wuasirvy.dll
2009-12-10 16:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 16:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 16:53:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 16:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 16:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-06 18:29:28 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Command & Conquer 3 Kanes Rache
2009-12-06 18:24:50 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-06 18:24:49 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-06 18:24:48 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-06 18:24:48 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-06 18:24:42 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-06 17:45:01 ----D---- C:\Programme\DAEMON Tools Lite
2009-12-06 17:44:44 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\DAEMON Tools Lite
2009-12-06 17:44:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-12-03 15:30:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground
2009-12-02 17:48:57 ----D---- C:\Programme\Gemeinsame Dateien\DirectX

======List of files/folders modified in the last 1 months======

2009-12-28 14:34:40 ----D---- C:\Programme\Mozilla Firefox
2009-12-28 14:34:31 ----D---- C:\WINDOWS
2009-12-28 14:29:33 ----D---- C:\WINDOWS\Temp
2009-12-28 13:52:38 ----D---- C:\WINDOWS\Prefetch
2009-12-28 13:43:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 09:59:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-28 04:53:56 ----D---- C:\WINDOWS\system32
2009-12-27 22:46:52 ----D---- C:\Programme\Mullti TeamSpeak
2009-12-27 15:52:58 ----RD---- C:\Programme
2009-12-27 13:26:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-27 13:26:36 ----D---- C:\WINDOWS\system32\drivers
2009-12-24 03:10:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-23 17:49:34 ----D---- C:\Programme\Warcraft III
2009-12-23 16:55:17 ----SHD---- C:\WINDOWS\Installer
2009-12-23 16:55:17 ----SHD---- C:\Config.Msi
2009-12-23 16:55:16 ----D---- C:\WINDOWS\WinSxS
2009-12-23 16:48:41 ----HD---- C:\WINDOWS\inf
2009-12-23 16:48:41 ----D---- C:\WINDOWS\system32\DirectX
2009-12-23 16:48:41 ----D---- C:\Programme\Electronic Arts
2009-12-22 20:49:47 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\teamspeak2
2009-12-22 02:02:00 ----SHD---- C:\System Volume Information
2009-12-21 22:53:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-21 22:53:44 ----D---- C:\WINDOWS\Debug
2009-12-21 22:53:42 ----D---- C:\WINDOWS\Minidump
2009-12-21 19:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-12-21 16:59:33 ----D---- C:\Programme\Diablo II
2009-12-21 12:53:02 ----D---- C:\Programme\Spybot - Search & Destroy
2009-12-21 12:47:30 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Spybot - Search & Destroy
2009-12-21 12:28:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-20 19:05:18 ----A---- C:\WINDOWS\win.ini
2009-12-20 19:05:06 ----D---- C:\Programme\Windows Media Player
2009-12-20 19:05:03 ----D---- C:\WINDOWS\Help
2009-12-20 19:03:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-20 18:43:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-20 03:38:14 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia
2009-12-19 17:17:08 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Skype
2009-12-19 16:19:13 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\skypePM
2009-12-17 23:04:55 ----D---- C:\Programme\Steamless Left4Dead Pack
2009-12-12 23:00:01 ----D---- C:\Warhammer Online - Age of Reckoning
2009-12-12 22:57:45 ----D---- C:\Programme\Team Factor
2009-12-12 22:54:17 ----D---- C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Hamachi
2009-12-12 22:20:51 ----D---- C:\Programme\Steam
2009-12-11 17:57:48 ----D---- C:\Programme\DivX
2009-12-11 17:57:25 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-12-10 16:53:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 16:53:00 ----D---- C:\WINDOWS\system32\de-de
2009-12-10 16:53:00 ----D---- C:\Programme\Internet Explorer
2009-12-10 16:52:52 ----D---- C:\WINDOWS\ie7updates
2009-12-02 21:13:29 ----RD---- C:\Programme\Skype
2009-12-02 17:48:57 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 16:06:43 ----D---- C:\Programme\Starcraft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-07-20 82380]
R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-25 271360]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-02-09 18048]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 rspndr;Antwort für Verbindungsschicht-Topologieerkennung; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 344800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
R3 sbpci;Sound Blaster PCI128 Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2001-10-26 492672]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 a48ffdv6;a48ffdv6; C:\WINDOWS\system32\drivers\a48ffdv6.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-09 25280]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 SISNIC;SiS-PCI-Fast Ethernet- Adaptertreiber; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-10-01 25984]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-10-29 611664]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-11-03 153376]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 OpenVPNService;OpenVPN Service; C:\Programme\OpenVPN\bin\openvpnserv.exe [2009-10-01 36352]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Bitte mal den Avenger anwenden

Vorbereitungen:
a) Deaktiviere den Hintergrundwächter vom Virenscanner.
b) Stöpsele alle externen Datenträger vom Rechner ab.


Danach:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code: Alles auswählenAufklappen

ATTFilter

files to delete:
C:\Dokumente und Einstellungen\Popgl\Startmenü\Programme\Autostart\siszyd32.exe
C:\WINDOWS\system32\scrnsave.scr
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\wuasirvy.dll

folders to delete:
C:\Dokumente und Einstellungen\Popgl\Anwendungsdaten\Macromedia\Common
         

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

Nun fährt mein PC nicht mehr hoch.

Gruß

Sch...
Fehlermeldung?

nein nichts....
Black Screen und nichts passiert.

Geht noch der abgesicherte Modus?

Soweit geht es noch nicht mal.
Nur ins Boot-Menü komme ich.
Gruß

Tja, schöne Shice...da ist uns bei der Bereinigung das System den Bach runtergegangen
Kommt vor, aber ganz selten.
Hast Du eine Windows-XP-CD da? Besorg Dir bitte eine Live-CD wie Knoppix oder PartedMagic und sicher wenigstens Deine Daten

Ich installiere eine andere Platte neu und die andere schließe ich später an um die Daten zu sichern, da ist ja nur das Windows kaputt.

Ok, so gehts auch. Sry für das unbootbare System, das passiert mir recht selten, eigentlich nur bei Schädlingen wenn ich nen bestimmten Registry-Eintrag übersehen habe

Wenn ich das richtig gesehen habe, hattest Du aber Silentbanker-Befall, da sollte man prinzipiell immer überlegen ob man wirklich bereinigen will