Logfile of HijackThis v1.99.1 Scan saved at 23:02, on 2007-12-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\MSDE\MSSQL7\binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lexmark X74-X75\lxbbbmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Lexmark X74-X75\lxbbbmon.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\RegCleaner\RegCleanr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\ratlos\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cintek.com/default.shtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.regiocom.net:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ; O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53D3C442-8FEE-4784-9A21-6297D39613F0} - (no file) O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: (no name) - {6237441B-28D8-4AA8-8089-C3BF6EE1724C} - C:\WINDOWS\system32\ssqqp.dll O2 - BHO: (no name) - {74A0AC27-3753-4080-B94E-557CC43E9E8B} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - (no file) O2 - BHO: (no name) - {84B94901-3645-4D80-A6B7-4D0050B19455} - (no file) O2 - BHO: (no name) - {937B1F7D-D382-4AAB-BD9A-27170D5AB889} - C:\WINDOWS\system32\yayxvus.dll O2 - BHO: (no name) - {938BAB79-DFAD-422A-BDAC-E7736A73584B} - (no file) O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file) O2 - BHO: (no name) - {DB588686-F41B-8ACC-2E99-879C70B0E9C4} - (no file) O2 - BHO: (no name) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - (no file) O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programme\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten4\\preispiraten.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O12 - Plugin for .do: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.cintek.com/default.shtml O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} - http://webinstall.tscash.com/webinstall.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15c050b0339926b9f521/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102020076870 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} - http://217.145.76.16/nslite/nslite.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: yayxvus - C:\WINDOWS\SYSTEM32\yayxvus.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cassini - Unknown owner - D:\tecis Software\Skandia\bAV-Tools\CassiniService\CassiniService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - Unknown owner - C:\Programme\Virtual CD v8\System\VC8SecS.exe (file missing) . . Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: B4AE-1A49 Verzeichnis von C:\WINDOWS\system32 2007-12-09 22:59 2,206 wpa.dbl 2007-12-09 22:46 330,848 ssqqp.dll 2007-12-09 18:29 309,810 perfh007.dat 2007-12-09 18:29 37,760 perfc009.dat 2007-12-09 18:29 305,318 perfh009.dat 2007-12-09 18:29 45,672 perfc007.dat 2007-12-09 18:29 705,468 PerfStringBackup.INI 2007-12-07 16:42 468 errorlog.txt 2007-12-07 13:43 12 b4ae0868 2007-12-07 13:18 831,148 pbgffkya.ini 2007-12-06 17:02 37,376 yayxvus.dll 2007-12-06 15:35 185,944 rmoc3260.dll 2007-12-06 15:34 5,632 pndx5032.dll 2007-12-06 15:34 6,656 pndx5016.dll 2007-12-06 15:34 499,712 msvcp71.dll 2007-12-06 15:34 278,528 pncrt.dll 2007-12-06 15:34 348,160 msvcr71.dll 2007-12-04 01:00 136,704 swsc.exe 2007-12-03 13:31 188 MsiExec.exe.log 2007-11-06 09:20 831,048 WudfUpdate_01005.dll 2007-10-28 10:48 187,408 FNTCACHE.DAT 2007-10-17 21:00 5,686 jupdate-1.6.0_03-b05.log 2007-10-02 21:14 107,888 CmdLineExt.dll 2007-09-24 23:31 69,632 javacpl.cpl 2007-09-24 23:31 139,264 javaws.exe 2007-09-24 22:30 135,168 javaw.exe 2007-09-24 22:30 135,168 java.exe 2007-07-22 18:39 279,552 swreg.exe 2007-06-28 18:54 180,224 xvidvfw.dll 2007-03-29 22:00 203,264 CddbCdda.dll 2007-03-08 17:36 40,960 mf3216.dll 2007-03-08 17:36 281,600 gdi32.dll 2007-03-08 17:36 579,072 user32.dll 2007-03-08 17:32 1,843,712 win32k.sys 2007-02-27 19:36 1,700,352 GdiPlus.dll 2007-02-27 19:36 261,632 mcdvd_32.dll 2007-02-27 19:36 524,288 xvidcore.dll 2007-02-27 19:36 13,239 Scg726.acm 2007-02-27 19:36 81,920 AC3ACM.acm 2007-02-27 19:36 413,760 mpg4c32.dll 2007-02-27 19:36 638,976 divx.dll 2007-02-27 19:36 221,215 divxdec.ax 2007-02-27 19:36 38,912 alf2cd.acm 2007-02-27 19:36 53,248 xvid.ax 2007-02-22 10:15 90,624 nmwcdcls.dll 2007-02-11 20:53 9,857 jupdate-1.5.0_11-b03.log 2007-01-22 18:23 565,170 large.bnk 2007-01-22 18:23 278,528 livesnth.dll 2007-01-22 18:23 203,776 clrviddc.dll 2007-01-22 18:23 11,333 cf_lic.txt 2007-01-04 18:58 23,392 nscompat.tlb 2007-01-04 18:58 16,832 amcompat.tlb 2290 Datei(en) 474,722,145 Bytes 0 Verzeichnis(se), 7,768,719,360 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: B4AE-1A49 Verzeichnis von C:\DOKUME~1\ratlos\LOKALE~1\Temp 2007-12-09 23:04 112,384 datfind.txt 2007-12-09 23:03 171 jusched.log 2007-12-09 23:03 16,384 ~WRF0000.tmp 2007-12-09 23:02 512 ~DF38CA.tmp 2007-12-09 23:02 16,384 Perflib_Perfdata_ce4.dat 2007-12-09 23:02 16,384 ~DFB032.tmp 2007-12-09 22:53 53,248 rutuljfcN.dll 7 Datei(en) 215,467 Bytes 0 Verzeichnis(se), 7,768,875,008 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: B4AE-1A49 Verzeichnis von C:\WINDOWS 2007-12-09 22:58 0 0.log 2007-12-09 22:58 159 wiadebug.log 2007-12-09 22:57 2,048 bootstat.dat 2007-12-09 22:24 1,484,584 WindowsUpdate.log 2007-12-09 22:24 50 wiaservc.log 2007-12-09 22:24 12 bthservsdp.dat 2007-12-09 22:24 351,573 setupapi.log 2007-12-09 21:55 10,561,634 setupact.log 2007-12-08 03:32 141,824 catchme.exe 2007-12-05 12:08 115,096 DPINST.LOG 2007-12-05 12:06 32 setup.log 2007-12-03 10:56 116 NeroDigital.ini 2007-12-02 14:37 135,385 wmsetup.log 2007-10-12 21:24 142,026 DirectX.log 2007-10-06 15:20 75,639 _detmp.5 2007-10-06 14:20 76,089 _detmp.3 2007-10-06 14:19 107 avmsysnet.log 2007-10-02 21:28 11,637 hhdrvi.log 2007-09-29 15:15 4,992 KB927779.log 2007-09-29 15:14 4,886 KB927802.log 2007-09-29 15:14 4,800 KB928255.log 2007-09-29 15:14 5,028 KB931784.log 2007-09-29 15:14 4,965 KB929969.log 2007-09-29 15:14 4,593 KB924667.log 2007-09-29 15:14 4,486 KB931261.log 2007-09-29 15:14 4,778 KB931836.log 2007-09-29 15:13 4,291 KB926436.log 2007-09-29 15:13 4,193 KB930178.log 2007-09-29 15:13 4,099 KB932168.log 2007-09-29 15:13 3,999 KB918118.log 2007-09-29 15:13 3,904 KB930916.log 2007-09-29 15:13 3,798 KB928843.log 2007-09-29 15:05 3,804 KB923980.log 2007-09-29 15:05 3,698 KB924270.log 2007-09-29 15:05 3,600 KB926255.log 2007-09-29 15:05 3,507 KB920213.log 2007-09-29 15:05 3,426 KB923694.log 2007-09-19 12:12 2,819 cdplayer.ini 2007-09-19 12:07 2,642 sql70.MIF 2007-09-08 20:07 0 setuperr.log 2007-06-18 22:25 18,352 ModemLog_Siemens Multi Mode Datacard Modem.txt 2007-06-17 00:11 51,200 NirCmd.exe 2007-05-23 16:05 395,089 comsetup.log 2007-05-23 16:05 1,374 imsins.log 2007-05-23 16:05 54,341 tabletoc.log 2007-05-23 16:05 66,227 medctroc.Log 2007-05-23 16:05 201,730 netfxocm.log 2007-05-23 16:05 673,848 ocgen.log 2007-05-23 16:05 1,119,611 FaxSetup.log 2007-05-23 16:05 1,583,102 iis6.log 2007-05-23 16:05 61,064 ocmsn.log 2007-05-23 16:05 253,428 ntdtcsetup.log 2007-05-23 16:05 561,351 tsoc.log 2007-05-23 16:05 59,874 msgsocm.log 2007-05-23 16:05 12,920 KB925902.log 2007-05-23 16:05 417,358 msmqinst.log 2007-05-23 16:05 47,108 updspapi.log 2007-05-21 21:39 10,164 ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2007-04-12 14:25 10,576 ModemLog_Nokia 9300 USB Modem.txt 2007-03-23 17:39 870 LEXSTAT.INI 2007-02-27 19:36 316,640 WMSysPr9.prx 2007-02-27 19:36 156,910 WMSysPr8.prx 2007-02-20 14:27 10,522 ModemLog_Nokia 9300 USB Modem #2.txt 2007-01-05 11:24 84,671 spupdsvc.log 2007-01-04 20:00 3,435 wmsetup10.log 2007-01-04 19:00 9,267 KB926239.log 2007-01-04 18:59 8,072 MSCompPackV1.log 2007-01-04 18:59 37,235 wmp11.log 2007-01-04 18:58 1,355 imsins.BAK 2007-01-04 18:54 703 avmcoins.log 2007-01-04 18:52 53,058 WMFDist11.log 2007-01-04 18:49 12,973 Wudf01000Inst.log 391 Datei(en) 77,252,637 Bytes 0 Verzeichnis(se), 7,768,612,864 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: B4AE-1A49 Verzeichnis von C:\WINDOWS\temp 2007-12-09 23:04 409 WGANotify.settings 2007-12-09 22:58 255 WGAErrLog.txt 2 Datei(en) 664 Bytes 0 Verzeichnis(se), 7,768,850,432 Bytes frei . . . Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: B4AE-1A49 Verzeichnis von C:\WINDOWS\Downloaded Program Files 2005-10-11 16:49 752 jinstall-1_5_0_05.inf 2005-08-27 13:30 5,065 swflash.inf 2004-08-03 14:51 293 wuweb.inf 2004-06-09 16:56 435,712 xscan53.ocx 2004-06-09 16:51 1,777 xscan.inf 2004-06-03 10:04 524,445 RdxIE.dll 2004-01-07 16:35 1,134 Cult.inf 2003-10-26 15:25 133,712 EARTPX.dll 2003-10-26 15:13 321 EARTPX.inf 2003-08-25 18:12 1,096 iuctl.inf 2003-02-27 12:48 735 nslite.inf 2002-09-13 10:56 144 QTPlugin.inf 2002-08-22 00:21 65 desktop.ini 2002-06-13 16:34 488 install.inf 2000-01-20 15:25 1,162 Microsoft XML Parser for Java.osd 1997-10-14 18:52 697 DirectAnimation Java Classes.osd 16 Datei(en) 1,107,598 Bytes 0 Verzeichnis(se), 7,768,850,432 Bytes frei