Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:39, on 26.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
E:\UltraMon\UltraMon.exe
C:\WINDOWS\system32\rundll32.exe
E:\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
E:\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast4\ashMaiSv.exe
E:\Avast4\ashWebSv.exe
C:\Dokumente und Einstellungen\Admin\Desktop\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=13&y=11
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fritz.box/
O1 - Hosts: 141.18.5.3 venus
O1 - Hosts: 141.18.5.230 eda-sol1
O1 - Hosts: 141.18.5.231 eda-sol2
O1 - Hosts: 141.18.5.232 eda-win1
O1 - Hosts: 141.18.5.235 eda-win2
O1 - Hosts: 141.18.9.1 atlas
O1 - Hosts: 141.18.9.3 saturn
O2 - BHO: {b47b0de6-477d-0c29-cb54-da9887f0a3a0} - {0a3a0f78-89ad-45bc-92c0-d7746ed0b74b} - C:\WINDOWS\system32\sofvebpd.dll
O2 - BHO: (no name) - {17551728-1B1A-4DA5-8520-C7B72765D1C7} - C:\WINDOWS\system32\vtUkklLD.dll
O2 - BHO: (no name) - {591E921D-3830-45AF-9B50-96F03157175B} - C:\WINDOWS\system32\nnnkjjjJ.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O2 - BHO: (no name) - {f50b3f5e-856e-4757-9bb1-b35d46ca7719} - C:\WINDOWS\system32\byXOiHwV.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UltraMon] "E:\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOKUME~1\Admin\LOKALE~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [34517776] rundll32.exe "C:\WINDOWS\system32\sfwtjsjy.dll",b
O4 - HKLM\..\Run: [Salestart] "C:\Programme\Gemeinsame Dateien\SysKontroller\strpmon.exe" dm=http://syskontroller.com ad=http://syskontroller.com sd=http://painst.syskontroller.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Programme\Gemeinsame Dateien\FestplattenReiniger\stm.exe" dm=http://festplattenreiniger.com ad=http://festplattenreiniger.com sd=http://pkins.festplattenreiniger.com
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Dokumente und Einstellungen\Admin\cftmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM376244ea] Rundll32.exe "C:\WINDOWS\system32\fwkoqbtu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOKUME~1\Admin\LOKALE~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOKUME~1\Admin\LOKALE~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Dokumente und Einstellungen\Admin\cftmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\MicrosoftOfficeXP\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O16 - DPF: Microsoft WFC Forms Designer - file://N:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://N:\VJ98\vstudio6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203091194729
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209159837562
O20 - Winlogon Notify: byXOiHwV - C:\WINDOWS\SYSTEM32\byXOiHwV.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - E:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - E:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - E:\Avast4\ashWebSv.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - E:\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

--
End of file - 7717 bytes

*************************************************************************
Logfile aus datfind.txt

Datentr„ger in Laufwerk C: ist WINDOWS
 Volumeseriennummer: 3451-77D9

 Verzeichnis von C:\WINDOWS\system32

26.04.2008  10:01           201.975 DLlkkUtv.ini
26.04.2008  09:58           201.975 DLlkkUtv.ini2
26.04.2008  02:44         1.483.857 yjsjtwfs.ini
26.04.2008  02:18           316.594 perfh007.dat
26.04.2008  02:18            48.156 perfc007.dat
26.04.2008  02:18           311.604 perfh009.dat
26.04.2008  02:18            39.992 perfc009.dat
26.04.2008  02:18           723.744 PerfStringBackup.INI
26.04.2008  00:04             2.206 wpa.dbl
25.04.2008  23:47               143 mcrh.tmp
25.04.2008  23:32           107.072 sofvebpd.dll
25.04.2008  23:27            96.320 sfwtjsjy.dll
25.04.2008  23:27           105.536 fwkoqbtu.dll
25.04.2008  23:26                 0 clkcnt.txt
25.04.2008  23:26           281.088 vtUkklLD.dll
25.04.2008  20:31           201.558 Jjjjknnn.ini
25.04.2008  20:30           201.558 Jjjjknnn.ini2
25.04.2008  20:09         1.505.928 kyhkewja.ini
25.04.2008  19:33           107.072 ymbutmbu.dll
25.04.2008  19:31           105.536 ghussxyu.dll
24.04.2008  21:34             2.984 CONFIG.NT
24.04.2008  20:26           167.504 FNTCACHE.DAT
24.04.2008  19:23           100.416 dilwxeiq.dll
24.04.2008  19:22            88.640 ajwekhyk.dll
24.04.2008  19:19            96.320 rwgskytl.dll
23.04.2008  23:01            37.376 rqRJCvuV.dll
23.04.2008  23:00            81.689 IEBHO.dll
23.04.2008  22:56            39.936 byXOiHwV.dll
06.04.2008  07:56        19.836.024 MRT.exe
30.03.2008  22:36               690 Verknpfung mit DEVENV.EXE.lnk
29.03.2008  19:45         1.146.232 aswBoot.exe
29.03.2008  19:23            95.608 AvastSS.scr
20.03.2008  10:03         1.845.376 win32k.sys
19.03.2008  20:27                38 D6F8AEB0.kor
19.03.2008  20:24            36.864 tjclip.dll
01.03.2008  18:24         3.591.680 mshtml.dll
01.03.2008  14:54           233.472 webcheck.dll
01.03.2008  14:54           826.368 wininet.dll
01.03.2008  14:54         1.159.680 urlmon.dll
01.03.2008  14:54            44.544 pngfilt.dll
01.03.2008  14:54           105.984 url.dll
01.03.2008  14:54           193.024 msrating.dll
01.03.2008  14:54           671.232 mstime.dll
01.03.2008  14:54           102.912 occache.dll
01.03.2008  14:54           478.208 mshtmled.dll
01.03.2008  14:53            52.224 msfeedsbs.dll
01.03.2008  14:53           459.264 msfeeds.dll
01.03.2008  14:53         1.831.424 inetcpl.cpl
01.03.2008  14:53            27.648 jsproxy.dll
01.03.2008  14:53            44.544 iernonce.dll
01.03.2008  14:53           267.776 iertutil.dll
01.03.2008  14:53         6.066.176 ieframe.dll
01.03.2008  14:53           384.512 iedkcs32.dll
01.03.2008  14:53           214.528 dxtrans.dll
01.03.2008  14:53           383.488 ieapfltr.dll
01.03.2008  14:53           230.400 ieaksie.dll
01.03.2008  14:53           133.120 extmgr.dll
01.03.2008  14:53            63.488 icardie.dll
01.03.2008  14:53           153.088 ieakeng.dll
01.03.2008  14:53           124.928 advpack.dll
01.03.2008  14:53           347.136 dxtmsft.dll
29.02.2008  10:54            70.656 ie4uinit.exe
22.02.2008  12:00            13.824 ieudinit.exe
20.02.2008  08:50           282.624 gdi32.dll
20.02.2008  07:33           148.992 dnsapi.dll
20.02.2008  07:33            45.568 dnsrslvr.dll
16.02.2008  18:35           138.648 TZLog.log
15.02.2008  20:03               265 spupdwxp.log
15.02.2008  07:44           161.792 ieakui.dll
14.02.2008  21:16            25.065 wmpscheme.xml
14.02.2008  21:14               266 $winnt$.inf
14.02.2008  21:12            16.832 amcompat.tlb
14.02.2008  21:12            23.392 nscompat.tlb
14.02.2008  21:11               488 logonui.exe.manifest
14.02.2008  21:11               488 WindowsLogon.manifest
14.02.2008  21:11               749 wuaucpl.cpl.manifest
14.02.2008  21:11               749 cdplayer.exe.manifest
14.02.2008  21:11               749 nwc.cpl.manifest
14.02.2008  21:11               749 sapi.cpl.manifest
14.02.2008  21:11               749 ncpa.cpl.manifest
14.02.2008  21:10            21.740 emptyregdb.dat
14.02.2008  21:08                 0 h323log.txt