ComboScan v20070226.18 run by Kraus on 2008-09-11 at 19:55:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Kraus.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 19:57:10, on 11.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Windows Live\Messenger\MsnMsgr.Exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\EyesAsiaHelper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Overnet\incoming\comboscan\comboscan.exe C:\PROGRA~1\HIJACK~1\Kraus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~2\Engine\mte\StdAlone\T1IE.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - Startup: Windows Live Messenger.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bw+0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {615E124C-D8E7-4D52-B727-6F5AF390736D} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ???????????????? (EyesAsiaHelper) - ???? - C:\WINDOWS\system32\EyesAsiaHelper.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - ComFile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3R ac97intc (Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)) - C:\WINDOWS\system32\drivers\ac97intc.sys 2R ACEDRV09 - C:\WINDOWS\system32\drivers\ACEDRV09.sys 3R AnyDVD - C:\WINDOWS\system32\drivers\AnyDVD.sys 1R avgio - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 3R avgntflt - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 1R avipbb - C:\WINDOWS\system32\drivers\avipbb.sys 3R AVMWAN (AVM NDIS WAN CAPI-Treiber) - C:\WINDOWS\system32\drivers\avmwan.sys 3S BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys 3S BrSerIf (Brother MFC Serial Port Interface WDM Driver) - C:\WINDOWS\system32\drivers\BrSerIf.sys 3S BrUsbSer (Brother MFC USB Serial WDM Driver) - C:\WINDOWS\system32\drivers\BrUsbSer.sys 3S catchme - C:\DOKUME~1\Kraus\LOKALE~1\Temp\catchme.sys (not found) 3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 2R CDRPDACC (Arrowkey Device Access) - C:\Programme\321Studios\Shared\CDRPDACC.SYS 2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys 3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys 3R fpcibase (AVM ISDN-Controller FRITZ!Card PCI) - C:\WINDOWS\system32\drivers\fpcibase.sys 3S ggsemc (Sony Ericsson USB Flash Driver) - C:\WINDOWS\system32\drivers\ggsemc.sys 3S k750bus (Sony Ericsson 750 driver (WDM)) - C:\WINDOWS\system32\drivers\k750bus.sys 3S k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k750mdfl.sys 3S k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - C:\WINDOWS\system32\drivers\k750mdm.sys 3S k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - C:\WINDOWS\system32\drivers\k750mgmt.sys 3S k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - C:\WINDOWS\system32\drivers\k750obex.sys 3R L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys 3S LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys 3S LHidUsbK (Logitech SetPoint USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsbK.sys 3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys 3S mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\mstee.sys 3R ms_mpu401 (Microsoft MPU-401 MIDI UART-Treiber) - C:\WINDOWS\system32\drivers\msmpu401.sys 3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\drivers\Pcouffin.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R rtl8139 (NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter) - C:\WINDOWS\system32\drivers\RTL8139.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 1R ssmdrv - C:\WINDOWS\system32\drivers\ssmdrv.sys 3S StillCam (Treiber für serielle Digitalkamera) - C:\WINDOWS\system32\drivers\serscan.sys 3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3S usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys 3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB-Scannertreiber) - C:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys 3S VC4CB104 (USB PC Camera) - C:\WINDOWS\system32\drivers\VC4CB104.SYS 3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys 3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys 0R WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys 3S ZSMC301b (VIMICRO USB PC Camera 301x) - C:\WINDOWS\system32\drivers\usbVM31b.sys 3S ZSMC303 (VIMICRO USB PC Camera (ZC0301PLH)) - C:\WINDOWS\system32\drivers\usbVM303.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S Adobe LM Service - "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" 2R AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe" 2R AntiVirService (AntiVir PersonalEdition Classic Guard) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe" 3S aspnet_state (ASP.NET-Zustandsdienst) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 3S de_serv (AVM FRITZ!web Routing Service) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe 3S Dot3svc (Automatische Konfiguration (verkabelt)) - C:\WINDOWS\System32\svchost.exe -k dot3svc 3S EapHost (Extensible Authentication-Protokolldienst) - C:\WINDOWS\System32\svchost.exe -k eapsvcs 2R EyesAsiaHelper (????????????????) - C:\WINDOWS\system32\EyesAsiaHelper.exe 3S hkmsvc (Integritätsschlüssel- und Zertifikatverwaltungsdienst) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3S napagent (NAP-Agent (Network Access Protection)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\Windows Live\Messenger\usnsvc.exe" 3S WLSetupSvc (Windows Live Setup Service) - "C:\Programme\Windows Live\installer\WLSetupSvc.exe" -- Files created between 2008-08-11 and 2008-09-11 ------------------------------ 2008-09-11 19:56:40 0 d-------- C:\Programme\HijackThis 2008-09-10 20:20:13 0 d-------- C:\Dokumente und Einstellungen\Kraus\DoctorWeb 2008-09-07 20:05:34 0 d-------- C:\ComboFix 2008-09-07 13:15:26 0 d--hs---- C:\RECYCLER 2008-09-07 13:07:27 0 d-------- C:\Programme\Trend Micro 2008-09-07 10:02:08 0 d-------- C:\WINDOWS\erdnt 2008-09-06 09:04:43 0 d-------- C:\WINDOWS\Prefetch 2008-09-05 14:17:36 0 d-------- C:\WINDOWS\l2schemas 2008-09-05 14:17:35 0 d-------- C:\WINDOWS\system32\de 2008-09-05 14:06:42 0 d-------- C:\WINDOWS\ServicePackFiles 2008-09-05 13:13:17 276992 -----n--- C:\WINDOWS\system32\wmphoto.dll 2008-09-05 13:13:10 69120 -----n--- C:\WINDOWS\system32\wlanapi.dll 2008-09-05 13:13:06 346112 -----n--- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-05 13:13:05 712704 -----n--- C:\WINDOWS\system32\windowscodecs.dll 2008-09-05 13:12:52 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2008-09-05 13:12:52 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2008-09-05 13:12:50 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-09-05 13:12:50 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2008-09-05 13:12:50 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2008-09-05 13:12:50 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2008-09-05 13:12:49 14208 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2008-09-05 13:12:40 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2008-09-05 13:12:33 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2008-09-05 13:12:25 121984 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2008-09-05 13:12:24 30208 -----n--- C:\WINDOWS\system32\drivers\usbehci.sys 2008-09-05 13:12:23 12800 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2008-09-05 13:12:15 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2008-09-05 13:12:12 50688 -----n--- C:\WINDOWS\system32\tspkg.dll 2008-09-05 13:11:55 20992 -----n--- C:\WINDOWS\system32\spupdwxp.exe 2008-09-05 13:11:51 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe 2008-09-05 13:11:48 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2008-09-05 13:11:48 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2008-09-05 13:11:48 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2008-09-05 13:11:48 5888 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2008-09-05 13:11:48 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2008-09-05 13:11:48 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2008-09-05 13:11:48 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2008-09-05 13:11:48 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2008-09-05 13:11:48 32866 -----n--- C:\WINDOWS\slrundll.exe 2008-09-05 13:11:47 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2008-09-05 13:11:47 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2008-09-05 13:11:47 40960 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2008-09-05 13:11:47 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2008-09-05 13:11:43 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-09-05 13:11:42 32768 -----n--- C:\WINDOWS\system32\setupn.exe 2008-09-05 13:11:37 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2008-09-05 13:11:37 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2008-09-05 13:11:33 30592 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2008-09-05 13:11:31 59136 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2008-09-05 13:11:29 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2008-09-05 13:11:27 61952 -----n--- C:\WINDOWS\system32\rasqec.dll 2008-09-05 13:11:26 76800 -----n--- C:\WINDOWS\system32\qutil.dll 2008-09-05 13:11:23 62464 -----n--- C:\WINDOWS\system32\qcliprov.dll 2008-09-05 13:11:23 294400 -----n--- C:\WINDOWS\system32\qagentrt.dll 2008-09-05 13:11:23 151040 -----n--- C:\WINDOWS\system32\qagent.dll 2008-09-05 13:11:18 412160 -----n--- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-05 13:11:08 145408 -----n--- C:\WINDOWS\system32\onex.dll 2008-09-05 13:10:55 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2008-09-05 13:10:30 177664 -----n--- C:\WINDOWS\system32\napstat.exe 2008-09-05 13:10:30 198656 -----n--- C:\WINDOWS\system32\napmontr.dll 2008-09-05 13:10:30 30208 -----n--- C:\WINDOWS\system32\napipsec.dll 2008-09-05 13:10:29 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2008-09-05 13:10:29 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2008-09-05 13:10:28 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2008-09-05 13:10:27 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-09-05 13:10:26 93184 -----n--- C:\WINDOWS\system32\msxml6r.dll 2008-09-05 13:10:26 1306624 -----n--- C:\WINDOWS\system32\msxml6.dll 2008-09-05 13:10:26 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2008-09-05 13:10:18 81408 -----n--- C:\WINDOWS\system32\msshavmsg.dll 2008-09-05 13:10:18 155136 -----n--- C:\WINDOWS\system32\mssha.dll 2008-09-05 13:09:12 33792 -----n--- C:\WINDOWS\system32\mmcperf.exe 2008-09-05 13:09:11 106496 -----n--- C:\WINDOWS\system32\mmcfxcommon.dll 2008-09-05 13:09:11 397312 -----n--- C:\WINDOWS\system32\mmcex.dll 2008-09-05 13:09:04 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2008-09-05 13:09:04 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-09-05 13:07:51 37376 -----n--- C:\WINDOWS\system32\l2gpstore.dll 2008-09-05 13:07:47 61440 -----n--- C:\WINDOWS\system32\kmsvc.dll 2008-09-05 13:07:40 6144 -----n--- C:\WINDOWS\system32\kbdpash.dll 2008-09-05 13:07:40 6144 -----n--- C:\WINDOWS\system32\kbdnepr.dll 2008-09-05 13:07:39 6144 -----n--- C:\WINDOWS\system32\kbdiultn.dll 2008-09-05 13:07:37 6144 -----n--- C:\WINDOWS\system32\kbdbhc.dll 2008-09-05 13:06:35 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-09-05 13:06:34 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-09-05 13:06:33 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2008-09-05 13:06:33 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-09-05 13:06:27 19200 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2008-09-05 13:06:26 25856 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2008-09-05 13:06:19 144384 -----n--- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-09-05 13:06:18 7168 -----n--- C:\WINDOWS\system32\hccoin.dll 2008-09-05 13:06:14 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2008-09-05 13:06:00 20992 -----n--- C:\WINDOWS\system32\faxpatch.exe 2008-09-05 13:05:46 33792 -----n--- C:\WINDOWS\system32\eapsvc.dll 2008-09-05 13:05:46 59392 -----n--- C:\WINDOWS\system32\eapqec.dll 2008-09-05 13:05:45 40960 -----n--- C:\WINDOWS\system32\eappprxy.dll 2008-09-05 13:05:45 182272 -----n--- C:\WINDOWS\system32\eapphost.dll 2008-09-05 13:05:45 95232 -----n--- C:\WINDOWS\system32\eappgnui.dll 2008-09-05 13:05:45 126976 -----n--- C:\WINDOWS\system32\eappcfg.dll 2008-09-05 13:05:44 184832 -----n--- C:\WINDOWS\system32\eapp3hst.dll 2008-09-05 13:05:44 30720 -----n--- C:\WINDOWS\system32\eapolqec.dll 2008-09-05 13:05:17 651264 -----n--- C:\WINDOWS\system32\dot3ui.dll 2008-09-05 13:05:16 133120 -----n--- C:\WINDOWS\system32\dot3svc.dll 2008-09-05 13:05:15 56832 -----n--- C:\WINDOWS\system32\dot3msm.dll 2008-09-05 13:05:15 39936 -----n--- C:\WINDOWS\system32\dot3gpclnt.dll 2008-09-05 13:05:15 9216 -----n--- C:\WINDOWS\system32\dot3dlg.dll 2008-09-05 13:05:15 62976 -----n--- C:\WINDOWS\system32\dot3cfg.dll 2008-09-05 13:05:15 26112 -----n--- C:\WINDOWS\system32\dot3api.dll 2008-09-05 13:05:05 39936 -----n--- C:\WINDOWS\system32\dimsroam.dll 2008-09-05 13:05:05 19456 -----n--- C:\WINDOWS\system32\dimsntfy.dll 2008-09-05 13:04:59 48640 -----n--- C:\WINDOWS\system32\dhcpqec.dll 2008-09-05 13:04:34 12800 -----n--- C:\WINDOWS\system32\credssp.dll 2008-09-05 13:04:08 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2008-09-05 13:03:54 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2008-09-05 13:03:53 36480 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2008-09-05 13:03:49 101120 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2008-09-05 13:03:48 37888 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2008-09-05 13:03:47 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2008-09-05 13:03:43 7168 -----n--- C:\WINDOWS\system32\bitsprx4.dll 2008-09-05 13:03:40 233472 -----n--- C:\WINDOWS\system32\azroles.dll 2008-09-05 13:03:36 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2008-09-05 13:03:36 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2008-09-05 13:03:35 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2008-09-05 13:03:35 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2008-09-05 13:03:35 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2008-09-05 13:03:31 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2008-09-05 13:03:30 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2008-09-05 13:03:29 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2008-09-05 13:03:29 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2008-09-05 13:03:29 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2008-09-05 13:03:29 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2008-09-05 13:03:29 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2008-09-05 13:03:29 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2008-09-05 13:03:29 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2008-09-05 13:03:29 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2008-09-05 13:03:29 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2008-09-05 13:03:29 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2008-09-05 13:03:27 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2008-09-05 13:03:26 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-05 13:03:25 701952 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-09-05 13:03:25 327168 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-09-05 13:03:24 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2008-09-05 13:03:24 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2008-09-05 13:03:23 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2008-09-05 13:03:23 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2008-09-05 13:03:21 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2008-09-05 13:03:20 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2008-09-05 13:03:19 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2008-09-05 13:03:14 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2008-09-05 13:03:14 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2008-09-04 22:50:01 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2008-09-04 22:50:01 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2008-09-04 22:50:01 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2008-09-04 22:50:01 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2008-09-04 22:49:32 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2008-09-04 22:49:32 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2008-09-04 17:49:17 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2008-09-04 17:49:14 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2008-09-04 17:49:14 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2008-09-04 17:49:14 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2008-09-04 17:49:14 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2008-09-04 17:49:14 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2008-09-04 17:49:14 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2008-09-04 17:49:14 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll -- Find3M Report ---------------------------------------------------------------- 2008-09-11 19:53:31 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\Skype 2008-09-11 19:52:21 0 d-------- C:\Programme\Mozilla Firefox 2008-09-11 08:07:21 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\skypePM 2008-09-07 10:06:22 0 d-a------ C:\Programme\Gemeinsame Dateien 2008-09-06 09:10:33 411266 --a------ C:\WINDOWS\system32\perfh007.dat 2008-09-06 09:10:32 72490 --a------ C:\WINDOWS\system32\perfc007.dat 2008-09-06 09:03:55 0 d-------- C:\Programme\Messenger 2008-09-06 09:03:53 0 d-------- C:\Programme\Gemeinsame Dateien\System 2008-09-05 14:17:33 0 d-------- C:\Programme\Movie Maker 2008-09-05 14:05:49 0 d-------- C:\Programme\Windows NT 2008-09-03 19:30:08 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\Canon 2008-09-02 17:41:43 0 d-------- C:\Programme\Messenger Plus! Live 2008-08-29 15:38:35 0 d-------- C:\Programme\ICQ6 2008-08-28 13:03:19 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\Mozilla 2008-08-23 09:28:56 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\AdobeUM 2008-08-20 15:57:25 0 d-------- C:\Programme\eMule 2008-08-14 12:07:42 0 d-------- C:\Programme\Windows Live Safety Center 2008-07-23 10:44:36 0 d-------- C:\Programme\Jap 2008-07-18 22:10:48 94920 --a------ C:\WINDOWS\system32\cdm.dll 2008-07-18 22:10:42 53448 --a------ C:\WINDOWS\system32\wuauclt.exe 2008-07-18 22:10:40 45768 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-18 22:10:20 36552 --a------ C:\WINDOWS\system32\wups.dll 2008-07-18 22:09:46 325832 --a------ C:\WINDOWS\system32\wucltui.dll 2008-07-18 22:09:44 205000 --a------ C:\WINDOWS\system32\wuweb.dll 2008-07-18 22:09:44 563912 --a------ C:\WINDOWS\system32\wuapi.dll 2008-07-18 22:09:42 1811656 --a------ C:\WINDOWS\system32\wuaueng.dll 2008-07-18 22:07:34 270880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-18 22:07:32 210976 --a------ C:\WINDOWS\system32\muweb.dll 2008-07-18 19:26:59 0 d-------- C:\Programme\DivX 2008-07-16 11:08:27 0 d-------- C:\Dokumente und Einstellungen\Kraus\Anwendungsdaten\ICQ 2008-07-14 16:27:45 0 d-------- C:\Programme\PartyGaming 2008-07-12 10:57:57 0 d-------- C:\Programme\Java 2008-07-07 22:26:58 253952 --a------ C:\WINDOWS\system32\es.dll 2008-07-05 09:27:08 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-24 18:42:48 74240 --a------ C:\WINDOWS\system32\mscms.dll 2008-06-24 18:12:58 295936 -----n--- C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 18:14:44 233472 --a------ C:\WINDOWS\system32\webcheck.dll 2008-06-23 18:14:44 105984 --a------ C:\WINDOWS\system32\url.dll 2008-06-23 18:14:44 102912 --a------ C:\WINDOWS\system32\occache.dll 2008-06-23 18:14:42 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll 2008-06-23 18:14:42 459264 --a------ C:\WINDOWS\system32\msfeeds.dll 2008-06-23 18:14:42 267776 --a------ C:\WINDOWS\system32\iertutil.dll 2008-06-23 18:14:41 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2008-06-23 18:14:41 6066176 --a------ C:\WINDOWS\system32\ieframe.dll 2008-06-23 18:14:40 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll 2008-06-23 18:14:40 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2008-06-23 18:14:40 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2008-06-23 18:14:40 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2008-06-23 18:14:40 63488 --a------ C:\WINDOWS\system32\icardie.dll 2008-06-23 18:14:39 124928 --a------ C:\WINDOWS\system32\advpack.dll 2008-06-23 11:20:26 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2008-06-23 11:20:01 70656 --a------ C:\WINDOWS\system32\ie4uinit.exe 2008-06-21 07:23:54 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2008-06-20 19:46:10 247296 --a------ C:\WINDOWS\system32\mswsock.dll 2008-06-18 19:52:28 161096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-11 02:07:24 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 02:04:26 200704 --a----c- C:\WINDOWS\system32\ssldivx.dll 2008-06-11 02:04:26 1044480 --a----c- C:\WINDOWS\system32\libdivx.dll 2008-06-11 02:03:26 196608 --a----c- C:\WINDOWS\system32\dtu100.dll 2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-06-11 02:03:22 57344 --a----c- C:\WINDOWS\system32\dpv11.dll 2008-06-11 02:03:22 344064 --a----c- C:\WINDOWS\system32\dpus11.dll 2008-06-11 02:03:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2008-06-11 02:03:22 53248 --a----c- C:\WINDOWS\system32\dpuGUI10.dll 2008-06-11 02:03:22 294912 --a----c- C:\WINDOWS\system32\dpu11.dll 2008-06-11 02:03:22 294912 --a----c- C:\WINDOWS\system32\dpu10.dll 2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "msnmsgr"="\"C:\\Programme\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background" "ICQ"="\"C:\\Programme\\ICQ6\\ICQ.exe\" silent" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_07\\bin\\jusched.exe\"" "FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 eapsvcs REG_MULTI_SZ eaphost\0\0 dot3svc REG_MULTI_SZ dot3svc\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* napagent hkmsvc [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{527469d6-27e1-11dd-a734-000d88196d31}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe RALPH-01268E81C.vbs [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc22345-b91a-11dc-a69d-000d88196d31}] Shell\AutoRun\command I:\InstallTomTomHOME.exe -- End of ComboScan: finished at 2008-09-11 at 19:58:24 -------------------------