Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-25 08:11:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (69%) free of 38 GB
Total RAM: 511 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:07, on 25.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AVG\AVG9\avgchsvx.exe
C:\Programme\AVG\AVG9\avgrsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programme\AVG\AVG9\avgwdsvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programme\AVG\AVG9\avgemc.exe
C:\Programme\AVG\AVG9\avgam.exe
C:\Programme\AVG\AVG9\avgnsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\Java\jre6\bin\javaw.exe
D:\RSIT.exe
C:\Programme\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Retrospect Helper - Unknown owner - C:\Programme\Dantz\Retrospect\rthlpsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - Unknown owner - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (file missing)
--
End of file - 4102 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatische Problemsuche.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-04-03 134344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG9\avgssie.dll [2010-01-23 1484056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-01-06 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll [2010-01-06 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-04-28 66048]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"UnlockerAssistant"=C:\Programme\Unlocker\Unlocker Assistant.exe [2008-05-02 15872]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-23 2033432]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Eraser"=C:\Programme\Eraser\eraser.exe -hide []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-06 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-23 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fsp_lmwl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Pro gramme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit "
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\
Pr ogramme\Orbitdownloader\orbitnet.exe:*:Enabled:Orb it"
"C:\Programme\AVG\AVG9\avgam.exe"="C:\Programme\AV G\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Programme\AVG\AVG9\avgdiagex.exe"="C:\Programm e\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Programme\AVG\AVG9\avgemc.exe"="C:\Programme\A VG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG9\avgupd.exe"="C:\Programme\A VG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG9\avgnsx.exe"="C:\Programme\A VG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{11a20f08-a1af-11de-bace-0040d067d0b3}]
shell\AutoRun\command - H:\Portable_Safe\usbstarter.exe
======List of files/folders created in the last 1 months======
2010-01-25 08:11:46 ----D---- C:\Programme\trend micro
2010-01-25 08:11:39 ----D---- C:\rsit
2010-01-25 05:25:46 ----D---- C:\STRASSEN_BERLIN_D5
2010-01-24 07:27:55 ----SHD---- C:\found.000
2010-01-23 20:31:43 ----SHD---- C:\Config.Msi
2010-01-23 17:55:07 ----D---- C:\WINDOWS\Sun
2010-01-23 09:10:24 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeraCo py
2010-01-23 09:02:16 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-01-23 09:02:09 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-01-23 08:40:02 ----HD---- C:\$AVG
2010-01-23 08:39:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-23 08:39:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
2010-01-06 10:34:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2010-01-06 10:32:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-01-06 10:21:59 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-06 10:21:59 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-06 10:21:59 ----A---- C:\WINDOWS\system32\java.exe
2010-01-06 10:21:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-06 10:21:49 ----D---- C:\Programme\Java
2010-01-06 10:20:41 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
2010-01-06 10:18:49 ----D---- C:\JDownloader.0.6.111
2010-01-06 07:10:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2010-01-06 07:09:24 ----D---- C:\Programme\AVG
2009-12-26 10:12:25 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Static IncrediMail Backup
======List of files/folders modified in the last 1 months======
2010-01-25 08:11:46 ----RD---- C:\Programme
2010-01-25 07:07:23 ----D---- C:\WINDOWS\Temp
2010-01-25 07:06:58 ----D---- C:\Programme\Mozilla Firefox
2010-01-25 07:04:43 ----D---- C:\WINDOWS\system32
2010-01-25 07:04:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-25 07:03:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-25 07:00:26 ----D---- C:\WINDOWS\Prefetch
2010-01-25 05:47:36 ----D---- C:\Programme\WinRAR
2010-01-25 05:46:09 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
2010-01-24 11:02:03 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-01-24 07:29:37 ----D---- C:\WINDOWS
2010-01-24 07:28:59 ----D---- C:\WINDOWS\system32\config
2010-01-24 06:28:36 ----SHD---- C:\WINDOWS\Installer
2010-01-24 06:28:11 ----D---- C:\Programme\Microsoft Office
2010-01-24 06:28:11 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-01-24 06:24:54 ----HD---- C:\WINDOWS\inf
2010-01-24 06:21:45 ----D---- C:\Programme\Folder Lock
2010-01-23 20:31:59 ----D---- C:\Programme\InstallShield Installation Information
2010-01-23 20:29:31 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 09:24:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 09:02:24 ----SD---- C:\WINDOWS\Tasks
2010-01-23 08:53:42 ----D---- C:\WINDOWS\WinSxS
2010-01-23 08:37:56 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Micros oft
2010-01-23 08:27:11 ----RSD---- C:\WINDOWS\Fonts
2010-01-06 06:29:40 ----D---- C:\Programme\Gemeinsame Dateien
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-23 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-23 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-23 360584]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2001-10-02 40192]
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-04-28 616124]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2001-10-02 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-10-06 800768]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.s ys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.s ys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-05-18 57216]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-05-11 330496]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-02 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-02 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2001-10-02 61824]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2001-10-02 67584]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2001-10-02 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2001-10-02 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2001-10-02 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-06-24 3147776]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2005-04-06 15360]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2001-10-02 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-10-06 405504]
R2 avg9emc;AVG E-mail Scanner; C:\Programme\AVG\AVG9\avgemc.exe [2010-01-23 906520]
R2 avg9wd;AVG WatchDog; C:\Programme\AVG\AVG9\avgwdsvc.exe [2010-01-23 285392]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-23 5832712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-06 153376]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2001-10-02 14336]
S2 Retrospect Helper;Retrospect Helper; C:\Programme\Dantz\Retrospect\rthlpsvc.exe []
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe []
-----------------EOF-----------------
CPU Auslastung 99% im Leerlauf bei Medion Notebook 
Linear-Darstellung
