.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Furi at 18:27:55 on 2012-05-09
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3263.1889 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\RivaTuner\RivaTuner.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe
C:\Programme\Cyberlink\Shared files\brs.exe
D:\Programme\Logitech\Set Point\SetPointP\SetPoint.exe
D:\Programme\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Taskbar Shuffle\taskbarshuffle.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AeroSnap\AeroSnap.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe
D:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
D:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Programme\Portrait Displays\Pivot Software\floater.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
D:\Programme\Vidalia Bundle\Tor\tor.exe
D:\Programme\Vidalia Bundle\Polipo\polipo.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
D:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
D:\Programme\Microsoft Private Folder\PrfldSvc.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\OpenOffice.org 3\program\scalc.exe
D:\Programme\OpenOffice.org 3\program\soffice.exe
D:\Programme\OpenOffice.org 3\program\soffice.bin
D:\Programme\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyServer = 83.170.117.44:3128
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\programme\orbitdownloader\orbitcth.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\programme\autocompletepro\AutocompletePro.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Taskbar Shuffle] d:\programme\taskbar shuffle\taskbarshuffle.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [NBJ] "d:\programme\nero burning rom\nero backitup\NBJ.exe"
uRun: [AeroSnap] c:\programme\aerosnap\AeroSnap.exe
uRun: [LightScribe Control Panel] c:\programme\gemeinsame dateien\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] c:\dokumente und einstellungen\all users\anwendungsdaten\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Vidalia] "d:\programme\vidalia bundle\vidalia\vidalia.exe"
uRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [RivaTuner] "c:\programme\rivatuner\RivaTuner.exe" /T
mRun: [RivaTunerStartupDaemon] "c:\programme\rivatuner\RivaTuner.exe" /S
mRun: [Start WingMan Profiler] c:\programme\logitech\gaming software\LWEMon.exe /noui
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AdobeAAMUpdater-1.0] "c:\programme\gemeinsame dateien\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\programme\gemeinsame dateien\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LexwareInfoService] c:\programme\gemeinsame dateien\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [LogMeIn Hamachi Ui] "d:\programme\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [PivotSoftware] "c:\programme\portrait displays\pivot software\wpctrl.exe"
mRun: [DT HWP] c:\programme\gemeinsame dateien\portrait displays\shared\DT_startup.exe -HWP
mRun: [UpdateLBPShortCut] "d:\programme\cyberlink\labelprint\muitransfer\muistartmenu.exe" "d:\programme\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [BDRegion] c:\programme\cyberlink\shared files\brs.exe
mRun: [EvtMgr6] d:\programme\logitech\set point\setpointp\SetPoint.exe /launchGaming
mRun: [VirtualCloneDrive] "d:\programme\virtualclonedrive\VCDDaemon.exe" /s
mRun: [DNS7reminder] "d:\programme\nuance dragon naturally speaking 11\ereg\ereg.exe" -r "c:\dokumente und einstellungen\all users\anwendungsdaten\nuance\naturallyspeaking11\Ereg.ini
mRun: [Nuance.ctfmngr] d:\programme\nuance dragon naturally speaking 11\program\ctfmngr.exe /restore
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\programme\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ashamp~1.lnk - d:\programme\ashampoo\ashampoo magical defrag\bin\aDefragCtrl.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\autoru~1\quicke~1.lnk - d:\programme\quicken serie\2011\billmind.exe
IE: &Download by Orbit - d:\programme\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programme\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programme\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programme\orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\dokumente und einstellungen\furi\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
Trusted Zone: kuaiche.com\software
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268481192375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programme\gemeinsame dateien\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\furi\anwendungsdaten\mozilla\firefox\profiles\k0lhpnz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage -
www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - prefs.js: network.proxy.ftp - 81.138.170.27
FF - prefs.js: network.proxy.ftp_port - 443
FF - prefs.js: network.proxy.http - 81.138.170.27
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.socks - 81.138.170.27
FF - prefs.js: network.proxy.socks_port - 443
FF - prefs.js: network.proxy.ssl - 81.138.170.27
FF - prefs.js: network.proxy.ssl_port - 443
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programme\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: d:\programme\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\programme\jre\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programme\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: d:\programme\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: d:\programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: d:\programme\pdf xchange viewer\pdf viewer\npPDFXCviewNPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-11-17 57112]
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-3-14 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-3-14 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-3-14 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-14 66616]
R2 DragonSvc;Dragon Service;c:\programme\gemeinsame dateien\nuance\dgnsvc.exe [2010-7-29 296808]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\programme\gemeinsame dateien\epson\epw!3 ssrp\E_JT50RP.EXE [2012-3-22 130944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-11-18 12184]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\programme\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-16 2253120]
R2 PdiService;Portrait Displays SDK Service;c:\programme\gemeinsame dateien\portrait displays\drivers\pdisrvc.exe [2010-11-17 109096]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R2 StarWindServiceAE;StarWind AE Service;d:\programme\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-3-9 27136]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\elbyvcd.sys --> c:\windows\system32\drivers\ElbyVCD.sys [?]
S2 CLKMSVC10_BB1DDEDD;CyberLink Product - 2011/04/21 19:44:02;d:\programme\cyberlink\powerdvd9\navfilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-3-14 135664]
S2 SkypeUpdate;Skype Updater;d:\programme\skypeportable\app\skype\updater\Updater.exe [2012-2-29 158856]
S3 CGVPNCliSrvc;CyberGhost VPN Client;d:\programme\cyberghost vpn\CGVPNCliService.exe [2011-2-25 2413704]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\programme\dragon age serie\dragon age origins\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-3-14 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-5-5 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-10-20 119528]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-11-5 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-11-5 11104]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys --> c:\windows\system32\drivers\tsmpkt.sys [?]
S3 TunngleService;TunngleService;d:\programme\tunngle\TnglCtrl.exe [2012-3-9 736104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\hamachi\hamachi-2.exe -s --> d:\programme\hamachi\hamachi-2.exe -s [?]
.
=============== Created Last 30 ================
.
2012-05-06 21:37:04 -------- d-----w- c:\programme\PC Connectivity Solution
2012-05-06 21:36:46 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-05-06 21:36:45 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-05-06 21:36:44 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-05-06 21:36:44 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-05-05 15:06:22 -------- d-----w- c:\programme\Mozilla Maintenance Service
2012-05-03 20:01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-03 20:01:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-24 17:24:37 3166720 ----a-w- c:\windows\system32\DxtoryCodec.dll
2012-04-24 12:59:17 -------- d-----w- c:\dokumente und einstellungen\furi\anwendungsdaten\Tor
2012-04-22 18:10:20 -------- d-----w- c:\dokumente und einstellungen\furi\anwendungsdaten\ts3overlay
2012-04-22 18:07:00 -------- d-----w- c:\dokumente und einstellungen\furi\anwendungsdaten\TS3Client
2012-04-17 15:39:36 -------- d-----w- c:\dokumente und einstellungen\furi\anwendungsdaten\DVDFab
2012-04-17 15:38:29 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\dvdfab
2012-04-12 18:29:14 -------- d-----w- c:\programme\2K Games
2012-04-12 17:20:47 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
.
==================== Find3M ====================
.
2012-05-04 14:18:07 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-03 20:01:36 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-21 19:32:42 285208 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-04-21 19:32:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-04-21 16:12:38 285208 ----a-w- c:\windows\system32\nvdrsdb0.bin
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 18:28:27,09 ===============
