Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:17:52, on 17.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Eraser\Eraser.exe
C:\Programme\Nuance\PDF Professional 6\pdfpro6hook.exe
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
E:\Foto Programme\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
E:\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
E:\Apple\Quicktime\QTTask.exe
E:\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Iomega\Home Storage Manager\Iomega Discovery.exe
E:\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tools\Active_Sync\Wcescomm.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Tools\ACTIVE~1\rapimgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe
C:\Programme\Iomega\QuikProtect\QpMonitor.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\Programme\Iomega\QuikProtect\QuikProtect.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\C7QLJ4WL.3XE\A7ZLJ1HX.LX1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrospect.exe
C:\Programme\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\MSN\Toolbar\3.0.1203.0\msntask.exe
X:\Tools\von E Tools\HijacjThis\Programm\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file)
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 6\pdfpro6hook.exe
O4 - HKLM\..\Run: [PDF6 Registry Controller] C:\Programme\Nuance\PDF Professional 6\RegistryController.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [ISUSPM] "E:\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TrayServer] E:\Video\VIDEO_~4\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Apple\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Iomega Home Storage Manager] C:\Programme\Iomega\Home Storage Manager\Iomega Discovery.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuiKProtect] C:\Programme\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Tools\Active_Sync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AVMUSBFernanschluss] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\C7QLJ4WL.3XE\A7ZLJ1HX.LX1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
O4 - HKCU\..\Run: [Update Service] E:\GEMEIN~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Startup: Iomega Product Registration.lnk = C:\Programme\Iomega\Registration\Register.exe
O4 - Startup: Kalenderchen.lnk = C:\Programme\Kalenderchen\Kalenderchen.exe
O4 - Startup: T-DSL Manager.lnk = ?
O4 - User Startup: AutorunsDisabled
O4 - User Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - User Startup: Iomega Product Registration.lnk = C:\Programme\Iomega\Registration\Register.exe
O4 - User Startup: Kalenderchen.lnk = C:\Programme\Kalenderchen\Kalenderchen.exe
O4 - User Startup: T-DSL Manager.lnk = ?
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - res://C:\Programme\Nuance\PDF Professional 6\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 6 - res://C:\Programme\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Tools\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Tools\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Tools\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Tools\Spyware\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Tools\Spyware\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190111500156
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///Y:/components/wmvhdrating.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A039DF29-EE78-4F2F-97FF-92495D0B4DF6}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Foto Programme\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - E:\Foto Programme\Adobe Photoshop Elements 8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - AVM GmbH - (no file)
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Paragon Software Group - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Unknown owner - (no file)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe
O23 - Service: QSCopyEngine - Unknown owner - C:\Programme\Iomega\QuikProtect\QpMonitor.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
O23 - Service: T-DSL Manager (TDslMgrService) - T-Systems - C:\Programme\T-DSL Manager\DslMgrSvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 14683 bytes