Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:19:25, on 28.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate Personal Firewall 5.6\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AVG Anti Virus Free 9\avgchsvx.exe
C:\Programme\AVG Anti Virus Free 9\avgrsx.exe
C:\Programme\AVG Anti Virus Free 9\avgcsrvx.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVG Anti Virus Free 9\avgwdsvc.exe
C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
E:\Delphi7\InterBase\bin\ibguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\AVG Anti Virus Free 9\avgnsx.exe
C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\OCS\SM\Search AnonymizerHelper.exe
E:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
E:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\AVG Anti Virus Free 9\avgemc.exe
C:\Programme\AVG Anti Virus Free 9\avgcsrvx.exe
E:\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
E:\Delphi7\InterBase\bin\ibserver.exe
C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVGANT~1\avgtray.exe
E:\Acronis TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Desk Drive\DeskDrive.exe
E:\SpeedFan\speedfan.exe
C:\Programme\ROCCAT\Kone Mouse\osd.exe
E:\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\a-squared HiJackFree\a2hijackfree.exe
C:\WINDOWS\system32\temp\winlogon.exe
H:\Install Setups & Tools\Anti Spyware\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Yodl.de - die Suchmaschine für alles!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN Canada - The all-new MSN Canada, home of world-class services such as Hotmail, Windows Live Messenger, and News, Sports, Financial and Entertainment services
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
MSN Canada - The all-new MSN Canada, home of world-class services such as Hotmail, Windows Live Messenger, and News, Sports, Financial and Entertainment services
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
Donate | Blue Onion Software
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG Anti Virus Free 9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [BCU] "C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\OCS\SM\Search Anonymizer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1.6\smc.exe -startgui
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVGANT~1\avgtray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Acronis TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kone] "C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [input] C:\WINDOWS\system32\temp\winlogon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeskDriveStartup] E:\Desk Drive\DeskDrive.exe
O4 - HKCU\..\Run: [speedfan] E:\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [output] C:\WINDOWS\system32\temp\winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\temp\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1261904405859
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1261904583968
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://ccfiles.creative.com/Web/soft...5111/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C7C5D9-2E4F-4AB0-A631-05AD42F41ED0}: NameServer = 195.50.140.232,195.50.140.114
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG Anti Virus Free 9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG Anti Virus Free 9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG Anti Virus Free 9\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1ca9d2be053357) (gupdate1ca9d2be053357) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - E:\Delphi7\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - E:\Delphi7\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\OCS\SM\Search AnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate Personal Firewall 5.6\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - E:\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9838 bytes
HijackThis.de Short-Analyzing
[X] - C:\WINDOWS\system32\temp\winlogon.exe
[?] - R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
[?] - O4 - HKCU\..\Run: [output] C:\WINDOWS\system32\temp\winlogon.exe
[?] - O20 - AppInit_DLLs: