Archiv
Björn [Gast] schrieb am 15.April.2010, 21:20:03 in der Kategorie pc.security
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:59, on 15.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal
Running processes:
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe
C:\\Program Files\\System Control Manager\\MGSysCtrl.exe
C:\\Program Files\\Winamp\\winampa.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
D:\\Programme\\DAEMON Tools Lite\\daemon.exe
C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe
C:\\Windows\\System\\w98eject.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Users\\admin\\AppData\\Local\\Apps\\2.0\\646YN2BO.XRE\\67VGM1C6.YYT\\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\\fritzbox-usb-fernanschluss.exe
C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe
C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHid.exe
C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHsp.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\system32\\NOTEPAD.EXE
D:\\Programme\\CCleaner\\CCleaner.exe
C:\\Users\\admin\\Downloads\\HijackThis.exe
C:\\Program Files\\Skype\\Toolbars\\Shared\\SkypeNames2.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.msi.com.tw
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\IE\\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [SMSERIAL] C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
O4 - HKLM\\..\\Run: [ITSecMng] %ProgramFiles%\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe /START
O4 - HKLM\\..\\Run: [IAAnotif] C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe
O4 - HKLM\\..\\Run: [MGSysCtrl] C:\\Program Files\\System Control Manager\\MGSysCtrl.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [WinampAgent] \"C:\\Program Files\\Winamp\\winampa.exe\"
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [OrderReminder] C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe
O4 - HKLM\\..\\Run: [avgnt] \"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [AVMUSBFernanschluss] C:\\Users\\admin\\AppData\\Local\\Apps\\2.0\\646YN2BO.XRE\\67VGM1C6.YYT\\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\\AVMAutoStart.exe
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] \"D:\\Programme\\DAEMON Tools Lite\\daemon.exe\" -autorun
O4 - HKCU\\..\\Run: [AlcoholAutomount] \"D:\\Programme\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount
O4 - HKCU\\..\\Run: [YVIBBBHA8C] C:\\Users\\admin\\AppData\\Local\\Temp\\Xsh.exe
O4 - HKCU\\..\\Run: [Canaveral] rundll32.exe C:\\Users\\admin\\AppData\\Local\\Temp\\sshnas21.dll,BackupReadW
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'LOKALER DIENST\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'LOKALER DIENST\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'NETZWERKDIENST\')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\\Programme\\ICQ6.5\\ICQ.exe
O9 - Extra \'Tools\' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\\Programme\\ICQ6.5\\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\\Programme\\Cisco Systems\\VPN Client\\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAANTMon.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\\Program Files\\System Control Manager\\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\\Programme\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe
--
End of file - 7841 bytes
--------------------------------Install.txt----------------------------------
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22.09.2009 10.0.32.18
Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 11.02.2009 9
Adobe Reader 8.1.2 Adobe Systems Incorporated 01.01.2002 126,5MB 8.1.2
Agere Systems HDA Modem Agere Systems 02.01.2002
Any Video Converter 3.0.4 Any-Video-Converter.com 11.04.2010 64,1MB
Apple Application Support Apple Inc. 08.10.2009 32,2MB 1.0
Apple Mobile Device Support Apple Inc. 08.10.2009 40,4MB 2.6.0.32
Apple Software Update Apple Inc. 08.10.2009 2,16MB 2.1.1.116
Avira AntiVir Personal - Free Antivirus Avira GmbH 03.12.2009 68,7MB
AVM FRITZ!Box USB-Fernanschluss FRITZ!Box 15.03.2010 2.1.0.18
AVS Update Manager 1.0 Online Media Technologies Ltd. 21.02.2010 9,64MB
AVS Video Converter 6 Online Media Technologies Ltd. 21.02.2010 23,8MB
AVS4YOU Software Navigator 1.3 Online Media Technologies Ltd. 21.02.2010 8,97MB
Batch XLSX to XLS Converter 2009 Batchwork Software 06.01.2010 5,29MB
BestPractice (remove only) 20.12.2009 0,78MB
BitTorrent BitTorrent, Inc 25.09.2009 0,71MB
Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 01.01.2002 57,5MB v6.00.03
Bonjour Apple Inc. 08.10.2009 0,49MB 1.0.106
CCleaner Piriform 14.04.2010 2,77MB 2.30
Cisco Systems VPN Client 5.0.00.0340 Cisco Systems, Inc. 24.11.2009 12,1MB 5.0.0
Combined Community Codec Pack 2008-01-24 CCCP Project 21.02.2010 15,1MB 2008-01-24 00:00
Compatibility Pack for the 2007 Office system Microsoft Corporation 06.01.2010 95,0MB 12.0.6021.5000
DAEMON Tools Toolbar DT Soft Ltd 24.10.2009 1.0.8.0552
Dev-C++ 5 beta 9 release (4.9.9.2) 13.01.2010
Direct Show Ogg Vorbis Filter (remove only) 21.02.2010
DivX Codec DivX, Inc. 22.02.2010 1,57MB 6.9.1
DivX Converter DivX, Inc. 22.02.2010 45,3MB 7.1.0
DivX Player DivX, Inc. 22.02.2010 8,43MB 7.2.0
DivX Plus DirectShow Filters DivX, Inc. 22.02.2010 1,58MB
DivX Plus Web Player DivX,Inc. 22.02.2010 8,77MB 2.0.0
Dolby Control Center Dolby 01.01.2002 45,2MB 1.1.0402
doPDF 7.0 printer Softland 04.01.2010 4,59MB
EAGLE 5.6.0 CadSoft Computer GmbH 19.10.2009 5.6.0
Free Audio CD Burner version 1.2 DVDVideoSoft Limited. 14.11.2009 2,60MB
Free CD to MP3 Converter 03.11.2009 2,04MB
Free YouTube Download 2.3 DVDVideoSoft Limited. 02.10.2009 2,67MB
Free YouTube to MP3 Converter version 3.2 DVDVideoSoft Limited. 14.11.2009 2,68MB
Google Earth Google 03.02.2010 69,6MB 5.1.7938.4346
Guitar Pro 5.0 Arobas Music 20.12.2009 363,3MB
GXTranscoder v2 GermaniXSoft, Uwe Brückner 01.01.2010 23,7MB 2.24.2980
HijackThis 2.0.2 TrendMicro 14.04.2010 2.0.2
HP OrderReminder 19.10.2009 0,46MB 2.1
ICQ6.5 ICQ 11.11.2009 48,1MB 6.5
Intel® Matrix Storage Manager Intel Corporation 11.02.2009 37,0MB
Java(TM) 6 Update 17 Sun Microsystems, Inc. 31.12.2009 95,0MB 6.0.170
JMicron JMB38X Flash Media Controller JMicron Technology Corp. 01.01.2002 2,37MB 1.00.14.03
K-Lite Codec Pack 5.1.0 (Basic) 25.09.2009 17,6MB 5.1.0
LaserJet 1018 19.10.2009
MATLAB R2009a The MathWorks, Inc. 14.12.2009 3.988,5MB 7.8
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.09.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.02.2009 27,8MB
Microsoft Office Professional Edition 2003 Microsoft Corporation 11.02.2009 595,9MB 11.0.6361.0
Microsoft Office Suite Activation Assistant Microsoft Corporation 01.01.2002 8,37MB 2.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03.12.2009 0,58MB 9.0.30729
MKV TO AVI CONVERTER version 3.22 11.04.2010 2,19MB
MKV To AVI With Subtitle version 2.0 11.04.2010 1,45MB
Motorola SM56 Data Fax Modem 02.01.2002 2,24MB
Mozilla Firefox (3.6.2pre) Mozilla 25.03.2010 31,6MB 3.6.2pre (de)
MSI DVB-T USB BDA Driver 11.02.2009
MSI Software Install MSI 01.01.2002 2,08MB 1.0.8.0922
MSI TV Tuner Card BDA Driver 11.02.2009
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.02.2009 1,30MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,36MB 4.20.9876.0
NVIDIA Drivers 17.10.2009
Ogg Codecs 0.80.15039 Xiph.Org 26.10.2009 4,86MB 0.80.15039
OGM TO AVI CONVERTER version 3.1.1 21.02.2010 1,20MB
On2 VP7 Personal Edition 22.02.2010 0,86MB
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 Orban, Inc. 26.10.2009 1,74MB
QuickTime Apple Inc. 08.10.2009 76,5MB 7.64.17.73
RadLight Ogg Media DirectShow filter (remove only) \"RadLight, LLC.\" 21.02.2010
RealPlayer RealNetworks 05.04.2010 79,2MB
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 01.01.2002 1,54MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.01.2002 21,8MB 6.0.1.5636
Skype Toolbars Skype Technologies S.A. 21.02.2010 5,25MB 1.0.4051
Skype™ 4.1 Skype Technologies S.A. 21.02.2010 31,1MB 4.1.179
Socket Workbench 4.0 09.04.2010 1,66MB
Streamripper (Remove only) 08.10.2009 7,59MB
System Control Manager 01.01.2002 6,56MB 2.0108.0521.003.02
TrekStor i.Beat cebrax 21.11.2009 6,04MB
Uninstall 1.0.0.1 14.11.2009 26,1MB
VLC media player 0.9.8a VideoLAN Team 10.02.2009 60,4MB 0.9.8a
Winamp Nullsoft, Inc 10.02.2009 29,2MB 5.541
Windows Driver Package - Atheros Communications Inc. (athr) Net (03/26/2008 7.4.2.57) Atheros Communications Inc. 11.02.2009 03/26/2008 7.4.2.57
Windows Driver Package - Atheros Communications Inc. Net (03/26/2008 7.4.2.57) Atheros Communications Inc. 11.02.2009 03/26/2008 7.4.2.57
Windows Media Player Firefox Plugin Microsoft Corp 26.11.2009 0,29MB 1.0.0.8
WinRAR archiver 11.02.2009
Zoom Player (remove only) 21.02.2010 2,08MB
---------------------------------GMER Scan-------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-15 21:05:24
Windows 6.0.6001 Service Pack 1
Running: 8cu5u25x.exe; Driver: C:\\Users\\admin\\AppData\\Local\\Temp\\pwrcrpob.sys
---- Devices - GMER 1.0.15 ----
Device \\FileSystem\\Ntfs \\Ntfs 8552F1F8
---- EOF - GMER 1.0.15 ----
Archiv