swizes Posted September 27, 2011 Report Share Posted September 27, 2011 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:23:43, on 27.09.2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\WindowsMobile\wmdc.exeC:\Windows\Vm_sti.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskhost.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\PowerISO\PWRISOVM.EXEC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Xfire\Xfire.exeC:\Users\n1t1\Desktop\Xfire Status Changer.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Mail\wlmail.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\rundll32.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskmgr.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\n1t1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=bf3R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.chR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf3&s={searchTerms}&f=4R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.73.161.146:80R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dllR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLLO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dllO3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dllO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimizeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE ZSMC USB PC CameraO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md IO4 - HKCU\..\Run: [Google Update] "C:\Users\n1t1\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silentO4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStartO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')O4 - HKUS\S-1-5-21-2054440496-1404132232-2879679445-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-2054440496-1404132232-2879679445-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000O8 - Extra context menu item: OneNote'a G&önder - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeO23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: soft Xpansion Dispatch Service (SXDS10) - soft Xpansion - C:\Program Files\Common Files\soft Xpansion\SXDS10.exeO23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe--End of file - 10595 bytes----------------------------Process PID CPU Private Bytes Working Set Description Company NameSystem Idle Process 0 57.21 0 K 12 K System 4 0.61 52 K 1.332 K Interrupts n/a 2.00 0 K 0 K Hardware Interrupts and DPCs smss.exe 356 312 K 500 K Windows-Sitzungs-Manager Microsoft Corporationcsrss.exe 436 2.692 K 1.872 K Client-Server-Laufzeitprozess Microsoft Corporationwininit.exe 496 880 K 144 K Windows-Startanwendung Microsoft Corporation services.exe 544 5.368 K 4.316 K Anwendung für Dienste und Controller Microsoft Corporation svchost.exe 736 3.624 K 3.928 K Hostprozess für Windows-Dienste Microsoft Corporation wlcomm.exe 1520 0.03 28.836 K 26.804 K Windows Live Communications Platform Microsoft Corporation WmiPrvSE.exe 2516 1.852 K 4.752 K WMI Provider Host Microsoft Corporation nvSCPAPISvr.exe 820 2.008 K 1.028 K Stereo Vision Control Panel API Server NVIDIA Corporation svchost.exe 856 5.412 K 4.664 K Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 944 16.384 K 9.168 K Hostprozess für Windows-Dienste Microsoft Corporation audiodg.exe 3996 15.112 K 14.064 K Windows Graphisolierung für Audiogeräte Microsoft Corporation svchost.exe 1044 76.988 K 71.192 K Hostprozess für Windows-Dienste Microsoft Corporation WUDFHost.exe 2656 1.556 K 672 K Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess Microsoft Corporation dwm.exe 3116 3.224 K 2.692 K Desktopfenster-Manager Microsoft Corporation dwm.exe 1132 2.680 K 732 K Desktopfenster-Manager Microsoft Corporation svchost.exe 1084 0.04 33.008 K 24.168 K Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 1240 9.144 K 7.156 K Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 1596 0.21 23.856 K 16.784 K Hostprozess für Windows-Dienste Microsoft Corporation spoolsv.exe 1692 4.972 K 1.980 K Spoolersubsystem-Anwendung Microsoft Corporation svchost.exe 1728 12.948 K 7.584 K Hostprozess für Windows-Dienste Microsoft Corporation armsvc.exe 1836 780 K 540 K Adobe Acrobat Update Service Adobe Systems Incorporated svchost.exe 1876 0.07 8.004 K 8.684 K Hostprozess für Windows-Dienste Microsoft Corporation ICQ Service.exe 1912 2.504 K 768 K ICQIEUpdater Module PnkBstrA.exe 1964 0.01 3.248 K 3.820 K svchost.exe 396 1.532 K 3.108 K Hostprozess für Windows-Dienste Microsoft Corporation TeamViewer_Service.exe 488 3.364 K 1.016 K TeamViewer Remote Control Application TeamViewer GmbH WLIDSVC.EXE 1208 < 0.01 7.208 K 7.308 K Microsoft® Windows Live ID Service Microsoft Corp. WLIDSVCM.EXE 2068 612 K 456 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. taskhost.exe 1488 0.01 9.444 K 4.452 K Hostprozess für Windows-Aufgaben Microsoft Corporation sppsvc.exe 2456 9.776 K 5.448 K Softwareschutzplattform-Dienst von Microsoft Microsoft Corporation svchost.exe 2548 2.148 K 2.500 K Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 3304 2.692 K 1.892 K Hostprozess für Windows-Dienste Microsoft Corporation daemonu.exe 5136 0.01 3.852 K 4.896 K NVIDIA Settings Update Manager NVIDIA Corporation svchost.exe 5184 20.53 64.932 K 27.352 K Hostprozess für Windows-Dienste Microsoft Corporation SearchIndexer.exe 2376 0.01 47.152 K 27.620 K Microsoft Windows Search-Indexerstellung Microsoft Corporation SearchProtocolHost.exe 1344 < 0.01 3.096 K 5.900 K Microsoft Windows Search Protocol Host Microsoft Corporation OSPPSVC.EXE 8136 2.184 K 6.328 K Microsoft Office Software Protection Platform Service Microsoft Corporation taskhost.exe 5528 5.880 K 1.092 K Hostprozess für Windows-Aufgaben Microsoft Corporation taskhost.exe 2160 7.248 K 2.244 K Hostprozess für Windows-Aufgaben Microsoft Corporation PnkBstrB.exe 7096 1.98 3.352 K 5.564 K lsass.exe 568 9.188 K 8.416 K Local Security Authority Process Microsoft Corporation lsm.exe 576 2.260 K 1.944 K Lokaler Sitzungs-Manager-Dienst Microsoft Corporationcsrss.exe 504 1.48 20.892 K 15.224 K Client-Server-Laufzeitprozess Microsoft Corporationwinlogon.exe 628 1.720 K 908 K Windows-Anmeldeanwendung Microsoft Corporationnvvsvc.exe 1348 < 0.01 3.108 K 2.108 K NVIDIA Driver Helper Service, Version 280.26 NVIDIA Corporationexplorer.exe 3140 0.12 93.784 K 71.180 K Windows-Explorer Microsoft Corporation wmdc.exe 3280 3.248 K 1.288 K Windows Mobile-Gerätecenter Microsoft Corporation Vm_sti.exe 3428 0.01 2.816 K 2.152 K Vimicro Vimicro jusched.exe 3436 1.760 K 964 K Java Update Scheduler Sun Microsystems, Inc. Xfire.exe 6128 4.21 131.268 K 31.832 K Xfire Xfire Inc. Xfire Status Changer.exe 2168 0.02 16.892 K 7.488 K Xfire Status Changer Heroics msnmsgr.exe 4852 1.68 90.900 K 53.896 K Windows Live Messenger Microsoft Corporation wlmail.exe 2004 0.10 150.184 K 128.104 K Windows Live Mail Microsoft Corporation chrome.exe 2420 0.05 88.172 K 116.596 K Google Chrome Google Inc. chrome.exe 3208 20.492 K 29.680 K Google Chrome Google Inc. chrome.exe 7928 48.580 K 63.600 K Google Chrome Google Inc. rundll32.exe 7308 5.484 K 6.112 K Windows-Hostprozess (Rundll32) Microsoft Corporation chrome.exe 2436 0.60 33.068 K 40.992 K Google Chrome Google Inc. chrome.exe 3776 41.980 K 55.700 K Google Chrome Google Inc. chrome.exe 2624 0.01 47.484 K 60.468 K Google Chrome Google Inc. chrome.exe 3036 0.02 33.544 K 46.772 K Google Chrome Google Inc. chrome.exe 2784 0.01 55.292 K 67.768 K Google Chrome Google Inc. chrome.exe 7580 0.07 57.240 K 69.660 K Google Chrome Google Inc. taskmgr.exe 4548 0.31 8.124 K 16.164 K Windows Task-Manager Microsoft Corporation uTorrent.exe 4052 0.01 9.236 K 14.268 K µTorrent BitTorrent, Inc. procexp.exe 684 7.92 19.048 K 37.592 K Sysinternals Process Explorer Sysinternals - www.sysinternals.comcsrss.exe 1152 0.03 1.520 K 1.108 K Client-Server-Laufzeitprozess Microsoft Corporationwinlogon.exe 4156 2.304 K 796 K Windows-Anmeldeanwendung Microsoft Corporationnvtray.exe 3932 2.648 K 860 K NVIDIA Settings NVIDIA Corporationexplorer.exe 2208 < 0.01 39.352 K 16.904 K Windows-Explorer Microsoft Corporation PWRISOVM.EXE 7012 828 K 620 K PowerISO Virtual Drive Manager PowerISO Computing, Inc. wmdc.exe 3528 1.472 K 888 K Windows Mobile-Gerätecenter Microsoft Corporation jusched.exe 3172 1.928 K 1.160 K Java Update Scheduler Sun Microsystems, Inc. iexplore.exe 2804 0.01 8.224 K 4.148 K Internet Explorer Microsoft Corporation iexplore.exe 5308 0.36 69.228 K 7.468 K Internet Explorer Microsoft Corporation iexplore.exe 1904 0.24 113.092 K 86.468 K Internet Explorer Microsoft Corporation iexplore.exe 6840 38.168 K 2.596 K Internet Explorer Microsoft Corporationnotepad.exe 6568 < 0.01 2.852 K 6.684 K Editor Microsoft Corporation------------------------------------------http://www.zshare.net/download/94626552b98ce4e2/Help me please Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.