Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:16:33, on 23.03.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\SuRun.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\System32\SCardSvr.exe
J:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
J:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
J:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\WINDOWS\Explorer.EXE
J:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
J:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
J:\Programme\F-Secure\fshoster32.exe
J:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe
J:\Programme\Java\jre6\bin\jqs.exe
J:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
J:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Eigene Dateien\Eigene Dokumente\Handy\SupServ.exe
J:\Programme\OO Software\Defrag\oodag.exe
J:\WINDOWS\System32\svchost.exe
J:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
J:\WINDOWS\Dit.exe
J:\Programme\OO Software\Defrag\oodtray.exe
D:\Programme\Geburtstagsmanager\burz.exe
J:\WINDOWS\SuRun.exe
J:\Programme\F-Secure\fshoster32.exe
J:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
J:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
J:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Programme\HDD Health\hddhealth.exe
C:\Programme\KKH-Allianz Sicherheitskit\KKH-Allianz_VPS.exe
J:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
J:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
J:\WINDOWS\system32\wbem\wmiprvse.exe
J:\WINDOWS\System32\alg.exe
J:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
J:\Programme\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
J:\Programme\Outlook Express\msimn.exe
J:\Programme\Mozilla Firefox\firefox.exe
C:\Eigene Dateien\Downloads\HiJackThis204(7).exe
J:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - J:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
O2 - BHO: eCard Client Initiator - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\Programme\siqeCardClient.ols
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - J:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - J:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - J:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [OODefragTray] J:\Programme\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [GeburtstagsManager] D:\Programme\Geburtstagsmanager\burz.exe /silent
O4 - HKLM\..\Run: [SuRun Systemmenü-Erweiterung] J:\WINDOWS\SuRun.exe /SYSMENUHOOK
O4 - HKLM\..\Run: [F-Secure Hoster] "J:\Programme\F-Secure\fshoster32.exe" -app -hosterid:1
O4 - HKLM\..\Run: [F-Secure Manager] "J:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "J:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SAOB Monitor] J:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "J:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "J:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] J:\Programme\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [SCMEGKKVKViewer] "C:\Programme\KKH-Allianz Sicherheitskit\KKH-Allianz_VPS.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Denk Dran!.lnk = J:\Programme\DATA BECKER\Denk Dran!\BdR.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: j:\programme\f-secure\apps\onlinesafety\fscc\fscclsp2.dll
O10 - Unknown file in Winsock LSP: j:\programme\f-secure\apps\onlinesafety\fscc\fscclsp2.dll
O10 - Unknown file in Winsock LSP: j:\programme\f-secure\apps\onlinesafety\fscc\fscclsp2.dll
O10 - Unknown file in Winsock LSP: j:\programme\f-secure\apps\onlinesafety\fscc\fscclsp2.dll
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///M:/components/hidinputmonitorx.ocx
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://L:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///M:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///M:/components/wmvhdrating.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - J:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - J:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - J:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - J:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - J:\Programme\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - J:\Programme\F-Secure\fshoster32.exe
O23 - Service: FSMA - F-Secure Corporation - J:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - J:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9857e706f0ace) (gupdate1c9857e706f0ace) - Unknown owner - J:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - J:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - J:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Eigene Dateien\Eigene Dokumente\Handy\SupServ.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - J:\Programme\OO Software\Defrag\oodag.exe
O23 - Service: Super User Run (SuRun) Service - http://kay-bruns.de - J:\WINDOWS\SuRun.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - J:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: UPnPService - Magix AG - J:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 11201 bytes
Mir ist bekannt, dass HijackThis nicht mehr aktuell ist. Die Auswertung dieses Logfiles zeigt aber einige Pos. mit Bemerkungen und, bevor ich etwas unternehme, hätte ich gerne dazu hilfreiche Tipps.
Gruß
Bosco
Bosco Gast |
26.03.jpg
