Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:10:25, on 09.11.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:Program Files (x86)SkypePhoneSkype.exe G:guiminerguiminer.exe C:Program FilesAVAST SoftwareAvastAvastUI.exe C:Program Files (x86)Microsoft OfficeOffice14OUTLOOK.EXE C:Program Files (x86)Nettalk6Nettalk.exe C:Program Files (x86)ASUSSmartDoctorSmartDoctor.exe C:Program Files (x86)TeamViewerVersion6TeamViewer.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe G:guiminerpoclbm.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)Internet ExplorerIELowutil.exe C:Program Files (x86)iTunesiTunes.exe C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe C:Program Files (x86)Common FilesAppleMobile Device SupportATH.exe C:Program Files (x86)Common FilesAppleMobile Device SupportSyncServer.exe C:WindowsSysWOW64 undll32.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:WindowsSysWow64 undll32.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)Windows Media Playerwmplayer.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:UsersCorvinDownloadsHiJackThis204.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.de/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64lank.htm R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:Program Files (x86)facemoods.comfacemoods1.4.17.7hfacemoods.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~3Office14GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~3Office14URLREDIR.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:Program Files (x86)Free Download Manageriefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7injp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:Program Files (x86)facemoods.comfacemoods1.4.17.7facemoodsTlbr.dll (file missing) O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O4 - HKLM..Run: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /nogui O4 - HKLM..Run: [BCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices O4 - HKCU..Run: [Skype] "C:Program Files (x86)SkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOKALER DIENST') O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: guiminer.lnk = G:guiminerguiminer.exe O4 - Startup: Microsoft Outlook 2010.lnk = ? O4 - Startup: Nettalk.lnk = C:Program Files (x86)Nettalk6Nettalk.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:Program Files (x86)Free Download Managerdlall.htm O8 - Extra context menu item: An OneNote s&enden - res://C:PROGRA~2MICROS~3Office14ONBttnIE.dll/105 O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:Program Files (x86)Free Download Managerdlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:Program Files (x86)Free Download Managerdllink.htm O8 - Extra context menu item: Free YouTube Download - C:UsersCorvinAppDataRoamingDVDVideoSoftIEHelpersfreeyoutubedownload.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:PROGRA~2MICROS~3Office14EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:Program Files (x86)Free Download Managerdlfvideo.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAVAST SoftwareAvastAvastSvc.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:Windowssystem32srvany.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%System32 etlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:Program Files (x86)TeamViewerVersion6TeamViewer_Service.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 11003 bytes