SmitFraudFix v2.324 Scan done at 17:18:13,79, 2008-06-13 Run from C:\Dokumente und Einstellungen\gro\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe C:\Programme\Siemens\Step7\S7BIN\s7asysvx.exe C:\Programme\Gemeinsame Dateien\Siemens\S7IEPG\s7oiehsx.exe C:\Programme\Gemeinsame Dateien\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Programme\Symantec AntiVirus\SavRoam.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\WINDOWS\system32\StacSV.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\TwinCAT\EventLogger\TcEventLogger.exe C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\TwinCAT\TCATSysSrv.exe C:\Programme\Gemeinsame Dateien\Siemens\sws\almsrv\almsrvx.exe C:\WINDOWS\Explorer.EXE C:\Programme\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programme\DellTPad\ApMsgFwd.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\DellTPad\HidFind.exe C:\Programme\DellTPad\Apntex.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programme\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Programme\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\Gemeinsame Dateien\Siemens\Sqlany\dbsrv9.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\gro »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\gro\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\gro\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme 57xx Gigabit Controller - Paketplaner-Miniport DNS Server Search Order: 195.3.96.67 DNS Server Search Order: 195.3.96.68 Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Paketplaner-Miniport DNS Server Search Order: 195.3.96.67 DNS Server Search Order: 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.324 Scan done at 17:36:02,85, 2008-06-13 Run from C:\Dokumente und Einstellungen\gro\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme 57xx Gigabit Controller - Paketplaner-Miniport DNS Server Search Order: 195.3.96.67 DNS Server Search Order: 195.3.96.68 Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Paketplaner-Miniport DNS Server Search Order: 195.3.96.67 DNS Server Search Order: 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6CE25938-82D3-403A-8092-CE76B51DF177}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A2B22BED-B032-4688-BC4E-A01E16E8EBA9}: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.3.96.67 195.3.96.68 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ---RVAXO.exe Updated: [b]2008-05-29[/b]---first run--- [b]Uninstallers:[/b] [b]Files found:[/b] C:\WINDOWS\BM5323cb51.xml C:\WINDOWS\BM5323cb51.txt C:\WINDOWS\wininit.ini [b]Folders Found:[/b] Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- [b]Not deleted items:[/b] --------------RVAXO.exe finished---------------- ComboFix 08-06-09.7 - gro 2008-06-13 17:59:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1456 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\gro\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\gro\Desktop\cfscript.txt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\1343289442 C:\WINDOWS\system32\drivers\qandr.sys C:\WINDOWS\system32\drivers\spyemrg.sys C:\WINDOWS\system32\drivers\spyemrg_guard.sys C:\WINDOWS\system32\sremcon.exe C:\WINDOWS\system32\svchpg6.exe C:\WINDOWS\system32\ytwrhgsp.tmp . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\1343289442 C:\WINDOWS\system32\ytwrhgsp.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QANDR -------\Legacy_SPYEMRG -------\Service_qandr ((((((((((((((((((((((( Dateien erstellt von 2008-05-13 bis 2008-06-13 )))))))))))))))))))))))))))))) . 2008-06-13 17:51 . 2008-06-13 17:52 d-------- C:\RVAXO 2008-06-13 17:50 . 2008-05-29 21:30 828,824 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-06-13 17:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-06-13 17:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-13 17:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-13 17:18 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-13 17:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-13 17:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-13 17:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-06-13 17:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-13 17:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-13 17:18 . 2008-06-13 17:36 5,706 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-12 12:41 . 2008-06-12 12:41 6,656 --ahs---- C:\WINDOWS\Thumbs.db 2008-06-11 09:10 . 2008-04-14 17:51 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:10 . 2008-04-14 17:51 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 22:22 . 2008-06-10 22:22 d-------- C:\Dokumente und Einstellungen\Groß Peter 2008-06-10 22:22 . C:\Dokumente und Einstellungen\Gro¯ Peter\Lokale Einstellungen 2008-06-10 22:22 . C:\Dokumente und Einstellungen\Gro¯ Peter\Lokale Einstellungen 2008-06-10 21:51 . 2008-06-10 21:51 d-------- C:\Programme\CCleaner 2008-06-10 21:35 . 2008-06-10 21:35 d-------- C:\Programme\Trend Micro 2008-06-10 21:13 . 2008-06-10 21:13 d-------- C:\Programme\CleanUp! 2008-06-10 16:45 . 2008-06-10 16:45 d-------- C:\Programme\DNA 2008-06-10 16:45 . 2008-06-10 16:54 d-------- C:\Dokumente und Einstellungen\gro\Anwendungsdaten\DNA 2008-06-10 13:41 . 2008-06-10 13:41 d-------- C:\Programme\DAEMON Tools Lite 2008-06-10 12:23 . 2008-06-10 12:31 d-------- C:\Programme\SPYWAREfighter 2008-06-10 11:40 . 2008-06-10 11:40 d-------- C:\Dokumente und Einstellungen\gro\Anwendungsdaten\UnH Solutions 2008-06-10 11:39 . 2008-06-10 12:14 d-------- C:\Programme\Browser Sentinel 2 2008-06-09 11:53 . 2008-06-09 11:53 dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten 2008-06-09 11:53 . 2008-06-09 11:53 d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Talkback 2008-06-09 09:58 . 2008-06-10 16:27 d-------- C:\Programme\Spyware Doctor 2008-06-09 09:58 . 2008-06-13 18:06 d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-06-09 09:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-09 09:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-09 09:58 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-09 09:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-09 09:55 . 2008-06-10 16:55 d-------- C:\Programme\Google 2008-06-06 09:25 . 2008-06-06 09:25 56 --ah----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat 2008-06-02 15:46 . 2008-06-02 15:46 d-------- C:\Dokumente und Einstellungen\gro.NBGROSS\Anwendungsdaten\Dell 2008-06-02 15:45 . 2004-08-13 14:47 d--h----- C:\Dokumente und Einstellungen\gro.NBGROSS\Vorlagen 2008-06-02 15:45 . 2004-08-13 14:47 dr------- C:\Dokumente und Einstellungen\gro.NBGROSS\Startmen 2008-06-02 15:45 . 2004-08-13 14:47 d--h----- C:\Dokumente und Einstellungen\gro.NBGROSS\Netzwerkumgebung 2008-06-02 15:45 . 2008-06-10 22:22 d--h----- C:\Dokumente und Einstellungen\gro.NBGROSS\Lokale Einstellungen 2008-06-02 15:45 . 2008-06-02 15:46 dr------- C:\Dokumente und Einstellungen\gro.NBGROSS\Favoriten 2008-06-02 15:45 . 2008-06-02 15:46 dr------- C:\Dokumente und Einstellungen\gro.NBGROSS\Eigene Dateien 2008-06-02 15:45 . 2004-08-13 14:47 d--h----- C:\Dokumente und Einstellungen\gro.NBGROSS\Druckumgebung 2008-06-02 15:45 . 2008-02-22 13:13 d-------- C:\Dokumente und Einstellungen\gro.NBGROSS\Anwendungsdaten\Wave Systems Corp 2008-06-02 15:45 . 2008-02-22 13:01 d-------- C:\Dokumente und Einstellungen\gro.NBGROSS\Anwendungsdaten\InstallShield 2008-06-02 15:45 . 2008-06-02 15:46 dr-h----- C:\Dokumente und Einstellungen\gro.NBGROSS\Anwendungsdaten 2008-06-02 15:45 . 2008-06-02 16:58 d-------- C:\Dokumente und Einstellungen\gro.NBGROSS 2008-05-21 16:53 . 2008-05-21 16:53 d-------- C:\UTILS 2008-05-20 15:23 . 2008-05-20 15:23 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-20 10:50 . 2008-05-20 10:50 d-------- C:\Programme\Gemeinsame Dateien\Skype 2008-05-20 10:50 . 2008-06-13 09:08 d-------- C:\Dokumente und Einstellungen\gro\Anwendungsdaten\skypePM 2008-05-20 10:50 . 2008-05-20 10:50 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 16:06 --------- d-----w C:\Programme\Symantec AntiVirus 2008-06-13 11:08 --------- d-----w C:\Dokumente und Einstellungen\gro\Anwendungsdaten\Skype 2008-06-12 09:00 --------- d-----w C:\Programme\SAA DataClient 2008-06-02 15:25 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-05-20 08:50 --------- d-----w C:\Programme\Skype 2008-05-20 08:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:14 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:14 1,293,312 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-29 08:27 --------- d-----w C:\Programme\Afinion 2008-04-29 08:27 --------- d-----w C:\Dokumente und Einstellungen\gro\Anwendungsdaten\.ProjectViewer 2008-04-22 09:55 --------- d-----w C:\Dokumente und Einstellungen\gro\Anwendungsdaten\PC Tools 2008-04-22 09:03 --------- d-----w C:\Programme\Gemeinsame Dateien\Autodesk Shared 2008-04-22 09:00 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-04-17 09:32 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-17 09:32 --------- d-----w C:\Dokumente und Einstellungen\gro\Anwendungsdaten\DAEMON Tools 2008-04-14 14:14 --------- d-----w C:\Programme\IBH_Net 2008-04-14 14:14 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 187,168 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-24 16:37 155,995 ----a-w C:\WINDOWS\java\Packages\8SOXBZ3P.ZIP 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:03 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-18 08:47 274,495 ----a-w C:\WINDOWS\system32\TcAdsDll.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-10_22.21.10.40 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-10 20:14:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-13 16:04:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-14 15:51:00 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys - 2008-02-16 08:59:21 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-04-21 07:01:05 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-02-16 08:59:22 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-04-21 07:01:05 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll - 2008-02-16 08:59:22 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll + 2008-04-21 07:01:06 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll - 2008-02-16 08:59:21 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-04-21 07:01:05 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll - 2008-02-16 08:59:22 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-04-21 07:01:05 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll - 2008-02-16 08:59:22 1,056,256 ------w C:\WINDOWS\system32\dllcache\danim.dll + 2008-04-21 07:01:06 1,056,256 ------w C:\WINDOWS\system32\dllcache\danim.dll - 2008-02-16 08:59:23 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-21 07:01:06 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-02-16 08:59:23 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-21 07:01:06 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-02-16 08:59:23 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-21 07:01:06 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-02-16 08:59:23 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-04-21 07:01:06 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll - 2008-02-16 08:59:23 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-04-21 07:01:06 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll - 2008-02-16 08:59:23 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-21 07:01:06 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-02-16 22:29:28 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-21 07:01:08 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-02-16 08:59:28 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-21 07:01:09 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-02-16 08:59:28 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-21 07:01:09 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-02-16 08:59:28 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-21 07:01:10 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-02-16 08:59:28 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-21 07:01:10 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-02-16 08:59:29 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-04-21 07:01:11 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-02-16 08:59:29 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-04-21 07:01:12 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2008-02-16 08:59:29 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-21 07:01:13 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-02-16 08:59:29 665,088 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-21 07:01:13 665,088 ------w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-02-16 08:59:23 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-21 07:01:06 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-02-16 08:59:23 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-21 07:01:06 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-02-16 08:59:23 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-21 07:01:06 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-02-16 08:59:23 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-04-21 07:01:06 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2008-02-16 08:59:23 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-04-21 07:01:06 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2008-02-16 08:59:23 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-21 07:01:06 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-02-16 22:29:28 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-21 07:01:08 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-02-16 08:59:28 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-21 07:01:09 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-02-16 08:59:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-21 07:01:09 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-02-16 08:59:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-21 07:01:10 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-02-16 08:59:28 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-21 07:01:10 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-02-16 08:59:29 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-04-21 07:01:11 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-02-16 08:59:29 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-04-21 07:01:12 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2006-09-25 16:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:18:34 18,808 ------w C:\WINDOWS\system32\spmsg.dll - 2008-02-16 08:59:29 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-21 07:01:13 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-02-16 08:59:29 665,088 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-04-21 07:01:13 665,088 ----a-w C:\WINDOWS\system32\wininet.dll - 2008-02-15 23:03:14 374,272 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-04-17 11:03:46 374,272 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-06-13 16:04:38 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6e8.dat . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360] "Rainlendar2"="C:\Programme\Rainlendar2\Rainlendar2.exe" [ ] "AquaSoft PhotoKalender"="C:\PROGRA~1\AquaSoft\DESKTO~1\DESKTO~1.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programme\DellTPad\Apoint.exe" [2007-09-24 22:35 159744] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 13:45 138008] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 13:45 162584] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 13:45 138008] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 15:03 36975] "SigmatelSysTrayApp"="C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 19:24 405504] "Dell QuickSet"="C:\Programme\Dell\QuickSet\quickset.exe" [2007-07-20 18:55 1228800] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 06:17 2183168] "WavXMgr"="C:\Programme\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 11:55 92160] "SecureUpgrade"="C:\Programme\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 12:53 218424] "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624] "ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184] "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920] "RoxioDragToDisc"="C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920] "PDVDDXSrv"="C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 19:23 118784] "S7UB Start"="C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe" [2007-07-27 19:04 102453] "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "DeskCal"="C:\PROGRA~1\DESKTO~1\\DeskCal.exe" [ ] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-27 16:24 126048] "WinCC flexible Smart Start"="C:\Programme\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" [2007-07-20 03:02 159744] "TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 13:31 1194728] "AcronisTimounterMonitor"="C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 13:35 1966928] "Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2007-02-16 18:49 149024] "ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] C:\Programme\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 17:20 73728 C:\Programme\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2004-11-05 12:50 8704 C:\WINDOWS\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Gemeinsame Dateien\\Siemens\\SQLANY\\dbsrv9.exe"= "C:\\Programme\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007\\TraceServer.exe"= "C:\\Programme\\Gemeinsame Dateien\\Siemens\\SQLANY\\dbeng9.exe"= "C:\\WINDOWS\\system32\\IBHLink.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Programme\\Afinion\\Afinion Project Viewer\\PViewer\\jre\\launch4j-tmp\\VMStarter.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 11:57] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35] R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2007-06-25 16:47] R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2007-07-30 13:06] R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-08-10 10:34] R2 TcCam;TwinCAT CAM Server;C:\TwinCAT\Driver\TcCam.sys [2008-03-11 13:25] R2 TcIo;TwinCAT IO Server;C:\TwinCAT\Driver\TcIo.sys [2008-03-13 13:25] R2 TcNc;TwinCAT NC Server;C:\TwinCAT\Driver\TcNc.sys [2007-12-08 13:25] R2 TcPlc;TwinCAT IEC1131 Server;C:\TwinCAT\Driver\TcPlc.sys [2007-12-06 14:23] R2 TcRouter;TwinCAT Router Server;C:\TwinCAT\Driver\TcRouter.sys [2007-08-20 13:25] R2 TcRTime;TwinCAT Realtime Server;C:\TwinCAT\Driver\TcRTime.sys [2008-03-13 13:25] R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 11:55] R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 14:32] R3 fwkbdrtm;fwkbdrtm;C:\WINDOWS\system32\drivers\fwkbdrtm.sys [2007-07-19 21:56] R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 11:18] S3 dpmcslv;dpmcslv;C:\WINDOWS\system32\drivers\dpmcslv.sys [2005-07-04 17:04] S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 03:34] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 18:06:50 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\scardsvr.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\Programme\Dell\QuickSet\NicConfigSvc.exe C:\Programme\Siemens\Step7\S7BIN\s7asysvx.exe C:\Programme\Gemeinsame Dateien\Siemens\S7IEPG\s7oiehsx.exe C:\Programme\Gemeinsame Dateien\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Programme\Symantec AntiVirus\SavRoam.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\WINDOWS\system32\stacsv.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\TwinCAT\EventLogger\TcEventLogger.exe C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\TwinCAT\TCATSysSrv.exe C:\Programme\Gemeinsame Dateien\Siemens\SWS\almsrv\almsrvx.exe C:\Programme\Gemeinsame Dateien\Siemens\ALMPanelPlugin\ALMPanelPlugin.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\DellTPad\ApMsgFwd.exe C:\Programme\DellTPad\hidfind.exe C:\Programme\DellTPad\ApntEx.exe C:\Programme\Gemeinsame Dateien\Siemens\SQLANY\dbsrv9.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-06-13 18:10:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 16:10:33 17 Verzeichnis(se), 106,783,875,072 Bytes frei 21 Verzeichnis(se), 106,777,190,400 Bytes frei 331 --- E O F --- 2008-06-11 13:24:36 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23, on 2008-06-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe C:\Programme\Siemens\Step7\S7BIN\s7asysvx.exe C:\Programme\Gemeinsame Dateien\Siemens\S7IEPG\s7oiehsx.exe C:\Programme\Gemeinsame Dateien\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Programme\Symantec AntiVirus\SavRoam.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\WINDOWS\system32\StacSV.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\TwinCAT\EventLogger\TcEventLogger.exe C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\TwinCAT\TCATSysSrv.exe C:\Programme\Gemeinsame Dateien\Siemens\sws\almsrv\almsrvx.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\Programme\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\DellTPad\ApMsgFwd.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programme\DellTPad\HidFind.exe C:\Programme\DellTPad\Apntex.exe C:\Programme\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programme\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Programme\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Siemens\Sqlany\dbsrv9.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Programme\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [S7UB Start] "C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DeskCal] C:\PROGRA~1\DESKTO~1\\DeskCal.exe "C:\PROGRA~1\DESKTO~1\" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Programme\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" /startup O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [AquaSoft PhotoKalender] "C:\PROGRA~1\AquaSoft\DESKTO~1\DESKTO~1.EXE" "-p|Photokalender.ads" "-t|3 Monate unregelmäßig.pwt" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = saa.local O17 - HKLM\Software\..\Telephony: DomainName = saa.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = saa.local O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: gemsafe - C:\Programme\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Programme\Gemeinsame Dateien\Siemens\sws\almsrv\almsrvx.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Programme\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Programme\Gemeinsame Dateien\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Programme\Gemeinsame Dateien\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe O23 - Service: TwinCAT Nc Interpreter (TcNcI) - Beckhoff GmbH - C:\TwinCAT\CNC\TcNcI.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Programme\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11963 bytes