Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
zuerst die Symptome:
Trend Micro Office Scan findet immer wieder folgene Viren:
TROJ_VIRTUM.WV
HTML_IFRAME.HT
C:\Documents and Settings\atw11ge1\Local Settings\Temp\faqgmgyl.dll
C:\Documents and Settings\atw11ge1\Local Settings\Temp\gsykoxco.dll
C:\Documents and Settings\atw11ge1\Local Settings\Temp\dbpaibbh.dll
C:\Documents and Settings\atw11ge1\Local Settings\Temp\ffhfxoke.dll
Die DLLs werden immer in Quarantaene geschickt und tauchen unter neuem Namen wieder auf.
Weiters kommt beim Starten des Rechners immer die Meldung des Internetexplorers, dass keine Verbindung besteht und ob offline gearbeitet werden soll. Dabei habe ich den Internet Explorer gar nicht laufen. Es versucht also irgendein Prozess ueber den I.Explorer ins Internet zu kommen.
Dann gibt es noch etwas, das vielleicht gar nicht damit zusammenhaengt, vielleicht aber doch: Ich boote meinen Rechner selten sondern versetzte ihn immer in den Ruhezustand (Hibernate). Seit einiger Zeit funktioniert das nicht mehr, weil es nach kurzer Zeit zu einem Wake-up kommt, obwohl das LAN Kabel gar nicht angesteckt ist. Die BIOS Einstellungen habe ich gecheckt. Dort hat sich nichts veraendert.
Habe alle Schritte wie beschrieben durchgefuehrt, es befinden sich jetzt 2 neue directories auf C:
c:\cmdcons
c:\Qoobox
Anmerkung: Trend Micro OfficeScan konnte ich fuer Combofix nicht deaktivieren, da ein PWD erforderlich ist. Auch eine Ueberlistung in der ofcscan.ini war nicht erfolgreich. Habe dann einfach alle Trend Micro Prozesse im Task Manger gekillt. Combofix hat trotzdem gemeckert.
Werde nun verfolgen, ob die Symptome weg sind.
Es folgen die Logs:
Malwarebytes' Anti-Malware 1.37
Datenbank Version: 2195
Windows 5.1.2600 Service Pack 3
2009-05-30 10:16:44
mbam-log-2009-05-30 (10-16-44).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 110958
Laufzeit: 6 minute(s), 27 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\WINNT\system32\pmnnKaaW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\urqQgFXq.dll (Trojan.Vundo.H) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqgfxq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52276192-6c45-42a0-9c1f-9919e34b0f4f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{52276192-6c45-42a0-9c1f-9919e34b0f4f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo.H) -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\pmnnkaaw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\pmnnkaaw -> Delete on reboot.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINNT\system32\urqQgFXq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\pmnnKaaW.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINNT\system32\WaaKnnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINNT\system32\WaaKnnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
ComboFix 09-05-29.01 - atw11ge1 2009-05-30 10:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT 2:00]
Running from: c:\documents and settings\atw11ge1\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {7D238B3E-45FF-4A4E-8511-72A152843591}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\ljijgene.dll
c:\winnt\system32\naqtluxg.dll
c:\winnt\system32\ToolBx.dll
----- BITS: Possible infected sites -----
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_R_SERVER
-------\Service_r_server
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.
2009-05-30 08:04 . 2009-05-30 08:04 -------- d-----w c:\documents and settings\atw11ge1\Application Data\Malwarebytes
2009-05-30 08:04 . 2009-05-26 11:20 40160 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-05-30 08:04 . 2009-05-30 08:04 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 08:04 . 2009-05-26 11:19 19096 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-05-29 08:45 . 2009-05-29 08:45 314200 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-29 08:45 . 2009-05-29 08:45 25440 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-29 08:45 . 2009-05-29 08:45 83808 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-29 08:45 . 2009-05-29 08:45 1630048 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-29 08:45 . 2009-05-29 08:45 627536 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-27 13:42 . 2009-05-27 13:42 -------- d-----w c:\winnt\system32\log
2009-05-27 13:41 . 2009-05-27 13:41 -------- d-----w c:\documents and settings\All Users\~Backup
2009-05-26 14:43 . 2009-05-01 08:48 15688 ----a-w c:\winnt\system32\lsdelete.exe
2009-05-26 14:12 . 2009-05-26 14:12 169312 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-26 14:12 . 2009-05-26 14:12 15688 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 14:12 . 2009-05-26 14:12 348496 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-26 14:12 . 2009-05-26 14:12 294240 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-26 14:11 . 2009-05-26 14:11 64160 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-26 14:11 . 2009-05-26 14:11 40288 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-26 14:11 . 2009-05-26 14:11 212848 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-26 14:11 . 2009-05-26 14:11 640360 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-26 14:11 . 2009-05-26 14:11 559464 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-26 14:11 . 2009-05-26 14:11 540536 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-26 14:11 . 2009-05-26 14:11 2352456 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-26 14:11 . 2009-05-26 14:11 518488 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-26 14:11 . 2009-05-26 14:11 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-24 13:06 . 2009-05-24 13:06 2079 ----a-w c:\winnt\system32\M1achardks.dll
2009-05-24 09:38 . 2009-05-24 09:38 4100 ----a-w c:\winnt\system32\hdvirffo.dll
2009-05-22 20:34 . 2009-05-22 20:36 -------- d-----w c:\temp\pronetfx
2009-05-07 07:19 . 2009-05-07 07:19 -------- d-----w c:\program files\EFS CIU
2009-05-05 07:45 . 2006-01-23 13:20 27008 ----a-w c:\winnt\system32\drivers\siusbmod.sys
2009-05-05 07:44 . 2009-05-05 07:44 -------- d-----w c:\program files\Common Files\XCPCSync.OEM
2009-05-04 09:24 . 2009-05-04 09:24 132608 -c--a-w c:\winnt\system32\dllcache\fxsclntr.dll
2009-05-04 09:24 . 2009-05-04 09:24 132608 ----a-w c:\winnt\system32\fxsclntR.dll
2009-05-04 09:24 . 2009-05-04 09:24 111104 -c--a-w c:\winnt\system32\dllcache\fxscfgwz.dll
2009-05-04 09:24 . 2009-05-04 09:24 111104 ----a-w c:\winnt\system32\fxscfgwz.dll
2009-05-04 09:23 . 2009-05-04 09:23 400384 -c--a-w c:\winnt\system32\dllcache\fxsxp32.dll
2009-05-04 09:23 . 2009-05-04 09:23 400384 ----a-w c:\winnt\system32\fxsxp32.dll
2009-05-04 09:23 . 2009-05-04 09:23 192512 -c--a-w c:\winnt\system32\dllcache\fxswzrd.dll
2009-05-04 09:23 . 2009-05-04 09:23 192512 ----a-w c:\winnt\system32\fxswzrd.dll
2009-05-04 09:23 . 2009-05-04 09:23 154112 -c--a-w c:\winnt\system32\dllcache\fxsui.dll
2009-05-04 09:23 . 2009-05-04 09:23 154112 ----a-w c:\winnt\system32\fxsui.dll
2009-05-04 09:22 . 2009-05-04 09:22 397312 -c--a-w c:\winnt\system32\dllcache\fxstiff.dll
2009-05-04 09:22 . 2009-05-04 09:22 397312 ----a-w c:\winnt\system32\fxstiff.dll
2009-05-04 09:22 . 2009-05-04 09:22 246272 -c--a-w c:\winnt\system32\dllcache\fxst30.dll
2009-05-04 09:22 . 2009-05-04 09:22 246272 ----a-w c:\winnt\system32\fxst30.dll
2009-05-04 09:22 . 2009-05-04 09:22 562176 -c--a-w c:\winnt\system32\dllcache\fxsst.dll
2009-05-04 09:22 . 2009-05-04 09:22 562176 ----a-w c:\winnt\system32\fxsst.dll
2009-05-04 09:21 . 2009-05-04 09:21 6656 -c--a-w c:\winnt\system32\dllcache\fxsres.dll
2009-05-04 09:21 . 2009-05-04 09:21 6656 ----a-w c:\winnt\system32\fxsres.dll
2009-05-04 09:19 . 2009-05-04 09:19 27136 -c--a-w c:\winnt\system32\dllcache\fxsdrv.dll
2009-05-04 09:19 . 2009-05-04 09:19 27136 ----a-w c:\winnt\system32\fxsdrv.dll
2009-05-01 08:45 . 2009-05-01 08:45 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-01 08:45 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-04-30 15:12 . 2009-05-01 08:45 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 09:01 . 2006-03-07 10:47 -------- d-----w c:\program files\OfficeScan NT
2009-05-28 08:45 . 2006-03-13 15:14 -------- d-----w c:\program files\PocketFMS
2009-05-24 13:00 . 2009-04-09 09:50 -------- d-----w c:\documents and settings\atw11ge1\Application Data\uTorrent
2009-05-21 09:30 . 2008-12-10 09:43 37021 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\uninstall.exe
2009-05-05 07:59 . 2006-09-22 14:30 -------- d-----w c:\documents and settings\atw11ge1\Application Data\XCPCSync.OEM
2009-05-05 07:45 . 2006-09-22 14:21 15349 -c--a-w c:\winnt\Help\hhcolreg.dat
2009-05-05 07:45 . 2006-03-07 10:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 15:10 . 2009-03-17 10:34 5632 ----a-w c:\winnt\system32\drivers\StarOpen.sys
2009-04-30 11:03 . 2009-01-16 18:33 -------- d-----w c:\program files\Jeppesen
2009-04-17 06:29 . 2008-04-15 07:04 279296 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-17 06:27 . 2006-03-07 10:32 -------- d-----w c:\program files\Java
2009-04-14 19:36 . 2009-04-14 19:36 55248 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\uninstall.exe
2009-04-14 19:36 . 2009-04-14 19:36 214408 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
2009-04-14 19:36 . 2009-04-14 19:36 206208 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
2009-04-14 19:36 . 2009-04-14 19:36 90195 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\ShavlikIMC.dll
2009-04-14 19:35 . 2009-04-14 19:35 49236 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\CertAuthIMC.dll
2009-04-14 19:35 . 2009-04-14 19:35 3072 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsnsisdll.dll
2009-04-14 19:35 . 2009-04-14 19:35 41043 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\JSystemIMC.dll
2009-04-14 19:35 . 2009-04-14 19:35 81998 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\hcimc.dll
2009-04-14 19:35 . 2009-04-14 19:35 393292 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\EPCheck.dll
2009-04-14 19:34 . 2009-04-14 19:34 36864 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_zh_cn.dll
2009-04-14 19:34 . 2009-04-14 19:34 36864 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_zh.dll
2009-04-14 19:34 . 2009-04-14 19:34 36864 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_ko.dll
2009-04-14 19:34 . 2009-04-14 19:34 40960 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_fr.dll
2009-04-14 19:34 . 2009-04-14 19:34 36864 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_ja.dll
2009-04-14 19:34 . 2009-04-14 19:34 40960 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_es.dll
2009-04-14 19:34 . 2009-04-14 19:34 36864 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_en.dll
2009-04-14 19:34 . 2009-04-14 19:34 40960 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_de.dll
2009-04-14 19:17 . 2009-03-04 12:42 345384 ----a-w c:\winnt\system32\dsNcCredProv.dll
2009-04-14 19:13 . 2009-04-14 19:13 69702 ----a-w c:\winnt\system32\dsGinaLoader.dll
2009-04-14 18:58 . 2009-04-14 18:58 401462 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\msvcp60.dll
2009-04-09 06:46 . 2009-04-09 06:46 -------- d-----w c:\documents and settings\stapge02\Application Data\Vodafone
2009-04-08 22:20 . 2009-04-08 22:20 66928 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmf.exe
2009-04-08 22:20 . 2009-04-08 22:20 50552 ------r c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\JuniperSetupApp.exe
2009-04-08 22:20 . 2009-04-08 22:20 120184 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\JuniperSetupDLL.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_zh_cn.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_zh.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_ko.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_ja.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_fr.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_es.dll
2009-04-08 22:12 . 2009-04-08 22:12 12288 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\dsmmfres_de.dll
2009-04-08 22:11 . 2009-04-08 22:11 28672 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_ko.dll
2009-04-08 22:11 . 2009-04-08 22:11 28672 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_es.dll
2009-04-08 22:11 . 2009-04-08 22:11 24576 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_zh_cn.dll
2009-04-08 22:11 . 2009-04-08 22:11 28672 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_fr.dll
2009-04-08 22:11 . 2009-04-08 22:11 24576 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_zh.dll
2009-04-08 22:11 . 2009-04-08 22:11 32768 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_de.dll
2009-04-08 22:11 . 2009-04-08 22:11 28672 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_ja.dll
2009-04-08 22:11 . 2009-04-08 22:11 28672 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Setup\setupResource_en.dll
2009-04-08 22:05 . 2009-04-08 22:05 290891 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClient.dll
2009-04-08 22:05 . 2009-04-08 22:05 28761 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH_CN.dll
2009-04-08 22:05 . 2009-04-08 22:05 28758 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH.dll
2009-04-08 22:05 . 2009-04-08 22:05 28758 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_KO.dll
2009-04-08 22:05 . 2009-04-08 22:05 28758 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_JA.dll
2009-04-08 22:05 . 2009-04-08 22:05 32854 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_FR.dll
2009-04-08 22:05 . 2009-04-08 22:05 28758 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ES.dll
2009-04-08 22:04 . 2009-04-08 22:04 28758 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_EN.dll
2009-04-08 22:04 . 2009-04-08 22:04 32854 ----a-w c:\documents and settings\atw11ge1\Application Data\Juniper Networks\Host Checker\dsWinClientResource_DE.dll
2009-04-08 15:39 . 2007-09-03 13:01 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-25 09:03 . 2009-03-25 09:03 664 ----a-w c:\winnt\system32\d3d9caps.dat
2009-03-25 09:01 . 2009-03-25 09:01 410984 ----a-w c:\winnt\system32\deploytk.dll
2009-03-10 09:01 . 2009-03-10 15:10 142992 ----a-w c:\winnt\system32\drivers\tmcomm.sys
2009-03-10 09:01 . 2009-03-10 15:10 76304 ----a-w c:\winnt\system32\drivers\tmtdi.sys
2009-03-06 14:22 . 1980-01-01 00:00 284160 ----a-w c:\winnt\system32\pdh.dll
1998-04-26 22:00 . 1998-04-26 22:00 570128 ----a-w c:\program files\Common Files\DAO350.dll
2007-07-09 12:30 . 2007-07-09 12:30 57344 -c--a-w c:\program files\internet explorer\plugins\PluginWrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CatUserRun"="exec32" [X]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\winnt\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\winnt\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\winnt\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-01 77914]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-01 725082]
"CryptoExTrayV3"="c:\program files\CryptoEx\Common\CexTray.exe" [2005-03-01 909312]
"CryptoExVolumeAutoMount"="c:\program files\CryptoEx\Volume\CexVolume.exe" [2005-10-07 3592192]
"OfficeScanNT Monitor"="c:\program files\OfficeScan NT\pccntmon.exe" [2009-03-10 718120]
"CfgDownload"="c:\program files\IXOS\bin\CfgDownload.exe" [2005-03-03 172032]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-28 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"USM"="c:\program files\Siemens\USM\USM.exe" [2007-11-07 57344]
"SIECACST"="c:\program files\Siemens\CardOS API\bin\siecacst.exe" [2007-08-02 81920]
"SisWatchDogNic"="c:\program files\Siemens\SisWatchDogNic\SisWatchDogNic.exe" [2008-12-17 69632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-10-10 5726032]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-10 738968]
"RTHDCPL"="RTHDCPL.EXE" - c:\winnt\RTHDCPL.EXE [2005-02-22 13783040]
"AGRSMMSG"="AGRSMMSG.exe" - c:\winnt\AGRSMMSG.exe [2005-06-14 88203]
"Tweak UI"="TWEAKUI.CPL" - c:\winnt\system32\TWEAKUI.CPL [1996-10-09 59904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"1cexvolumeinstalldriver"="c:\program files\CryptoEx\Volume\CexVolume.exe" [2005-10-07 3592192]
"2cexvolumeenabledriver"="c:\program files\CryptoEx\Volume\CexVolume.exe" [2005-10-07 3592192]
"TSClientMSIUninstaller"="c:\winnt\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\winnt\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-3-17 113664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-3-7 98304]
Windows Explorer.lnk - c:\winnt\explorer.exe [1980-1-1 1033728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"MaxGPOScriptWait"= 3600 (0xe10)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"= 0 (0x0)
"HideLogonScripts"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]
2005-01-26 11:25 57344 ----a-w c:\program files\CryptoEx\Common\CexTrayWinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=CBEShutdown.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\CBESelect\CBESelect.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Startup.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\2]
"Script"=\\ww300.siemens.net\netlogon\CatPC\sissiupd\cksissi.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-14778\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-72982\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-72982\Scripts\Logoff\1\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-72982\Scripts\Logon\0\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2112175705-17779001-311191574-428066\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-682003330-1547161642-725345543-500\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINNT\\system32\\fxsclnt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener
R1 SolDisk;SolDisk;c:\winnt\system32\drivers\soldisk.sys [2008-06-09 38344]
R1 SolFS;SolFS;c:\winnt\system32\drivers\solfs.sys [2008-06-09 285256]
R2 CatSystemSvc;CatSystem;c:\winnt\CATPC\CATSYS\CatSystemSvc.exe [2008-12-18 607744]
R2 CBBS;CAT Bulletin Board;c:\program files\Siemens\CAT Bulletin Board\CBBS.exe [2002-06-20 65536]
R2 ComarchCardServer;ComarchCardServer;d:\program files\ComarchSmartCard\CardServer.exe [2008-10-28 143455]
R2 SU;SU Service;c:\winnt\system32\suss.exe [2006-03-07 12048]
R2 TmFilter;Trend Micro Filter;c:\program files\OfficeScan NT\tmxpflt.sys [2005-02-18 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\OfficeScan NT\tmpreflt.sys [2005-02-18 36368]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\winnt\system32\drivers\fuj02e3.sys [1980-01-01 4864]
R3 voldisk;VolDisk Service;c:\winnt\system32\drivers\voldisk.sys [2005-01-04 44288]
S3 GTF32BUS;GT F32 BUS;c:\winnt\system32\drivers\gtf32bus.sys [2005-09-01 32000]
S3 GTPTSER;GT PT SER;c:\winnt\system32\drivers\gtptser.sys [2005-09-01 7936]
S3 GTSCSER;GT SC SER;c:\winnt\system32\drivers\gtscser.sys [2005-08-29 18944]
S3 GTwinUSB;GTwinUSB;c:\winnt\system32\drivers\GTwinUSB.sys [2006-03-07 61776]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1005904]
S3 siusbmod;siusbmod;c:\winnt\system32\drivers\siusbmod.sys [2009-05-05 27008]
S3 Sypuosaipus;Sypuosaipus; [x]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\OfficeScan NT\TmProxy.exe [2009-03-10 652552]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
2009-05-29 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:11]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {55E634F1-7D2B-4B5A-B5CA-82D68CC5497E} - hxxp://www.photoprintonline.com/webalbum/puc/PicsUploadControl.cab
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 11:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\CryptoEx\Common\CexTrayWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\scardsvr.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre1.6.0_13\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OfficeScan NT\NTRtScan.exe
c:\program files\OfficeScan NT\TmListen.exe
c:\winnt\system32\CCM\CcmExec.exe
c:\winnt\Temp\HN9136.EXE
c:\winnt\system32\msiexec.exe
c:\program files\OfficeScan NT\CNTAoSMgr.exe
c:\program files\CryptoEx\Common\EASServer.exe
c:\program files\CryptoEx\Volume\CexVolumeWatcher.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-05-30 11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 09:07
Pre-Run: 5.721.104.384 bytes free
Post-Run: 5.620.862.976 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
576
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:19, on 2009-05-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe
D:\Program Files\ComarchSmartCard\CardServer.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre1.6.0_13\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\suss.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\TEMP\HN9136.EXE
C:\WINNT\system32\msiexec.exe
C:\Program Files\OfficeScan NT\CNTAoSMgr.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\AGRSMMSG.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\Program Files\CryptoEx\Volume\CexVolumeWatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
C:\Program Files\Siemens\SisWatchDogNic\SisWatchDogNic.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINNT\explorer.exe
C:\Tools\Pfe\Pfe32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_13\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_13\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_13\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [CryptoExVolumeAutoMount] "C:\Program Files\CryptoEx\Volume\CexVolume.exe" /AutoMount
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
O4 - HKLM\..\Run: [SisWatchDogNic] C:\Program Files\Siemens\SisWatchDogNic\SisWatchDogNic.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] D:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Explorer.lnk = C:\WINNT\explorer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_13\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_13\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www
O15 - Trusted Zone: *.abatos.com
O15 - Trusted Zone: *.acuson.com
O15 - Trusted Zone: *.adb.be
O15 - Trusted Zone: *.amag.at
O15 - Trusted Zone: *.anfdata.cz
O15 - Trusted Zone: *.any4swat.net
O15 - Trusted Zone: *.ardentek.com
O15 - Trusted Zone: *.atea.be
O15 - Trusted Zone: *.audioservice.de
O15 - Trusted Zone: *.ba-ca.com
O15 - Trusted Zone: *.bbcom-hh.de
O15 - Trusted Zone: *.cerberus.ch
O15 - Trusted Zone: *.siemens.co.ae
O15 - Trusted Zone: *.voest.co.at
O15 - Trusted Zone: *.sisl.co.in
O15 - Trusted Zone: *.spcnl.co.in
O15 - Trusted Zone: *.sbs.co.ma
O15 - Trusted Zone: *.icotron.com.br
O15 - Trusted Zone: *.infineon.com.br
O15 - Trusted Zone: *.osram.com.br
O15 - Trusted Zone: *.sbt.com.br
O15 - Trusted Zone: *.iscosa.com.sa
O15 - Trusted Zone: *.comneon.com
O15 - Trusted Zone: *.dematic.com
O15 - Trusted Zone: *.dematic.de
O15 - Trusted Zone: *.e-utile.it
O15 - Trusted Zone: *.efficient.com
O15 - Trusted Zone: *.elmo-vacuum.com
O15 - Trusted Zone: *.emcom.ro
O15 - Trusted Zone: *.empros.com
O15 - Trusted Zone: *.entex.com
O15 - Trusted Zone: *.epos-d.com
O15 - Trusted Zone: *.eupec.com
O15 - Trusted Zone: *.eupec.de
O15 - Trusted Zone: *.fueruns-shop.de
O15 - Trusted Zone: *.gepas.com
O15 - Trusted Zone: *.gepas.de
O15 - Trusted Zone: *.gskv.de
O15 - Trusted Zone: *.herold.at
O15 - Trusted Zone: *.hoffmann-gmbh.de
O15 - Trusted Zone: *.hspkoeln.de
O15 - Trusted Zone: *.i-center.at
O15 - Trusted Zone: *.icsp.at
O15 - Trusted Zone: *.cvl.ind.br
O15 - Trusted Zone: *.infineon.com
O15 - Trusted Zone: *.infineon.de
O15 - Trusted Zone: *.innovest.at
O15 - Trusted Zone: *.iserv.cc
O15 - Trusted Zone: *.italdata.it
O15 - Trusted Zone: *.kordoba.de
O15 - Trusted Zone: *.landisgyr.com
O15 - Trusted Zone: *.landisstaefa.com
O15 - Trusted Zone: *.leo.org
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.milltronics.com
O15 - Trusted Zone: *.mobile-travel.com
O15 - Trusted Zone: *.mobisphere.com
O15 - Trusted Zone: *.mrtedtalentlink.com
O15 - Trusted Zone: *.my-siemens.com
O15 - Trusted Zone: *.nokia-siemens-networks.com
O15 - Trusted Zone: *.nokiasiemensnetworks.com
O15 - Trusted Zone: *.osram-os.com
O15 - Trusted Zone: *.osram-os.de
O15 - Trusted Zone: *.otb.at
O15 - Trusted Zone: *.passport.com
O15 - Trusted Zone: *.passport.net
O15 - Trusted Zone: *.ptc.com
O15 - Trusted Zone: *.recruitmentplatform.com
O15 - Trusted Zone: *.rolm.com
O15 - Trusted Zone: *.rs-components.com
O15 - Trusted Zone: *.rxs.fr
O15 - Trusted Zone: *.s-partners.net
O15 - Trusted Zone: eserviceep6.sz.salzgitter-ag.de
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sbi-jena.de
O15 - Trusted Zone: *.sbk.org
O15 - Trusted Zone: *.sbs.at
O15 - Trusted Zone: *.sbs.be
O15 - Trusted Zone: *.sbs.de
O15 - Trusted Zone: *.sbs.fr
O15 - Trusted Zone: *.sbs.pl
O15 - Trusted Zone: *.sbs.ru
O15 - Trusted Zone: *.sbs.sk
O15 - Trusted Zone: *.sbsitalia.it
O15 - Trusted Zone: *.servicedesk.at
O15 - Trusted Zone: *.sgpvt.at
O15 - Trusted Zone: *.shs-online.de
O15 - Trusted Zone: *.sibt.com
O15 - Trusted Zone: *.sicad.de
O15 - Trusted Zone: *.sietec.de
O15 - Trusted Zone: *.sim-immobilien.de
O15 - Trusted Zone: *.sitest.net
O15 - Trusted Zone: *.smsocs.com
O15 - Trusted Zone: *.sni.at
O15 - Trusted Zone: *.sni.de
O15 - Trusted Zone: *.sni.fi
O15 - Trusted Zone: *.sni.it
O15 - Trusted Zone: *.sni.nl
O15 - Trusted Zone: *.sni.no
O15 - Trusted Zone: *.sni.se
O15 - Trusted Zone: *.spiral.at
O15 - Trusted Zone: *.spls.de
O15 - Trusted Zone: *.sri-online.de
O15 - Trusted Zone: *.sri.de
O15 - Trusted Zone: *.sta-augsburg.de
O15 - Trusted Zone: *.strein.at
O15 - Trusted Zone: *.swh.sk
O15 - Trusted Zone: *.sykatec.de
O15 - Trusted Zone: *.sysdata.hu
O15 - Trusted Zone: *.teamworks.at
O15 - Trusted Zone: *.trangosoft.com
O15 - Trusted Zone: *.vads.cc
O15 - Trusted Zone: *.vai.at
O15 - Trusted Zone: *.vareise.at
O15 - Trusted Zone: *.vdogrp.de
O15 - Trusted Zone: *.viefile1
O15 - Trusted Zone: *.vvk.com
O15 - Trusted Zone: *.weissgmbh.de
O15 - Trusted Zone: *.whiteoaksemi.com
O15 - Trusted Zone: *.wts-ag.de
O15 - Trusted IP range: 148.56.0.67
O16 - DPF: {55E634F1-7D2B-4B5A-B5CA-82D68CC5497E} (PicsUploadControl.FileUpload) - http://www.photoprintonline.com/webalbum/puc/PicsUploadControl.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} (SignActivX Control) - https://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab
O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL (file missing)
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe
O23 - Service: ComarchCardServer - ComArch S.A. - D:\Program Files\ComarchSmartCard\CardServer.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_13\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: Sypuosaipus - Synaptics, Inc. - (no file)
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\TmProxy.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
--
End of file - 20565 bytes
HJT Uninstall Manager:
ACDSee 32
Ad-Aware
Ad-Aware
Adobe Acrobat 8 Standard German
Adobe Acrobat 8.1.4 Standard
Adobe Photoshop CS
Adobe SVG Viewer 3.0
Agere Systems HDA Modem
A-Mac Address Change 5.4
Application Consistency Checker
Application Suite
Authorware Web Player 6.5.0.67 English
CCOM FTC97 TOP 7.3.31
CDex extraction audio
cLaunch
CoffeeCup Free FTP
Comarch SmartCard
Compatibility Pack for the 2007 Office system
CryptoEx Outlook V3.0 SP8 Service Release 2
CryptoEx Volume 3
Desktop Lock 5.5 Business
Dfine 2.0
Difitec WavePurity Professional v5.0
DivX Codec
EasyGPS 2.7.5
EFS CIU
Flash Player 10
Google Earth
HijackThis 2.0.2
Hotkey-Detektiv
InCtrl5
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD 4
IsoBuster 1.9
iTrackU Tool
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment 1.5.0_18
Java 2 Runtime Environment 1.6.0_13
Java 2 Runtime Environment Standard Edition v1.3.1_04
JeppView / JeppView FliteDeck
Juniper Networks Network Connect 6.1.0
Juniper Networks Network Connect 6.3.0
Librairies 2.7.5
Livelink Imaging 9.5
Macromedia Flash Player 8
Magic Button
Malwarebytes' Anti-Malware
Media Player 11
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Bootvis
Microsoft Capicom
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Office 2003 German User Interface Pack
Microsoft Office 2003 Web Components
Microsoft Office Communicator 2007
Microsoft Office Communicator 2007 MUI Pack
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mobile Phone Manager
MPEG-VCR
MPS PKI Toolbox
Nero Suite
Option GT HSDPA driver suite
'Option PC Cards driver package'
PanaVue ImageAssembler
Password Safe engl. (1.9.4.0)
PixMaker Lite
PixScreen
PKI2 Basis Client V3.0.0.0
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
PocketFMS
QuickTime
RealPlayer
Remote Administrator 2.1 - Server only
Remove Hidden Data Tool
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SAP Front End
SCCS Java Toolkit
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB956390)
Shockwave Player 10.1.1.16
SlovoEd 3.x for PocketPC
SmartSync
Sony Ericsson GCXX (75/79/82/83/85/89)
Synaptics Pointing Device Driver
Tadawulfx Trader 4.00
TMPGEnc DVD Author 1.5
TMPGEnc Plus 2.5
Trend Micro OfficeScan Client
VC_MergeModuleToMSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Windows
VNC client 3.3.3r9
Vodafone Mobile Connect
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Workflow Foundation
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
WinRAR archiver
WinZip 9.0 SR-1 English
Xilisoft Video Converter 3