Logfile of HijackThis v1.99.1 Scan saved at 10:12:43, on 06.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\F-Secure Internet Security\Common\FCH32.EXE C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Programme\F-Secure Internet Security\FSPC\fspc.exe C:\WINDOWS\Explorer.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WinFast\WFTVFM\WFWIZ.exe C:\Programme\Office Mouse\moffice.exe C:\Programme\Office Mouse\MOUSE32A.DAT C:\Programme\Analog Devices\SoundMAX\SMTray.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\F-Secure Internet Security\Common\FSM32.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\F-Secure Internet Security\FSGUI\ispnews.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\phonostar\ps_agent.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Programme\phonostar\ps_timer.exe C:\Programme\VIA\RAID\raid_tool.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Dokumente und Einstellungen\Tower\Eigene Dateien\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Programme\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Office Mouse\moffice.exe O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Programme\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programme\VIA\RAID\raid_tool.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133200086796 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{129A1A1E-734C-477F-B7B4-E6490FE6B115}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{48D63E68-712D-41DD-9152-52CD256200FB}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{C620078D-EEFC-4C11-9B08-BED60DBED623}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{F6039878-7051-4A95-B214-66930BADF623}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.93 85.255.112.14 O17 - HKLM\System\CS2\Services\Tcpip\..\{129A1A1E-734C-477F-B7B4-E6490FE6B115}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.93 85.255.112.14 O17 - HKLM\System\CS3\Services\Tcpip\..\{129A1A1E-734C-477F-B7B4-E6490FE6B115}: NameServer = 85.255.115.93,85.255.112.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.93 85.255.112.14 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ___________________________________________________ COMBOFIX Tower - 06-12-06 10:40:45,71 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Tower\Eigene Dateien\hijackthis" ((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 )))))))))))))))))))))))))))))))))) 2006-12-06 10:25 d-------- C:\Programme\CleanUp! 2006-12-06 09:59 d-------- C:\fixwareout 2006-12-05 15:15 dr-h----- C:\Dokumente und Einstellungen\Tower\Recent 2006-11-30 20:15 28,352 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2006-11-28 14:48 d-------- C:\WINDOWS\WBEM 2006-11-28 14:48 d-------- C:\WINDOWS\system32\de-de 2006-11-28 14:47 d--h-c--- C:\WINDOWS\ie7 2006-11-28 14:46 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2006-11-28 14:45 d-------- C:\WINDOWS\network diagnostic 2006-11-25 14:08 d-------- C:\Dokumente und Einstellungen\Tower\Anwendungsdaten\Anvil Studio 2006-11-25 14:04 84,992 --a------ C:\WINDOWS\system32\atl70.dll 2006-11-25 14:04 29,696 --a------ C:\WINDOWS\system32\asutl8.dll 2006-11-25 14:04 d-------- C:\Programme\Anvil Studio 2006-11-20 23:58 92,064 --a------ C:\Dokumente und Einstellungen\Tower\mqdmmdm.sys 2006-11-20 23:58 9,232 --a------ C:\Dokumente und Einstellungen\Tower\mqdmmdfl.sys 2006-11-20 23:58 79,328 --a------ C:\Dokumente und Einstellungen\Tower\mqdmserd.sys 2006-11-20 23:58 66,656 --a------ C:\Dokumente und Einstellungen\Tower\mqdmbus.sys 2006-11-20 23:58 6,208 --a------ C:\Dokumente und Einstellungen\Tower\mqdmcmnt.sys 2006-11-20 23:58 5,936 --a------ C:\Dokumente und Einstellungen\Tower\mqdmwhnt.sys 2006-11-20 23:58 4,048 --a------ C:\Dokumente und Einstellungen\Tower\mqdmcr.sys 2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-06 19:46 d-------- C:\Programme\Avanquest update 2006-11-06 19:45 d-------- C:\Programme\Motorola Phone Tools (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-06 10:37 -------- d-------- C:\Programme\Mozilla Firefox 2006-11-30 20:15 -------- d-------- C:\Programme\MUSICMATCH 2006-11-30 20:14 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-11-28 18:34 -------- d-------- C:\Programme\Internet Explorer 2006-11-21 18:44 -------- d-------- C:\Programme\No23 Recorder 2006-11-20 23:56 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2006-11-19 22:12 1480 --a------ C:\WINDOWS\AUTOLNCH.REG 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-10-27 14:55 -------- d-------- C:\Dokumente und Einstellungen\Tower\Anwendungsdaten\F-Secure 2006-10-27 14:47 -------- d-------- C:\Dokumente und Einstellungen\Tower\Anwendungsdaten\ispnews 2006-10-27 14:43 1187840 --a------ C:\WINDOWS\system32\winsflt.dll 2006-10-27 14:43 -------- d-------- C:\Programme\F-Secure Internet Security 2006-10-27 14:42 118842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe 2006-10-25 15:11 -------- d-------- C:\Dokumente und Einstellungen\Tower\Anwendungsdaten\phonostar-Player 2006-10-25 14:54 -------- d-------- C:\Programme\Feurio 2006-10-20 10:47 -------- d-------- C:\Programme\HQvideo 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-09-20 16:20 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-06 16:42 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "PowerBar"="" "PhonostarAgent"="C:\\Programme\\phonostar\\ps_agent.exe" "PhonostarTimer"="C:\\Programme\\phonostar\\ps_timer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "WinFast Schedule"="C:\\Programme\\WinFast\\WFTVFM\\WFWIZ.exe" "FLMOFFICE4DMOUSE"="C:\\Programme\\Office Mouse\\moffice.exe" "Smapp"="C:\\Programme\\Analog Devices\\SoundMAX\\SMTray.exe" "WMC_AutoUpdate"="" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe" "Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\"" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "F-Secure Manager"="\"C:\\Programme\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash" "F-Secure TNB"="\"C:\\Programme\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW" "F-Secure Startup Wizard"="\"C:\\Programme\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot" "News Service"="\"C:\\Programme\\F-Secure Internet Security\\FSGUI\\ispnews.exe\"" "MMTray"="C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe" "mmtask"="C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Scheduled scanning task.job Completion time: 06-12-06 10:41:27.12 C:\ComboFix.txt ... 06-12-06 10:41 _______________________________________________________________________________ Verzeichnis von C:\WINDOWS\system32 06.12.2006 10:36 2.422 wpa.dbl 17.11.2006 18:54 1.040.384 ieframe.dll.mui 17.11.2006 18:53 12.288 advpack.dll.mui 16.11.2006 06:20 10.474.920 MRT.exe 07.11.2006 21:03 1.162.240 urlmon.dll 07.11.2006 21:03 3.577.856 mshtml.dll 07.11.2006 21:03 475.648 mshtmled.dll 07.11.2006 21:03 156.160 msls31.dll 07.11.2006 21:03 413.696 vbscript.dll 07.11.2006 21:03 50.688 msfeedsbs.dll 07.11.2006 21:03 231.424 webcheck.dll 07.11.2006 21:03 6.049.280 ieframe.dll 07.11.2006 21:03 670.720 mstime.dll 07.11.2006 21:03 27.136 jsproxy.dll 07.11.2006 21:03 458.752 msfeeds.dll 07.11.2006 21:03 180.736 ieui.dll 07.11.2006 21:03 818.688 wininet.dll 07.11.2006 21:03 131.584 extmgr.dll 07.11.2006 21:03 191.488 iepeers.dll 07.11.2006 03:27 382.976 iedkcs32.dll 07.11.2006 03:27 229.376 ieaksie.dll 07.11.2006 03:26 152.064 ieakeng.dll 07.11.2006 03:26 71.680 admparse.dll 07.11.2006 03:26 55.296 iesetup.dll 07.11.2006 03:26 13.312 ieudinit.exe 07.11.2006 03:26 54.784 ie4uinit.exe 07.11.2006 03:26 43.008 iernonce.dll 07.11.2006 03:26 92.672 inseng.dll 07.11.2006 03:26 123.904 advpack.dll 07.11.2006 03:25 161.792 ieakui.dll 07.11.2006 03:24 56.483 ieuinit.inf 29.10.2006 08:58 311.604 perfh009.dat 29.10.2006 08:58 48.156 perfc007.dat 29.10.2006 08:58 39.992 perfc009.dat 29.10.2006 08:58 316.594 perfh007.dat 29.10.2006 08:57 723.744 PerfStringBackup.INI 27.10.2006 14:43 1.187.840 winsflt.dll 20.10.2006 10:48 51.744 CSLCI.0XE 17.10.2006 12:06 443.904 html.iec 17.10.2006 12:06 78.336 ieencode.dll 17.10.2006 12:05 206.336 WinFXDocObj.exe 17.10.2006 12:05 1.817.088 inetcpl.cpl 17.10.2006 12:05 105.984 url.dll 17.10.2006 12:05 40.960 licmgr10.dll 17.10.2006 12:05 192.000 msrating.dll 17.10.2006 12:04 101.376 occache.dll 17.10.2006 12:03 17.408 corpol.dll 17.10.2006 12:00 491.520 jscript.dll 17.10.2006 11:58 12.288 msfeedssync.exe 17.10.2006 11:58 61.952 icardie.dll 17.10.2006 11:58 44.544 pngfilt.dll 17.10.2006 11:58 346.624 dxtmsft.dll 17.10.2006 11:57 36.352 imgutil.dll 17.10.2006 11:57 214.528 dxtrans.dll 17.10.2006 11:57 266.752 iertutil.dll 17.10.2006 11:56 45.568 mshta.exe 17.10.2006 11:55 66.560 tdc.ocx 17.10.2006 11:28 48.128 mshtmler.dll 17.10.2006 11:27 380.928 ieapfltr.dll 17.10.2006 11:19 1.383.424 mshtml.tlb 16.10.2006 12:19 270.336 xpsp3res.dll 14.10.2006 14:08 119.235 AdobeFnt.lst 13.10.2006 13:35 146.432 nwprovau.dll 23.09.2006 12:12 1.497.088 shdocvw.dll 23.09.2006 12:12 474.624 shlwapi.dll 23.09.2006 12:12 1.022.976 browseui.dll 23.09.2006 12:12 82.428 IE7Eula.rtf 20.09.2006 16:20 98.304 CmdLineExt.dll 14.09.2006 09:39 152.064 cdfview.dll 14.09.2006 09:39 1.056.256 danim.dll 13.09.2006 06:02 1.084.416 msxml3.dll 06.09.2006 16:42 22.752 spupdsvc.exe 06.09.2006 16:42 15.584 spmsg.dll 05.09.2006 23:01 2.451.824 ieapfltr.dat ___________________________________________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 34C7-7B0B Verzeichnis von C:\DOKUME~1\Tower\LOKALE~1\Temp 06.12.2006 10:46 204 jusched.log 04.10.2006 09:23 668 datFind.bat 2 Datei(en) 872 Bytes 0 Verzeichnis(se), 117.904.232.448 Bytes frei ___________________________________________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 34C7-7B0B Verzeichnis von C:\WINDOWS 06.12.2006 10:01 0 0.log 06.12.2006 10:01 1.767.058 WindowsUpdate.log 06.12.2006 10:01 300 wiadebug.log 06.12.2006 10:01 50 wiaservc.log 06.12.2006 10:01 2.048 bootstat.dat 06.12.2006 10:00 32.630 SchedLgU.Txt 06.12.2006 09:51 391.391 setupapi.log 03.12.2006 16:09 116 NeroDigital.ini 02.12.2006 19:14 19.686 ModemLog_Motorola USB Modem.txt 02.12.2006 10:56 1.409 QTFont.for 02.12.2006 10:56 54.156 QTFont.qfn 28.11.2006 18:34 7.638 spupdsvc.log 28.11.2006 14:48 25.327 ie7_main.log 28.11.2006 14:48 121.649 iis6.log 28.11.2006 14:48 182.938 ntdtcsetup.log 28.11.2006 14:48 279.945 comsetup.log 28.11.2006 14:48 1.393 imsins.log 28.11.2006 14:48 48.674 ocmsn.log 28.11.2006 14:48 349.240 tsoc.log 28.11.2006 14:48 62.771 ie7.log 28.11.2006 14:48 560.055 ocgen.log 28.11.2006 14:48 45.365 msgsocm.log 28.11.2006 14:48 801.248 FaxSetup.log 28.11.2006 14:48 68.972 updspapi.log 28.11.2006 14:46 1.393 imsins.BAK 28.11.2006 14:46 10.015 IDNMitigationAPIs.log 28.11.2006 14:46 9.714 NLSDownlevelMapping.log 28.11.2006 14:46 8.016 KB915865.log 28.11.2006 14:45 5.635 KB914440.log 28.11.2006 14:45 22.411 KB920213.log 28.11.2006 14:45 10.758 KB904942.log 25.11.2006 14:11 2.876 ST5UNST.000 19.11.2006 22:12 1.480 AUTOLNCH.REG 19.11.2006 09:45 16.161 KB923980.log 19.11.2006 09:45 16.247 KB924270.log 19.11.2006 09:44 17.726 KB922760.log 29.10.2006 18:18 7.680 Thumbs.db 27.10.2006 15:42 8.814 fsiuupd.log 27.10.2006 14:52 0 fsiugeneric.log 27.10.2006 14:44 310.563 RunSetup.log 27.10.2006 14:44 3.523.852 FSSFM.log 27.10.2006 14:44 8.565.705 FSISU.log 27.10.2006 14:44 162.170 FSPROD.log 27.10.2006 14:44 1.324.810 FSSETUP.log 27.10.2006 14:44 3.566 fsavunin.log 27.10.2006 14:44 5.789 FSSCINST.log 27.10.2006 14:44 21.615 FSASWSIN.log 27.10.2006 14:44 296.076 FSSSINST.log 27.10.2006 14:44 5.866 FSSYSUPD.LOG 27.10.2006 14:44 17.757 fsmainst.log 27.10.2006 14:44 20.413 FSPCINST.LOG 27.10.2006 14:44 4.202 NEWSINST.LOG 27.10.2006 14:44 14.437 HELPINST.LOG 27.10.2006 14:44 7.980 FSAVCSIN.LOG 27.10.2006 14:44 13.600 FSASWINS.LOG 27.10.2006 14:44 9.398 FSGUIINS.LOG 27.10.2006 14:44 17.749 fwesinst.log 27.10.2006 14:44 2.032 fsdginst.log 27.10.2006 14:44 43.706 fstnbins.LOG 27.10.2006 14:44 12.107 fsrif.log 27.10.2006 14:44 11.045 fwinst.log 27.10.2006 14:44 35.851 FSAVINST.LOG 27.10.2006 14:44 2.185 DAASINST.LOG 27.10.2006 14:43 138.418 FSDEPH.log 27.10.2006 14:43 13.312 FSSGSUP.LOG 27.10.2006 14:43 4.714 fsbwinst.log 27.10.2006 14:42 2.438 FSPRODRM.LOG 27.10.2006 14:42 478.012 fssgpex.LOG 27.10.2006 14:42 118.842 bwUnin-6.3.2.123-4476822L.exe 27.10.2006 14:39 4.155 Q-Klez.log 25.10.2006 14:55 3.179 cdplayer.ini 25.10.2006 14:54 3.179 cdplayer.bak 12.10.2006 22:02 13.608 KB924191.log 12.10.2006 22:02 13.112 KB922819.log 12.10.2006 22:02 11.326 KB923414.log 12.10.2006 22:02 11.616 KB924496.log 12.10.2006 22:02 8.810 KB923191.log 26.09.2006 18:48 10.566 KB925486.log 20.09.2006 16:20 50.864 Directx.log 12.09.2006 22:38 13.079 KB920685.log 12.09.2006 22:38 15.151 KB920872.log 12.09.2006 22:38 13.242 KB919007.log 12.09.2006 22:37 9.324 KB922582.log 05.09.2006 08:50 3.647 mozver.dat __________________________________________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 34C7-7B0B Verzeichnis von C:\WINDOWS\Temp 06.12.2006 10:02 16.384 Perflib_Perfdata_92c.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 117.904.187.392 Bytes frei _________________________________________________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 34C7-7B0B Verzeichnis von C:\WINDOWS\Downloaded Program Files 03.11.2005 20:24 495 LegitCheckControl.inf 27.08.2005 13:30 5.065 swflash.inf 25.07.2005 09:34 88.136 HPGetDownloadManager.ocx 29.06.2005 17:17 227 opuc.inf 26.05.2005 04:19 293 muweb.inf 25.05.2005 14:30 65 desktop.ini 22.03.2005 15:13 77.824 asusTek_sys_ctrl.dll 13.09.2004 16:48 241 asusTek_sys_ctrl.inf 29.08.2003 15:55 2.136 WMAVAX.inf 30.06.2003 21:41 1.689 WMV9VCM.inf 18.11.1999 13:49 992 msaudio.inf 11 Datei(en) 177.163 Bytes 0 Verzeichnis(se), 117.904.179.200 Bytes frei _________________________________________________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 34C7-7B0B Verzeichnis von C:\ 06.12.2006 10:55 0 sys.txt 06.12.2006 10:55 822 down.txt 06.12.2006 10:54 290 tmp.txt 06.12.2006 10:54 12.476 system.txt 06.12.2006 10:53 342 systemtemp.txt 06.12.2006 10:50 98.846 system32.txt 06.12.2006 10:41 10.365 ComboFix.txt 06.12.2006 10:36 47.229 ps_system_Zeit.txt 06.12.2006 10:01 536.444.928 hiberfil.sys 06.12.2006 10:01 805.306.368 pagefile.sys 23.11.2006 23:35 495 stub.log 19.07.2006 08:53 0 DBS.TXT 25.05.2005 14:31 0 CONFIG.SYS 25.05.2005 14:31 0 MSDOS.SYS 25.05.2005 14:31 0 AUTOEXEC.BAT 25.05.2005 14:31 0 IO.SYS 25.05.2005 14:27 211 boot.ini 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 20 Datei(en) 1.342.226.072 Bytes 0 Verzeichnis(se), 117.904.150.528 Bytes frei ----------------------------------------------------------- Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6D580C6A221-D34B-CE24-9E6D-D61FE28E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BA945BF8A54-BA99-5B14-F682-546C1A62{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\bqtmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap ... Random Runs removed from HKLM "dmtqb.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\DMTQB.EXE 60.998 2004-08-04 C:\WINDOWS\SYSTEM32\DMVTP.EXE 60.998 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool.