HIJACKTHIS - EDITOR Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:52:09, on 03.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe D:\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe D:\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\Medion Info Display\MdionLCM.exe D:\Home Cinema\PowerDVD\PDVDServ.exe D:\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe D:\Webshots\Webshots\Webshots\Webshots.scr C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe D:\Tonline\T-Online_Software_6\Basis-Software\Basis2\kernel.exe D:\Tonline\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe D:\Tonline\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE D:\Tonline\T-ONLI~1\Notifier\Notifier.exe C:\Programme\internet explorer\iexplore.exe D:\HiJackThis_v2\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "D:\Home Cinema\PowerCinema\PCMService.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Webshots.lnk = D:\Webshots\Webshots\Webshots\Launcher.exe O4 - Global Startup: Microsoft Office.lnk = D:\MSOffice\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYDE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MSOffice\Office10\EXCEL.EXE/3000 O9 - Extra button: C????????? ???-?????????? - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{395DDF73-6825-47E8-95F0-76E7E4CB6906}: NameServer = 217.237.150.205 217.237.149.142 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - D:\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 6896 bytes COMBOFIX "C & A" - 2007-06-03 19:11:37 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Dokumente und Einstellungen\C & A\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\WINDOWS\system32\comcs32m.dll" "C:\WINDOWS\system32\comcs32u.dll" "C:\WINDOWS\system32\dsuiexq.dll" ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-05-31 22:01 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-05-31 22:01 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-05-31 22:01 51,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-05-31 22:01 3,141,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-05-31 22:01 d-------- C:\Programme\Kaspersky Lab 2007-05-31 22:01 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Kaspersky Lab 2007-05-31 22:00 d-------- C:\kav 2007-05-31 18:12 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\Lavasoft 2007-05-31 18:10 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-05-30 20:32 d-------- C:\WINDOWS\system32\de-de 2007-05-30 20:30 d-------- C:\WINDOWS\network diagnostic 2007-05-30 20:14 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage 2007-05-29 20:24 d-------- C:\Programme\Google 2007-05-29 20:24 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\Google 2007-05-28 21:25 d-------- C:\Temp 2007-05-28 20:34 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr 2007-05-28 20:34 d-------- C:\Programme\MyWebSearch 2007-05-28 20:34 d-------- C:\Programme\FunWebProducts 2007-05-28 16:29 d-------- C:\Program Files 2007-05-28 16:29 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\ICQ Toolbar 2007-05-28 16:23 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\ICQLite 2007-05-27 21:25 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\McNeel 2007-05-27 20:59 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-05-27 20:59 286,720 --------- C:\WINDOWS\Setup1.exe 2007-05-27 20:29 26,560 --a------ C:\DOKUME~1\C&A~1\ANWEND~1\GDIPFONTCACHEV1.DAT 2007-05-19 20:03 d-------- C:\Programme\Gemeinsame Dateien\SWF Studio 2007-05-18 17:02 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\.BitTornado 2007-05-17 17:59 d-------- C:\Programme\Gemeinsame Dateien\Nero 2007-05-17 17:59 d-------- C:\Programme\Gemeinsame Dateien\LightScribe 2007-05-17 17:58 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-05-17 17:58 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-05-17 17:58 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-05-17 17:58 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-05-17 17:58 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-17 17:58 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-05-17 17:58 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-05-17 17:58 d-------- C:\Programme\Gemeinsame Dateien\Ahead 2007-05-17 10:22 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\CyberLink 2007-05-17 10:22 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\Bookmarks 2007-05-17 10:18 d-------- C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander 2007-05-17 10:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-05-17 10:17 127,184 --a------ C:\WINDOWS\Unwise.exe 2007-05-17 10:17 d-------- C:\Programme\X10 Hardware 2007-05-17 10:17 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink 2007-05-17 10:16 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll 2007-05-17 10:16 d-------- C:\Programme\CyberLink 2007-05-17 10:12 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2007-05-17 10:12 121,995 -ra------ C:\WINDOWS\system32\atiicdxx.dat 2007-05-17 10:12 d-------- C:\Programme\ATI Technologies 2007-05-17 09:58 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2007-05-17 09:58 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-05-17 09:58 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2007-05-17 09:58 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-05-17 09:58 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2007-05-17 09:58 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2007-05-17 09:58 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2007-05-17 09:52 327,168 --a------ C:\WINDOWS\IsUninst.exe 2007-05-17 09:52 d-------- C:\Dokumente und Einstellungen\C & A\WINDOWS 2007-05-17 09:52 d-------- C:\DOKUME~1\C&A~1\WINDOWS 2007-05-15 18:51 d-------- C:\DOKUME~1\C&A~1\ANWEND~1\AdobeUM 2007-05-12 13:39 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-05-05 17:28 d-------- C:\WINDOWS\Cache 2007-05-05 17:19 d-------- C:\Programme\proDAD 2007-05-05 17:16 d-------- C:\Programme\AdorageI-SAL 2007-05-05 17:16 d-------- C:\Programme\AdorageI-GfxDatas 2007-05-05 17:13 d-------- C:\Programme\Gemeinsame Dateien\ODBC 2007-05-05 12:52 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-05-05 12:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-05-05 12:52 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-05-05 12:52 82,432 --------- C:\WINDOWS\system32\msxml4r.dll 2007-05-05 12:52 81,920 --------- C:\WINDOWS\system32\vdrmux.dll 2007-05-05 12:52 78,976 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2007-05-05 12:52 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll 2007-05-05 12:52 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2007-05-05 12:52 73,728 --------- C:\WINDOWS\system32\lffax13n.dll 2007-05-05 12:52 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll 2007-05-05 12:52 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll 2007-05-05 12:52 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll 2007-05-05 12:52 44,544 --------- C:\WINDOWS\system32\msxml4a.dll 2007-05-05 12:52 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2007-05-05 12:52 40,960 --------- C:\WINDOWS\system32\langserv.dll 2007-05-05 12:52 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL 2007-05-05 12:52 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2007-05-05 12:52 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2007-05-05 12:52 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll 2007-05-05 12:52 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll 2007-05-05 12:52 24,576 --------- C:\WINDOWS\system32\lftga13n.dll 2007-05-05 12:52 204,881 --------- C:\WINDOWS\system32\DiskIO.dll 2007-05-05 12:52 19,456 --a------ C:\WINDOWS\system32\asapi.dll 2007-05-05 12:52 18,432 --------- C:\WINDOWS\system32\Cachex.dll 2007-05-05 12:52 155,721 --------- C:\WINDOWS\system32\RALMain.dll 2007-05-05 12:52 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL 2007-05-05 12:52 143,360 --------- C:\WINDOWS\system32\lftif13n.dll 2007-05-05 12:52 114,759 --------- C:\WINDOWS\system32\Aviprax.dll 2007-05-05 12:52 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys 2007-05-05 12:52 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll 2007-05-05 12:52 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll 2007-05-05 12:51 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2007-05-05 12:51 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2007-05-05 12:51 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL 2007-05-05 12:51 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-05-05 12:51 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL 2007-05-05 12:51 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL 2007-05-05 12:51 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL 2007-05-05 12:51 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2007-05-05 12:51 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-05-05 12:51 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2007-05-05 12:51 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL 2007-05-05 12:51 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL 2007-05-05 12:51 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL 2007-05-05 12:51 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL 2007-05-05 12:51 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL 2007-05-05 12:51 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-05-05 12:51 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-05-05 12:47 d--hs---- C:\Dokumente und Einstellungen\C & A\UserData 2007-05-05 12:47 d--hs---- C:\DOKUME~1\C&A~1\UserData 2007-05-05 12:43 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2007-05-05 12:43 d-------- C:\Programme\Pinnacle 2007-05-05 12:43 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle 2007-05-05 12:42 31,923 --a------ C:\WINDOWS\system32\drivers\pinnmb.sys 2007-05-05 09:28 d-------- C:\Programme\Gemeinsame Dateien\aolshare 2007-05-04 20:25 d-------- C:\Programme\Common Files 2007-05-04 20:25 d-------- C:\Programme\AvantGo Connect 2007-05-04 20:24 77,903 --a------ C:\WINDOWS\system32\rapi.dll 2007-05-04 20:24 65,619 --a------ C:\WINDOWS\system32\pmailext.dll 2007-05-04 20:24 65,617 --a------ C:\WINDOWS\system32\ppvexp.dll 2007-05-04 20:24 61,523 --a------ C:\WINDOWS\system32\MsgStRPC.dll 2007-05-04 20:24 36,946 --a------ C:\WINDOWS\system32\ppcload.dll 2007-05-04 20:24 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2007-05-04 20:24 24,657 --a------ C:\WINDOWS\system32\ceutil.dll 2007-05-04 20:24 24,656 --a------ C:\WINDOWS\system32\uicom.dll 2007-05-04 20:24 114,688 --a------ C:\WINDOWS\system32\malslib.dll 2007-05-04 20:24 104,064 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys 2007-05-04 20:24 d-------- C:\Programme\Microsoft ActiveSync 2007-05-04 19:40 372,736 --a------ C:\WINDOWS\suinsta4001.exe 2007-05-04 19:40 d-------- C:\Programme\POI-Warner GoPal Edition (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 17:08:23 48,354 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-06-03 17:08:23 316,924 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-06-02 13:03:24 -------- d-----w C:\Programme\Gemeinsame Dateien\aol 2007-05-29 18:24:12 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-19 18:05:46 -------- d-----w C:\Programme\Gemeinsame Dateien\Marmiko Shared 2007-05-18 15:02:33 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\.BitTornado 2007-05-17 08:12:53 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2007-05-17 08:10:57 -------- d-----w C:\Programme\Medion Info Display 2007-05-12 10:46:24 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-05-02 15:00:18 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\AOL 2007-04-28 12:56:24 -------- d-----w C:\Programme\Realtek 2007-04-28 10:48:47 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\acccore 2007-04-28 10:35:13 -------- d-----w C:\Programme\Gemeinsame Dateien\aolback 2007-04-28 10:35:09 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\You've Got Pictures Screensaver 2007-04-28 10:35:08 -------- d-----w C:\Programme\Learn2.com 2007-04-28 10:35:07 -------- d-----w C:\Programme\Viewpoint 2007-04-28 10:35:05 -------- d-----w C:\Programme\QuickTime 2007-04-28 10:34:56 -------- d-----w C:\Programme\Gemeinsame Dateien\Nullsoft 2007-04-28 10:34:49 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys 2007-04-28 10:34:49 -------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-04-28 10:34:46 -------- d-----w C:\Programme\Real 2007-04-28 10:34:03 335 ----a-w C:\WINDOWS\nsreg.dat 2007-04-28 10:31:46 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\CDZilla 2007-04-28 10:07:30 -------- d-----w C:\Programme\Gemeinsame Dateien\SpeechEngines 2007-04-28 09:27:41 -------- d-----w C:\Programme\T-Online 2007-04-28 09:23:58 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\T-Online 2007-04-28 09:21:48 -------- d-----w C:\DOKUME~1\C&A~1\ANWEND~1\Webshots 2007-04-28 09:15:21 -------- d-----w C:\Programme\microsoft frontpage 2007-04-28 09:15:13 0 --sha-r C:\MSDOS.SYS 2007-04-28 09:15:13 0 --sha-r C:\IO.SYS 2007-04-28 09:15:13 0 ----a-w C:\CONFIG.SYS 2007-04-28 09:15:13 0 ----a-w C:\AUTOEXEC.BAT 2007-04-28 09:14:06 -------- d-----w C:\Programme\Online-Dienste 2007-04-28 09:13:26 -------- d-----w C:\Programme\Gemeinsame Dateien\Dienste 2007-04-28 09:13:23 -------- d-----w C:\Programme\Gemeinsame Dateien\MSSoap 2007-04-28 09:13:15 -------- d-----w C:\Programme\Movie Maker 2007-04-28 09:12:52 21,740 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-28 09:12:13 -------- d-----w C:\Programme\Online Services 2007-04-28 09:12:10 -------- d-----w C:\Programme\Messenger 2007-04-28 09:12:06 -------- d-----w C:\Programme\MSN Gaming Zone 2007-04-28 09:11:58 -------- d-----w C:\Programme\Windows NT 2007-03-09 17:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-28 12:35] "MedionVFD"="C:\Programme\Medion Info Display\MdionLCM.exe" [2006-01-27 13:00] "RemoteControl"="D:\Home Cinema\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "PCMService"="D:\Home Cinema\PowerCinema\PCMService.exe" [2006-04-17 23:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-09 11:32] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [2007-05-28 20:34] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 19:13:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 19:14:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-03 19:14 --- E O F --- SYSTEM32 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\WINDOWS\system32 03.06.2007 19:17 40.128 perfc009.dat 03.06.2007 19:17 311.740 perfh009.dat 03.06.2007 19:17 48.354 perfc007.dat 03.06.2007 19:17 316.924 perfh007.dat 03.06.2007 19:17 723.744 PerfStringBackup.INI 31.05.2007 22:01 328 fmls.mzo 31.05.2007 22:01 5.597 fms.mzo 30.05.2007 20:31 2.206 wpa.dbl 28.05.2007 20:34 28.672 f3PSSavr.scr 28.05.2007 19:36 131.688 FNTCACHE.DAT 19.05.2007 20:06 55.142 NULL 17.05.2007 19:40 872 mhdb.mzo 17.05.2007 10:17 664 d3d9caps.dat 17.05.2007 09:58 23.392 nscompat.tlb 17.05.2007 09:58 16.832 amcompat.tlb 17.05.2007 09:58 2.272 w95inf16.dll 17.05.2007 09:58 4.608 w95inf32.dll 12.05.2007 13:39 8.704 sporder.dll 28.04.2007 17:28 146.650 BuzzingBee.wav 28.04.2007 17:28 940.794 LoopyMusic.wav 28.04.2007 12:35 2.780 qtplugin.log 28.04.2007 12:34 157.696 rmoc3260.dll 28.04.2007 12:34 25.088 prefscpl.cpl 28.04.2007 12:34 5.632 pndx5032.dll 28.04.2007 12:34 6.656 pndx5016.dll 28.04.2007 12:34 278.528 pncrt.dll 28.04.2007 12:10 0 h323log.txt 28.04.2007 11:16 302 $winnt$.inf 28.04.2007 11:15 2.951 CONFIG.NT 28.04.2007 11:14 488 WindowsLogon.manifest 28.04.2007 11:14 488 logonui.exe.manifest 28.04.2007 11:14 749 wuaucpl.cpl.manifest 28.04.2007 11:14 749 cdplayer.exe.manifest 28.04.2007 11:14 749 sapi.cpl.manifest 28.04.2007 11:14 749 ncpa.cpl.manifest 28.04.2007 11:14 749 nwc.cpl.manifest 28.04.2007 11:12 21.740 emptyregdb.dat 27.04.2007 13:45 14.970.328 MRT.exe 24.04.2007 11:32 1.485.696 LegitCheckControl.DLL 02.04.2007 14:21 428.032 swreg.exe 09.03.2007 19:52 200.768 klogon.dll SYSTEMTEMP Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\ 03.06.2007 19:47 0 systemtemp.txt 03.06.2007 19:42 93.543 system32.txt 03.06.2007 19:14 14.394 ComboFix.txt 03.06.2007 19:14 770 ComboFix-quarantined-files.txt 03.06.2007 19:13 2.145.386.496 pagefile.sys 19.05.2007 20:06 452 TO_InstallLog.txt 17.05.2007 10:00 3.002 CLDMA.LOG 05.05.2007 17:16 403.560 adorage-protocol.txt 28.04.2007 11:15 0 MSDOS.SYS 28.04.2007 11:15 0 IO.SYS 28.04.2007 11:15 0 AUTOEXEC.BAT 28.04.2007 11:15 0 CONFIG.SYS 28.04.2007 11:10 211 boot.ini 04.08.2004 14:00 4.952 bootfont.bin 04.08.2004 14:00 251.184 ntldr 04.08.2004 14:00 47.564 NTDETECT.COM 16 Datei(en) 2.146.206.128 Bytes 0 Verzeichnis(se), 14.431.862.784 Bytes frei WINDOWS Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\WINDOWS 03.06.2007 19:28 631 win.ini 03.06.2007 19:13 961.803 WindowsUpdate.log 03.06.2007 19:13 0 0.log 03.06.2007 19:13 2.048 bootstat.dat 03.06.2007 19:12 20.434 SchedLgU.Txt 03.06.2007 14:26 75.976 wmsetup.log 02.06.2007 12:44 50 wiaservc.log 02.06.2007 12:44 214 wiadebug.log 02.06.2007 12:27 116 NeroDigital.ini 31.05.2007 22:36 179.076 setupact.log 31.05.2007 20:52 802.989 setupapi.log 30.05.2007 20:41 6.184 spupdsvc.log 30.05.2007 20:39 22.796 ie7_main.log 30.05.2007 20:33 34.321 comsetup.log 30.05.2007 20:33 19.045 ntdtcsetup.log 30.05.2007 20:33 29.559 tsoc.log 30.05.2007 20:33 1.374 imsins.log 30.05.2007 20:33 3.963 ocmsn.log 30.05.2007 20:33 9.722 iis6.log 30.05.2007 20:33 60.075 ie7.log 30.05.2007 20:33 40.929 ocgen.log 30.05.2007 20:33 3.652 msgsocm.log 30.05.2007 20:33 67.214 FaxSetup.log 30.05.2007 20:32 27.722 updspapi.log 30.05.2007 20:31 1.374 imsins.BAK 30.05.2007 20:31 4.820 IDNMitigationAPIs.log 30.05.2007 20:31 4.515 NLSDownlevelMapping.log 30.05.2007 20:31 11.815 KB915865.log 30.05.2007 20:30 11.697 KB914440.log 30.05.2007 20:30 23.887 KB904942.log 30.05.2007 20:24 9.639 KB930916.log 30.05.2007 20:23 14.072 KB920213.log 30.05.2007 20:23 9.539 KB890046.log 30.05.2007 20:23 14.661 KB932168.log 30.05.2007 20:20 16.750 KB931261.log 30.05.2007 20:20 15.246 KB930178.log 30.05.2007 20:20 18.417 KB931784.log 30.05.2007 20:20 12.391 KB925902.log 30.05.2007 20:20 16.720 KB931836.log 30.05.2007 20:20 15.445 KB926436.log 30.05.2007 20:20 14.369 KB918118.log 30.05.2007 20:19 18.433 KB927779.log 30.05.2007 20:19 18.726 KB924667.log 30.05.2007 20:19 18.321 KB927802.log 30.05.2007 20:19 12.580 KB928843.log 30.05.2007 20:19 17.742 KB928255.log 30.05.2007 20:19 18.091 KB929969.log 30.05.2007 20:19 13.786 KB923694.log 30.05.2007 20:19 14.267 KB926255.log 30.05.2007 20:19 16.938 KB923980.log 30.05.2007 20:19 16.547 KB924270.log 30.05.2007 20:19 18.124 KB922819.log 30.05.2007 20:19 18.230 KB924191.log 30.05.2007 20:19 14.656 KB923191.log 30.05.2007 20:19 16.248 KB924496.log 30.05.2007 20:19 17.821 KB923414.log 30.05.2007 20:19 16.129 KB920872.log 30.05.2007 20:19 17.139 KB920685.log 30.05.2007 20:19 15.148 KB919007.log 30.05.2007 20:19 14.150 KB916595.log 30.05.2007 20:19 12.970 KB920683.log 30.05.2007 20:19 15.840 KB920670.log 30.05.2007 20:19 14.467 KB917422.log 30.05.2007 20:19 15.052 KB914388.log 30.05.2007 20:19 16.834 KB911280.log 30.05.2007 20:19 14.758 KB917953.log 30.05.2007 20:19 13.377 KB913580.log 30.05.2007 20:19 15.646 KB918439.log 30.05.2007 20:19 15.510 KB917344.log 30.05.2007 20:19 13.163 KB914389.log 30.05.2007 20:18 13.588 KB908531.log 30.05.2007 20:18 17.414 KB900485.log 30.05.2007 20:18 16.732 KB911562.log 30.05.2007 20:18 17.421 KB911927.log 30.05.2007 20:18 13.077 KB908519.log 30.05.2007 20:18 13.673 KB904706.log 30.05.2007 20:18 14.079 KB900725.log 30.05.2007 20:18 13.466 KB905749.log 30.05.2007 20:18 14.851 KB905414.log 30.05.2007 20:18 17.340 KB901017.log 30.05.2007 20:18 15.574 KB902400.log 30.05.2007 20:18 13.281 KB894391.log 30.05.2007 20:18 12.471 KB896423.log 30.05.2007 20:18 18.518 KB899587.log 30.05.2007 20:18 17.227 KB899591.log 30.05.2007 20:18 17.036 KB893756.log 30.05.2007 20:18 15.955 KB896358.log 30.05.2007 20:18 13.470 KB890859.log 30.05.2007 20:18 14.562 KB901214.log 30.05.2007 20:18 13.165 KB896428.log 30.05.2007 20:18 18.410 KB885835.log 30.05.2007 20:18 15.834 KB891781.log 30.05.2007 20:17 16.145 KB887472.log 30.05.2007 20:17 14.250 KB888302.log 30.05.2007 20:17 18.016 KB885836.log 30.05.2007 20:17 16.439 KB873339.log 30.05.2007 20:04 4.071 WGA.log 28.05.2007 04:23 87.040 catchme.exe 27.05.2007 20:59 286.720 Setup1.exe 27.05.2007 20:59 73.216 ST6UNST.EXE 17.05.2007 17:59 316.640 WMSysPr9.prx 17.05.2007 10:12 1.305 ATICIM.INI 17.05.2007 10:10 83 VFDUtil.UNI 05.05.2007 17:47 37 install.log 05.05.2007 12:52 807 DirectX.log 04.05.2007 20:25 2.510 Microsoft.MIF 04.05.2007 20:25 2.464 $_hpcst$.hpc 04.05.2007 19:40 372.736 suinsta4001.exe 02.05.2007 17:00 4 msoffice.ini 29.04.2007 11:12 400 ODBC.INI 29.04.2007 11:01 4.541 KB928090.log 29.04.2007 10:53 725 aolback.exe.lnk 28.04.2007 15:31 5.994 KB893803v2.log 28.04.2007 15:31 6.998 KB898461.log 28.04.2007 14:56 4.523 KB888111.log 28.04.2007 12:34 335 nsreg.dat 28.04.2007 12:09 0 Sti_Trace.log 28.04.2007 12:07 1.348 regopt.log 28.04.2007 12:07 231 system.ini 28.04.2007 11:24 0 Classic.INI 28.04.2007 11:19 829 OEWABLog.txt 28.04.2007 11:18 788.864 setuplog.txt 28.04.2007 11:17 8.192 REGLOCS.OLD 28.04.2007 11:16 318 setuperr.log 28.04.2007 11:15 0 control.ini 28.04.2007 11:15 4.161 ODBCINST.INI 28.04.2007 11:14 749 WindowsShell.Manifest 28.04.2007 11:12 37 vbaddin.ini 28.04.2007 11:12 36 vb.ini 28.04.2007 11:12 133 DtcInstall.log 28.04.2007 11:12 1.023 sessmgr.setup.log 28.04.2007 11:11 200 cmsetacl.log TEMP Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\WINDOWS\Temp 03.06.2007 19:13 2.048 sqlite_qR0Oa0TUR3zGvQF 03.06.2007 19:13 0 CLML_AGENT_LOG1.txt 2 Datei(en) 2.048 Bytes 0 Verzeichnis(se), 14.431.739.904 Bytes frei DOWN Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\WINDOWS\Downloaded Program Files 28.04.2007 11:14 65 desktop.ini 13.04.2007 15:27 367 LegitCheckControl.inf 23.03.2007 12:17 1.292 erma.inf 14.07.2005 16:28 365 f3initialsetup1.0.0.15-3.inf 4 Datei(en) 2.089 Bytes 0 Verzeichnis(se), 14.431.739.904 Bytes frei C Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A87F-440B Verzeichnis von C:\WINDOWS\Downloaded Program Files 28.04.2007 11:14 65 desktop.ini 13.04.2007 15:27 367 LegitCheckControl.inf 23.03.2007 12:17 1.292 erma.inf 14.07.2005 16:28 365 f3initialsetup1.0.0.15-3.inf 4 Datei(en) 2.089 Bytes 0 Verzeichnis(se), 14.431.739.904 Bytes frei