ComboFix 07-06-13.3 - C:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe "user" - 2007-06-13 19:38:14 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_IPRIP -------\LEGACY_NWSAPAGENT -------\Iprip -------\nm -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-13 19:37 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 14:41 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-13 14:20 d-------- C:\WINDOWS\LastGood.Tmp 2007-06-13 13:55 d-------- C:\WINDOWS\system32\de-de 2007-06-13 13:50 d-------- C:\WINDOWS\network diagnostic 2007-06-13 13:42 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage 2007-05-31 16:50 5,242,880 --a------ C:\DOKUME~1\user\ntuser.dat 2007-05-31 16:50 d-------- C:\Programme\HEAD 2007-05-28 19:50 d-------- C:\DOKUME~1\user\ANWEND~1\Skype 2007-05-28 19:49 d-------- C:\Programme\Skype 2007-05-28 19:49 d-------- C:\Programme\Gemeinsame Dateien\Skype 2007-05-28 19:49 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype 2007-05-27 10:55 d-------- C:\Programme\PHP 2007-05-24 20:37 42,880 --a------ C:\WINDOWS\system32\drivers\digirlpt.sys 2007-05-24 20:37 110,621 --a------ C:\WINDOWS\system32\digirlpt.dll 2007-05-17 17:59 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL 2007-05-17 17:59 d-------- C:\DOKUME~1\user\ANWEND~1\SlipStream 2007-05-15 19:14 d-------- C:\DOKUME~1\user\ANWEND~1\ICQ 2007-05-15 19:12 d-------- C:\Programme\ICQ6 2007-05-15 17:04 d-------- C:\Games (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-13 12:00:23 -------- d-----w C:\Programme\ICQToolbar 2007-06-12 19:19:52 -------- d-----w C:\Programme\TrackMania Nations ESWC 2007-06-01 19:29:37 -------- d-----w C:\DOKUME~1\user\ANWEND~1\Avant Browser 2007-06-01 11:38:56 -------- d-----w C:\Programme\PokerStars 2007-05-31 14:50:12 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-30 18:04:38 -------- d-----w C:\Programme\The Westerner 2007-05-30 18:00:46 -------- d-----w C:\Programme\Pacz 2007-05-30 17:55:33 -------- d-----w C:\Programme\Picasa 2007-05-30 17:54:00 -------- d-----w C:\Programme\Oberon Media 2007-05-15 17:14:07 -------- d-----w C:\Programme\ICQLite 2007-04-20 14:43:10 -------- d-----w C:\Programme\Everest Poker 2007-04-16 07:24:34 12,275 -c--a-w C:\WINDOWS\mozver.dat 2007-03-25 08:46:49 65,286 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 08:46:49 394,198 ----a-w C:\WINDOWS\system32\perfh007.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {9AA2F14F-E956-44B8-8694-A5B615CDF341}=C:\Programme\ONSPEED\components\NOWImaging.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 16:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04] "InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-01-16 11:56] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BusinessOnline Log] "C:\Programme\T-DSL Business\bolog.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB] C:\Programme\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] C:\Programme\Picasa\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspwr] C:\WINDOWS\system32\PuXpMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwrUpTweakMe] C:\WINDOWS\system32\PUXPTWKS.EXE /TWEAK [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "D:\Programme\Valve\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TSMService"=3 (0x3) "AVM WLAN Connection Service"=2 (0x2) "SymWSC"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "Mozilla Quick Launch"="C:\Programme\Netscape\Netscape\Netscp.exe" -turbo "TuneUp MemOptimizer"="D:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize "CloneDVDElbyDelay"="D:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe "ElbyCheckAnyDVD"="C:\Programme\AnyDVD\ElbyCheck.exe" /L AnyDVD "Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "BusinessOnline Log"="C:\Programme\T-DSL Business\bolog.exe" "BearShare"="C:\Programme\BearShare\BearShare.exe" /pause "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r "Dit"=Dit.exe "KBD"=C:\HP\KBD\KBD.EXE "nwiz"=nwiz.exe /install "WinampAgent"="C:\Programme\Winamp\Winampa.exe" "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Contents of the 'Scheduled Tasks' folder 2006-05-26 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Einfache Internetanmeldung.job 2006-05-28 17:09:00 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-13 19:43:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-13 19:46:36 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-13 19:46 --- E O F ---