"Apophis" - 2007-07-12 11:45:07 - ComboFix 07-07-12.3 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bbadd.bak1 C:\WINDOWS\system32\bbadd.bak2 C:\WINDOWS\system32\bbadd.ini C:\WINDOWS\system32\bbadd.ini2 C:\WINDOWS\system32\bbadd.tmp C:\WINDOWS\system32\bbadd.bak1 C:\WINDOWS\system32\bbadd.bak2 C:\WINDOWS\system32\bbadd.ini C:\WINDOWS\system32\bbadd.ini2 C:\WINDOWS\system32\bbadd.tmp C:\WINDOWS\system32\bbadd.bak1 C:\WINDOWS\system32\bbadd.bak2 C:\WINDOWS\system32\bbadd.ini C:\WINDOWS\system32\bbadd.ini2 C:\WINDOWS\system32\bbadd.tmp C:\WINDOWS\system32\ddabb.dll C:\WINDOWS\system32\tuvsqol.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\wsnpoem\audio.dll C:\WINDOWS\system32\wsnpoem\audio.dll.cla C:\WINDOWS\system32\wsnpoem\video.dll ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 ))))))))))))))))))))))))))))))) 2007-07-12 11:41 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-11 16:30 66,580 --a------ C:\WINDOWS\system32\vfoudixw.dll 2007-07-10 11:40 d-------- C:\Programme\Lavasoft 2007-07-10 11:40 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Lavasoft 2007-07-09 12:16 86,016 --a------ C:\WINDOWS\system32\awtqroo.exe 2007-07-09 12:15 350,241 --a------ C:\WINDOWS\system32\ucpcaknx.exe 2007-06-26 18:45 d-------- C:\DOKUME~1\Apophis\ANWEND~1\ICQ 2007-06-26 18:43 d-------- C:\Programme\ICQ6 2007-06-25 13:49 d-------- C:\DOKUME~1\Apophis\ANWEND~1\vlc 2007-06-25 13:48 d-------- C:\Programme\VideoLAN (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-12 08:45:14 -------- d-----w C:\Programme\Mozilla Thunderbird 2007-07-10 09:38:42 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-07-09 11:05:33 -------- d-----w C:\DOKUME~1\Apophis\ANWEND~1\Skype 2007-06-26 16:47:00 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-06-26 16:46:53 -------- d-----w C:\Programme\ICQLite 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-30 14:26:26 -------- d-----w C:\Programme\Skype 2007-05-30 14:26:14 -------- d-----w C:\Programme\Gemeinsame Dateien\Skype 2007-04-19 06:42:01 730 -c--a-w C:\DOKUME~1\Apophis\ANWEND~1\wklnhst.dat 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-04-03 12:32:21 81,912 -c--a-w C:\DOKUME~1\Apophis\ANWEND~1\GDIPFONTCACHEV1.DAT 2005-06-08 06:07:22 8 --sh--r C:\WINDOWS\system32\38B25DE429.sys 2005-06-08 06:07:22 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2005-11-10 14:22 184423 --a------ C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC41D38F-B56D-40AD-94E0-B493D130C959}] 2006-06-23 00:23 65536 -ra------ C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] 2005-09-24 07:41 231160 --a------ C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-03-22 01:03 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-22 01:03 C:\WINDOWS\AGRSMMSG.exe] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 16:35] "NotebookHardwareControl"="C:\Programme\Notebook Hardware Control\nhc.exe" [2005-10-11 15:38] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 19:06] "1&1 VirtuSafe"="c:\progra~1\1&1int~1\virtus~1\virtusafe.exe" [2004-07-09 16:10] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2005-08-23 07:01] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-05-24 15:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "RegisterDropHandler"=C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk backup=C:\WINDOWS\pss\FRITZ!DSL Startcenter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pagis-Zeitplan-Monitor.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pagis-Zeitplan-Monitor.lnk backup=C:\WINDOWS\pss\Pagis-Zeitplan-Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinManager.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinManager.lnk backup=C:\WINDOWS\pss\WinManager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Apophis^Startmenü^Programme^Autostart^Adobe Gamma.lnk] path=C:\Dokumente und Einstellungen\Apophis\Startmenü\Programme\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Apophis^Startmenü^Programme^Autostart^reminder-ScanSoft Produkt Registrierung.lnk] path=C:\Dokumente und Einstellungen\Apophis\Startmenü\Programme\Autostart\reminder-ScanSoft Produkt Registrierung.lnk backup=C:\WINDOWS\pss\reminder-ScanSoft Produkt Registrierung.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1_1&1 Upload-Manager] "D:\Programme\1&1\1&1 Upload-Manager\DAVSRV.EXE" /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCentreTray] C:\Programme\Xerox\ControlCentre 2.0\XWCTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Programme\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroNETTrayIcon] C:\Programme\Ahead\NeroNET\NNServiceCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_7 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "xmlprov"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "WmcCdsLs"=3 (0x3) "WmcCds"=3 (0x3) "VSS"=3 (0x3) "UPS"=3 (0x3) "upnphost"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "SCardSvr"=3 (0x3) "RSVP"=3 (0x3) "RasAuto"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Netlogon"=3 (0x3) "NeroNET"=2 (0x2) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "iPodService"=3 (0x3) "InCDsrv"=2 (0x2) "ImapiService"=3 (0x3) "HTTPFilter"=3 (0x3) "HidServ"=2 (0x2) "Fax"=2 (0x2) "de_serv"=3 (0x3) "clr_optimization_v2.0.50215_32"=3 (0x3) "CiSvc"=3 (0x3) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "Adobe LM Service"=3 (0x3) "MDM"=2 (0x2) "BITS"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2181f42-6e48-11da-826d-0012f013fd23}] AutoRun\command- AutoRun.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-12 12:07:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-07-12 12:09:07 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-12 12:08 --- E O F ---