"Loxagon" - 2007-07-22 13:17:54 - ComboFix 07-07-14.6 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 ))))))))))))))))))))))))))))))) 2007-07-22 13:17 51,200 --a------ F:\WINDOWS\nircmd.exe 2007-07-21 16:28 d-------- F:\WINDOWS\system32\NtmsData 2007-07-21 15:00 d-------- F:\WINDOWS\system32\ActiveScan 2007-07-20 22:07 d-------- F:\Programme\Nero 2007-07-20 16:26 d-------- F:\Programme\RegCleaner 2007-07-19 18:22 d-------- F:\DOKUME~1\Loxagon\Contacts 2007-07-19 18:18 d----c--- F:\WINDOWS\system32\DRVSTORE 2007-07-17 20:19 d-------- F:\Programme\AmoK 2007-07-17 12:18 d-------- F:\DOKUME~1\Loxagon\ANWEND~1\Apple Computer 2007-07-17 12:15 d-------- F:\Programme\Gemeinsame Dateien\Ulead 2007-07-17 12:15 d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer 2007-07-17 12:14 d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield 2007-07-17 12:12 81,768 --a------ F:\WINDOWS\system32\xinput1_3.dll 2007-07-17 12:12 62,744 --a------ F:\WINDOWS\system32\xinput1_2.dll 2007-07-17 12:12 443,752 --a------ F:\WINDOWS\system32\d3dx10_34.dll 2007-07-17 12:12 443,752 --a------ F:\WINDOWS\system32\d3dx10_33.dll 2007-07-17 12:12 3,497,832 --a------ F:\WINDOWS\system32\d3dx9_34.dll 2007-07-17 12:12 3,495,784 --a------ F:\WINDOWS\system32\d3dx9_33.dll 2007-07-17 12:12 3,426,072 --a------ F:\WINDOWS\system32\d3dx9_32.dll 2007-07-17 12:12 266,088 --a------ F:\WINDOWS\system32\xactengine2_8.dll 2007-07-17 12:12 261,480 --a------ F:\WINDOWS\system32\xactengine2_7.dll 2007-07-17 12:12 255,848 --a------ F:\WINDOWS\system32\xactengine2_6.dll 2007-07-17 12:12 251,672 --a------ F:\WINDOWS\system32\xactengine2_5.dll 2007-07-17 12:12 237,848 --a------ F:\WINDOWS\system32\xactengine2_4.dll 2007-07-17 12:12 236,824 --a------ F:\WINDOWS\system32\xactengine2_3.dll 2007-07-17 12:12 2,414,360 --a------ F:\WINDOWS\system32\d3dx9_31.dll 2007-07-17 12:12 2,297,552 --a------ F:\WINDOWS\system32\d3dx9_26.dll 2007-07-17 12:12 18,280 --a------ F:\WINDOWS\system32\x3daudio1_2.dll 2007-07-17 12:12 15,128 --a------ F:\WINDOWS\system32\x3daudio1_1.dll 2007-07-17 12:12 1,124,720 --a------ F:\WINDOWS\system32\D3DCompiler_34.dll 2007-07-17 12:12 1,123,696 --a------ F:\WINDOWS\system32\D3DCompiler_33.dll 2007-07-16 11:50 d-------- F:\Programme\MSBuild 2007-07-16 11:46 d-------- F:\WINDOWS\system32\XPSViewer 2007-07-16 11:45 d-------- F:\Programme\Reference Assemblies 2007-07-16 11:44 14,048 --------- F:\WINDOWS\system32\spmsg2.dll 2007-07-16 11:37 d-------- F:\Programme\Windows Media Connect 2 2007-07-16 11:35 d-------- F:\WINDOWS\system32\LogFiles 2007-07-16 11:35 d-------- F:\WINDOWS\system32\drivers\UMDF 2007-07-15 11:38 d-------- F:\Programme\XoftSpySE 2007-07-14 13:40 d-------- F:\DOKUME~1\ADMINI~1\ANWEND~1\TuneUp Software 2007-07-14 13:26 524,288 --ah----- F:\DOKUME~1\ADMINI~1\NTUSER.DAT 2007-07-14 13:26 dr-h----- F:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-07-14 13:26 dr------- F:\DOKUME~1\ADMINI~1\Startmen 2007-07-14 13:26 d--h----- F:\DOKUME~1\ADMINI~1\Vorlagen 2007-07-14 13:26 d--h----- F:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-07-14 13:26 d--h----- F:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-07-14 13:26 d--h----- F:\DOKUME~1\ADMINI~1\Druckumgebung 2007-07-14 13:26 d-------- F:\DOKUME~1\ADMINI~1\Favoriten 2007-07-14 10:57 d-------- F:\Programme\Yahoo! 2007-07-14 10:55 d-------- F:\WINDOWS\cache 2007-07-14 10:34 dr------- F:\DOKUME~1\LOCALS~1\Favoriten 2007-07-10 14:07 d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic 2007-07-09 22:41 d-------- F:\WINDOWS\pss 2007-07-08 14:44 d-------- F:\DOKUME~1\Loxagon\ANWEND~1\Conceiva 2007-07-07 17:02 d-------- F:\Programme\Ontrack 2007-07-07 16:50 114,048 --a------ F:\WINDOWS\system32\drivers\snapman.sys 2007-07-05 22:32 d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-07-05 00:09 d-------- F:\Programme\JSGSoft.com 2007-07-04 17:34 d-------- F:\DOKUME~1\Loxagon\ANWEND~1\SlySoft 2007-07-04 17:17 d-------- F:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft 2007-07-04 17:12 d-------- F:\Programme\SlySoft 2007-07-03 19:27 d-------- F:\Programme\Symantec 2007-07-03 19:15 6,656 --a------ F:\WINDOWS\system32\WnASPI32.dll 2007-07-03 19:15 6,160 --a------ F:\WINDOWS\system32\drivers\UimFIO.sys 2007-07-03 19:15 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll 2007-07-03 19:15 344,064 --a------ F:\WINDOWS\system32\msvcr70.dll 2007-07-03 19:15 3,870,720 --a------ F:\WINDOWS\system32\qt-mt323.dll 2007-07-03 19:15 26,672 --a------ F:\WINDOWS\system32\drivers\UimBus.sys 2007-07-03 19:15 120,995 --a------ F:\WINDOWS\system32\drivers\Uim_IM.sys 2007-07-03 19:15 d-------- F:\Programme\Paragon Software 2007-07-03 15:21 d-------- F:\DOKUME~1\Loxagon\ANWEND~1\Help 2007-07-01 18:05 63,488 --a------ F:\WINDOWS\system32\unam4ie.exe 2007-07-01 18:05 4,608 --a------ F:\WINDOWS\system32\w95inf32.dll 2007-07-01 18:05 38,160 --a------ F:\WINDOWS\system32\LMRTREND.dll 2007-07-01 18:05 2,272 --a------ F:\WINDOWS\system32\w95inf16.dll 2007-07-01 18:05 194,320 --a------ F:\WINDOWS\system32\qcut.dll 2007-07-01 18:05 182,032 --a------ F:\WINDOWS\system32\dxtmsft3.dll 2007-07-01 18:05 10,240 --a------ F:\WINDOWS\system32\vidx16.dll 2007-06-27 15:38 58,156 --a------ F:\WINDOWS\system32\Uninstal.exe 2007-06-27 15:11 27,648 --a------ F:\WINDOWS\system32\ir50_lcs.dll 2007-06-25 15:47 1,140 --a------ F:\WINDOWS\mozver.dat 2007-06-23 21:17 87,040 --a------ F:\WINDOWS\UnGins.exe 2007-06-23 21:17 473,600 --a------ F:\WINDOWS\system32\Harmony.dll 2007-06-23 21:17 237,568 --a------ F:\WINDOWS\system32\Unlha32.dll 2007-06-22 15:54 99,904 --a------ F:\WINDOWS\system32\drivers\AnyDVD.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-21 22:04:48 -------- d-----w F:\Programme\Gemeinsame Dateien\Ahead 2007-07-21 20:48:00 -------- d-----w F:\Programme\Trillian 2007-07-20 20:11:12 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Azureus 2007-07-20 13:14:10 -------- d--h--w F:\Programme\InstallShield Installation Information 2007-07-18 08:30:10 82,974 ----a-w F:\WINDOWS\system32\perfc007.dat 2007-07-18 08:30:10 453,452 ----a-w F:\WINDOWS\system32\perfh007.dat 2007-07-17 16:44:44 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\teamspeak2 2007-07-17 10:00:10 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\dvdcss 2007-07-03 17:05:16 -------- d-----w F:\Programme\TuneUp Utilities 2007 2007-07-02 11:49:46 -------- d-----w F:\Programme\Elaborate Bytes 2007-07-01 19:19:02 43,520 ----a-w F:\WINDOWS\system32\CmdLineExt03.dll 2007-06-30 21:41:46 -------- d-----w F:\Programme\ATI Technologies 2007-06-20 21:08:56 93,128 ----a-w F:\WINDOWS\system32\ElbyCDIO.dll 2007-06-07 19:03:41 28,400 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys 2007-06-07 19:01:14 0 ----a-w F:\WINDOWS\PowerReg.dat 2007-06-07 18:35:52 -------- d-----w F:\Programme\Monte Cristo 2007-06-06 09:30:38 -------- d-----w F:\Programme\AskPBar 2007-06-06 09:30:37 -------- d-----w F:\Programme\Google 2007-06-05 14:18:33 -------- d-----w F:\Programme\The Weather Channel FW 2007-06-04 22:40:01 -------- d-----w F:\Programme\Biosfear 2007-06-01 13:35:38 -------- d-----w F:\Programme\Gemeinsame Dateien\AOL 2007-06-01 13:35:04 -------- d-----w F:\Programme\Gemeinsame Dateien\aolshare 2007-05-30 12:10:42 10,872 ----a-w F:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-29 19:14:24 -------- d-----w F:\Programme\Gemeinsame Dateien\InstallShield 2007-05-29 19:12:01 -------- d-----w F:\Programme\epson 2007-05-29 12:27:37 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\vlc 2007-05-29 12:19:00 -------- d-----w F:\Programme\VideoLAN 2007-05-28 21:31:18 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Talkback 2007-05-28 21:30:45 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Real 2007-05-28 21:30:36 0 ----a-w F:\WINDOWS\nsreg.dat 2007-05-28 21:29:35 -------- d-----w F:\Programme\Gemeinsame Dateien\xing shared 2007-05-28 21:29:28 -------- d-----w F:\Programme\Gemeinsame Dateien\Real 2007-05-28 21:29:00 -------- d-----w F:\Programme\Real 2007-05-28 21:17:53 -------- d-----w F:\Programme\CyberLink 2007-05-28 18:30:49 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Ahead 2007-05-27 17:07:14 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Lavasoft 2007-05-27 17:03:03 -------- d-----w F:\Programme\Lavasoft 2007-05-27 17:02:48 -------- d-----w F:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-05-27 16:51:24 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\TuneUp Software 2007-05-25 15:52:28 -------- d-----w F:\Programme\MSXML 4.0 2007-05-24 15:05:43 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\WinRAR 2007-05-24 14:19:14 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\acccore 2007-05-24 14:17:24 -------- d-----w F:\Programme\Gemeinsame Dateien\Nullsoft 2007-05-23 19:04:09 -------- d-----w F:\Programme\Teamspeak2_RC2 2007-05-23 14:03:51 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\Google 2007-05-23 14:02:48 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\CyberLink 2007-05-23 13:58:30 -------- d-----w F:\Programme\Azureus 2007-05-23 11:05:33 -------- d-----w F:\Programme\Messenger 2007-05-22 13:58:00 -------- d-----w F:\DOKUME~1\Loxagon\ANWEND~1\ATI 2007-05-22 13:43:32 -------- d-----w F:\Programme\VIA Technologies, Inc 2007-05-22 13:27:36 -------- d-----w F:\Programme\Movie Maker 2007-05-22 13:25:38 -------- d-----w F:\Programme\Windows NT 2007-05-16 15:11:44 683,520 ----a-w F:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:27 144,896 ----a-w F:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ F:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ F:\Programme\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="F:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05] "SunJavaUpdateSched"="F:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "TkBellExe"="F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-05-28 23:29] "HostManager"="F:\Programme\Gemeinsame Dateien\AOL\1180704905\ee\AOLSoftware.exe" [2006-05-23 13:45] "IPHSend"="F:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe" [2006-02-17 18:59] "Adobe Reader Speed Launcher"="F:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ATICCC"="F:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41] "avgnt"="F:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] "!AVG Anti-Spyware"="L:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57] "SpybotSD TeaTimer"="F:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="l:\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the 'Scheduled Tasks' folder 2007-07-20 15:16:46 F:\WINDOWS\tasks\1-Klick-Wartung.job 2007-07-22 11:08:47 F:\WINDOWS\tasks\XoftSpySE 2.job 2007-07-15 09:42:17 F:\WINDOWS\tasks\XoftSpySE.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-22 13:20:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-22 13:22:04 --- E O F ---