ComboFix 07-08-09.3 - "Horst Missbrandt" 2007-08-14 8:16:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.206 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\Base64.dll ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 08:16 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-27 17:26 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero 2007-07-24 17:48 d-------- C:\Programme\CDViewer 2007-07-15 17:36 d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-13 22:57 --------- d-------- C:\Programme\TuneUp Utilities 2006 2007-07-27 18:13 --------- d-------- C:\Programme\CyberLink 2007-07-27 18:10 --------- d--h----- C:\Programme\InstallShield Installation Information 2007-07-27 17:28 --------- d-------- C:\Programme\Gemeinsame Dateien\Ahead 2007-07-08 11:58 --------- d-------- C:\Programme\Winamp 2007-06-29 11:10 --------- d-------- C:\DOKUME~1\HORSTM~1\ANWEND~1\CyberLink 2007-06-26 08:43 --------- d-------- C:\Programme\Apple Software Update 2007-06-21 13:42 7285 --a------ C:\WINDOWS\mozver.dat 2007-06-20 12:25 --------- d-------- C:\Programme\WinZip Self-Extractor 2007-06-20 11:56 --------- d-------- C:\Programme\Free WMA to MP3 Converter 2007-06-20 11:53 61968 --a------ C:\WINDOWS\system32\perfc007.dat 2007-06-20 11:53 385728 --a------ C:\WINDOWS\system32\perfh007.dat 2007-06-20 11:21 --------- d-------- C:\Programme\Audacity 2007-06-15 09:10 --------- d-------- C:\Programme\Security Task Manager 2007-05-16 17:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:11 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:11 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:11 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:11 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-15 18:51 23067984 --a------ C:\AdbeRdr80_de_DE.exe 2007-05-15 18:48 7241896 --a------ C:\psa30se_de_de.exe 2007-05-15 18:40 357424 --a------ C:\msicuu2.exe 2007-05-15 13:23 814288 --a------ C:\Google Updater.exe 2007-05-15 13:01 545768 --a------ C:\pase30_rdr80_DLM_de_DE.exe 2007-03-20 15:31 6361576 --a------ C:\Programme\Thunderbird Setup 1.5.0.10.exe 2007-02-09 10:48 190 --a------ C:\DOKUME~1\HORSTM~1\ANWEND~1\wklnhst.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 17:35] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 08:19] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 C:\WINDOWS\LOGI_MWX.EXE] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-05-28 17:37] "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 23:57] "VirtualCloneDrive"="C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 12:28] "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 06:00] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-11-27 10:37] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-05-15 00:22] "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10] "LanguageShortcut"="C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55] "PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39] "DataLayer"="C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] C:\Dokumente und Einstellungen\Horst Missbrandt\Startmen\Programme\Autostart\ Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] Registration-InstantCopy.lnk - C:\Programme\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 14:18:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "ose"=3 (0x3) "NBService"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "wuauserv"=2 (0x2) "Software Jukebox v2.0 Service"=3 (0x3) "NMIndexingService"=3 (0x3) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys R2 AdminSVCff;GMX Firefox Update;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe R2 SNMP;SNMP-Dienst;C:\WINDOWS\System32\snmp.exe R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys S3 adiusbae;Teledat 300 USB;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 NETPPPOI;PPP over ISDN;C:\WINDOWS\system32\DRIVERS\NETPPPOI.SYS S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys S3 SNMPTRAP;SNMP-Trap-Dienst;C:\WINDOWS\System32\snmptrap.exe S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S3 USB_RNDIS;Arris Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Contents of the 'Scheduled Tasks' folder 2007-07-27 15:16:28 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe 2007-07-17 06:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programme\Apple Software Update\SoftwareUpdate.exe 2005-11-04 22:45:00 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 08:20:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-14 8:22:26 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-14 08:22 --- E O F ---