ComboFix 08-01-23.1C - User 2008-01-28 16:44:26.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.180 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\User\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\User\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\vtusspp.dll . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\FOUND.004 C:\FOUND.004\FILE0000.CHK C:\FOUND.004\FILE0001.CHK C:\FOUND.004\FILE0002.CHK C:\FOUND.004\FILE0003.CHK C:\WINDOWS\system32\vtusspp.dll . ((((((((((((((((((((((( Dateien erstellt von 2007-12-28 bis 2008-01-28 )))))))))))))))))))))))))))))) . 2008-01-28 13:04 . 2008-01-28 13:04 d--hs---- C:\FOUND.005 2008-01-28 03:13 . 2008-01-28 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-28 03:13 . 2008-01-28 03:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-28 02:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-28 02:11 . 2008-01-28 02:11 d-------- C:\Programme\Microsoft Works 2008-01-27 21:14 . 2008-01-27 21:14 9 --a------ C:\WINDOWS\system32\130c02fe 2008-01-24 16:04 . 2008-01-24 16:04 d-------- C:\Programme\ICQToolbar 2008-01-23 07:24 . 2008-01-23 07:24 675,328 --a------ C:\WINDOWS\isRS-000.tmp 2008-01-22 02:22 . 2008-01-22 02:22 d-------- C:\phonedmg 2008-01-22 01:21 . 2008-01-22 01:21 d-------- C:\Programme\iTunes 2008-01-22 01:21 . 2008-01-22 01:21 d-------- C:\Programme\iPod 2008-01-22 01:19 . 2008-01-22 01:19 d-------- C:\Programme\Bonjour 2008-01-20 19:09 . 2008-01-20 19:09 d-------- C:\totalcmd 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF 2008-01-20 19:09 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF 2008-01-20 19:09 . 2008-01-20 19:13 526 --a------ C:\WINDOWS\wincmd.ini 2008-01-20 19:03 . 2008-01-20 19:03 d-------- C:\Programme\SSH Explorer 2008-01-17 15:52 . 2008-01-17 15:52 d-------- C:\Programme\WinSCP 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-08 17:33 . 2008-01-08 17:33 d-------- C:\Programme\Lavasoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 01:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-01-09 03:30 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-05 17:44 --------- d-----w C:\Programme\PornPlay.to 2007-11-07 09:27 729,600 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:27 729,600 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:19 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:42 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:42 1,293,312 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2003-12-24 05:27 236,943 ----a-w C:\WINDOWS\Fonts\futura\alltype\FUTURA4.zip 2003-12-24 05:27 236,943 ----a-w C:\WINDOWS\Fonts\Futura Fonts\futura\alltype\FUTURA4.zip 2002-12-17 15:20 696,320 ----a-w C:\Programme\Gemeinsame Dateien\XCMHook.dll 2002-12-17 15:20 24,576 ----a-w C:\Programme\Gemeinsame Dateien\XCPCMenu.exe 2002-07-21 20:37 1,652,294 ----a-w C:\WINDOWS\Fonts\=Atomic Media Fonts=\=atomic media fonts=.zip 2002-03-25 21:32 8,299 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Sugarray.Zip 2002-03-25 21:32 40,704 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Weezer.Zip 2002-03-25 21:32 4,347 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Squealer.Zip 2002-03-25 21:32 39,168 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Shredded.Zip 2002-03-25 21:32 37,400 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Uptown__.Zip 2002-03-25 21:32 33,117 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Thebeatles.Zip 2002-03-25 21:32 29,122 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Vulgardisplay.Zip 2002-03-25 21:32 28,231 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Singoth.Zip 2002-03-25 21:32 26,350 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Viking-N.Zip 2002-03-25 21:32 24,430 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Temple.Zip 2002-03-25 21:32 20,840 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Sickness.Zip 2002-03-25 21:32 15,173 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Soulfly.Zip 2002-03-25 21:32 10,197 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Zeppelin2.Zip 2002-03-25 21:31 7,116 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Pod_Tagsxtreme.Zip 2002-03-25 21:31 6,099 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Rammsteinfont.Zip 2002-03-25 21:31 41,553 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Sepultura_Font.Zip 2002-03-25 21:31 31,438 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Oasisfontpctruetype.Zip 2002-03-25 21:31 29,964 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Plaio___.Zip 2002-03-25 21:31 22,094 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Ozzy_Baratz.Zip 2002-03-25 21:31 21,956 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Polaroid.Zip 2002-03-25 21:31 21,755 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Nonpoint.Zip 2002-03-25 21:31 18,883 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Scorpions.Zip 2002-03-25 21:31 15,929 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Punchlabel.Zip 2002-03-25 21:31 14,569 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Orgywin.Zip 2002-03-25 21:31 13,075 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Pyrite.Zip 2002-03-25 21:30 9,114 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Metallic.Zip 2002-03-25 21:30 83,514 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Metrolox.Zip 2002-03-25 21:30 62,697 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Newcrack.Zip 2002-03-25 21:30 6,436 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Metalor.Zip 2002-03-25 21:30 56,047 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Machinehead.Zip 2002-03-25 21:30 48,305 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Nirvana.Zip 2002-03-25 21:30 40,993 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Metnew.Zip 2002-03-25 21:30 29,161 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Megadeth.Zip 2002-03-25 21:30 27,857 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Mus-Collectivesouldosage.Zip 2002-03-25 21:30 27,703 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Monstermagnet-Klingon.Zip 2002-03-25 21:30 20,578 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Lansbury.Zip 2002-03-25 21:30 17,646 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Limpbizkit2.Zip 2002-03-25 21:30 16,358 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Nirvana2.Zip 2002-03-25 21:30 15,590 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Misfit.Zip 2002-03-25 21:30 15,478 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Linkinpark.Zip 2002-03-25 21:29 9,087 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Fakep___.Zip 2002-03-25 21:29 72,323 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Hollywood10.Zip 2002-03-25 21:29 61,915 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Holewm.Zip 2002-03-25 21:29 56,192 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Issuesfont.Zip 2002-03-25 21:29 37,617 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Kornucopia.Zip 2002-03-25 21:29 35,945 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Highv___.Zip 2002-03-25 21:29 31,586 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Floyd.Zip 2002-03-25 21:29 22,403 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Icedeart_Ttf.Zip 2002-03-25 21:29 21,467 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Guns N' Roses (Live Era).Zip 2002-03-25 21:29 18,676 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Kashmir.Zip 2002-03-25 21:29 16,305 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Kravitz.Zip 2002-03-25 21:29 14,543 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Karloff.Zip 2002-03-25 21:28 9,410 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Edition.Zip 2002-03-25 21:28 9,069 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Danzig.Zip 2002-03-25 21:28 56,536 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Cheaptrick.Zip 2002-03-25 21:28 36,034 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Facerg__.Zip 2002-03-25 21:28 32,518 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Coprgtb.Zip 2002-03-25 21:28 30,074 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Everlast_Whiteyford.Zip 2002-03-25 21:28 28,966 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Creed.Zip 2002-03-25 21:28 26,882 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Everclear_Afterglow.Zip 2002-03-25 21:28 22,518 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Chimaira.Zip 2002-03-25 21:28 22,498 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Euroswh.Zip 2002-03-25 21:28 20,528 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Deftones.Zip 2002-03-25 21:28 15,420 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Dienasty.Zip 2002-03-25 21:28 14,964 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Doors.Zip 2002-03-25 21:28 13,726 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Criminal.Zip 2002-03-25 21:28 10,999 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Europa__.Zip 2002-03-25 21:28 10,662 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Dborgir.Zip 2002-03-25 21:27 58,437 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Adema.Zip 2002-03-25 21:27 5,635 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Barcode.Zip 2002-03-25 21:27 41,553 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Cas_Antn.Zip 2002-03-25 21:27 35,860 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Original Motley Font (Pc).Zip 2002-03-25 21:27 34,582 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Berliner.Zip 2002-03-25 21:27 25,586 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Avalq___.Zip 2002-03-25 21:27 22,294 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Willrobinson.Zip 2002-03-25 21:27 21,758 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Apollyon.Zip 2002-03-25 21:27 21,717 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Baddssb_.Zip 2002-03-25 21:27 21,547 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Bonjovi.Zip 2002-03-25 21:27 20,254 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Band.Zip 2002-03-25 21:27 15,669 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Brooklyn.Zip 2002-03-25 21:26 9,302 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Nin_Downward.Zip 2002-03-25 21:26 37,135 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Oldenglish.Zip 2002-03-25 21:26 13,349 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Chinese Motley Font.Zip 2002-03-25 21:26 120,246 ----a-w C:\WINDOWS\Fonts\= Rock & Roll Fontz =\Linkin_Park.Zip 2004-12-26 04:39 56 --sh--r C:\WINDOWS\system32\3BA2E7ACD6.sys 2005-12-17 04:07 80 --sh--r C:\WINDOWS\system32\3BA2E7ACD6.dll 2005-06-26 23:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-07-14 20:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll 2005-06-22 06:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-28_ 3.15.29.96 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-15 21:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll + 2008-01-15 21:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll + 2008-01-15 21:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll + 2008-01-23 00:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll + 2008-01-15 21:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll - 2004-12-30 00:00:00 124,072 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll + 2008-01-23 00:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll - 2004-12-30 00:00:00 685,224 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll + 2008-01-23 00:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll + 2008-01-15 21:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll - 2004-12-30 00:00:00 86,768 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat + 2008-01-23 00:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat - 2004-12-30 00:00:00 7,567 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat + 2008-01-23 00:00:00 403,360 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat - 2004-12-30 00:00:00 394,930 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat + 2008-01-23 00:00:00 2,666,609 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat - 2004-12-30 00:00:00 65,026 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat + 2008-01-23 00:00:00 440,643 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat - 2004-12-30 00:00:00 233,719 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat + 2008-01-23 00:00:00 1,025,485 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat - 2004-12-30 00:00:00 37,804 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat + 2008-01-23 00:00:00 68,399 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat + 2008-01-23 00:00:00 3,294 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat - 2004-12-30 00:00:00 902,494 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat + 2008-01-23 00:00:00 998,515 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat - 2004-12-30 00:00:00 527,775 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat + 2008-01-23 00:00:00 570,966 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat - 2004-12-30 00:00:00 144,596 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat + 2008-01-23 00:00:00 151,148 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat - 2004-12-30 00:00:00 316,532 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat + 2008-01-23 00:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat - 2004-12-30 00:00:00 81,294 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat + 2008-01-23 00:00:00 5,918,237 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat - 2004-12-30 00:00:00 380,699 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat + 2008-01-23 00:00:00 392,748 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat - 2004-12-30 00:00:00 1,711,467 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat + 2008-01-23 00:00:00 20,633,896 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat - 2004-12-30 00:00:00 1,214,692 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat + 2008-01-23 00:00:00 1,926,766 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat - 2004-12-30 00:00:00 1,853,711 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat + 2008-01-23 00:00:00 5,574,507 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat - 2008-01-28 01:43:56 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-28 15:43:42 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\ntuser.dat - 2008-01-28 01:43:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-28 15:43:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-28 01:43:56 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-28 15:43:42 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat - 2008-01-28 01:43:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-28 15:43:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-28 01:43:58 13,766,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat + 2008-01-28 15:43:42 13,766,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat - 2008-01-28 01:43:58 491,520 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-28 15:43:42 491,520 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-28 16:15:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_110.dat . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57 15360] "WindowsWelcomeObserver"="C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft Connect Driver.exe" [2007-09-30 00:54 36864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 06:00 98304] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "EPSON Stylus DX4800 Series (Kopie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 06:00 98304] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57 15360] "T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 02:53 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll 2003-08-25 11:25 139264 C:\Programme\Gemeinsame Dateien\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" /background "Microsoft Outlook"=C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle "Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized "E-Mail Alarm"="C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" HIDE "WEB.DE Club E-Mail Alarm"="C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" HIDE "RK Launcher"=C:\Programme\RK Launcher\RKLauncher.exe "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe "LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe boot "Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe "WinRoll"=C:\Programme\WinRoll\winroll.exe "Yz Shadow"=C:\Programme\YzShadow\YzShadow.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" "UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" "TuneUp MemOptimizer"="C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime "SoundMan"=SOUNDMAN.EXE "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "WEB.DE Sync - WebDeSync"=C:\Programme\Gemeinsame Dateien\XCPCSync\Translators\WebDeSync\WebDeSyncTray.exe "CallStation"=C:\Programme\CallStation\CStation.exe "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE "LogitechVideoTray"=C:\Programme\Logitech\Video\LogiTray.exe "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" "LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe "SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe "Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Flashget"=C:\Programme\FlashGet\flashget.exe /min "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP "SBCSTray"=C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min "BootSkin Startup Jobs"="C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs "TXP"=c:\programme\topthemesxp\txp.exe R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-11 20:18] R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-10-31 03:33] R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2007-10-30 01:56] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-11 20:18] R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-04-23 19:05] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-28 14:22] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:58] R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 12:56] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [] S2 TryAndDecideService;Acronis Try And Decide Service;"C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe" [] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15] S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2004-03-01 17:03] S3 Ntmsrdawn;Ntmsrdawn;C:\WINDOWS\system32\smss.exe [2004-08-04 08:58] S3 Smndsdatc;Smndsdatc;C:\WINDOWS\system32\drivers\rndismp.sys [2004-08-04 07:04] S3 WinDSLa;WinDSL-Adapter (PPP-over-Ethernet);C:\WINDOWS\system32\DRIVERS\WinDSL.sys [] S3 ZD1211U(ACER);ACER WLAN 11g USB Adapter(ACER);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] \Shell\AutoRun\command - N:\setupSNK.exe *Newly Created Service* - SBAPIFS . Inhalt des "geplante Tasks" Ordners "2008-01-25 14:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programme\Norton Security Scan\Nss.exe "2008-01-25 16:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe "2008-01-28 13:51:02 C:\WINDOWS\Tasks\20070815_145100_User.job" - C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe8/TASKTYPE:NBSERVICE /JOBFILE: "2008-01-28 15:06:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 17:17:42 Windows 5.1.2600 Service Pack 2 FAT NTAPI Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-01-28 17:21:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-28 16:21:08 ComboFix2.txt 2008-01-28 03:05:18 . 2008-01-10 02:34:34 --- E O F ---