"Daniel" - 07-04-19 12:29:20 Service Pack 2 ComboFix 07-04-19V - Running from: C:\Dokumente und Einstellungen\Daniel\Desktop\qqq\ (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\expiorer.exe C:\Programme\inetget2 C:\Programme\Gemeinsame Dateien\{D82F5~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((((((((( Files Created from 2007-03-19 to 2007-04-19 )))))))))))))))))))))))))))))))))) 2007-04-18 18:56 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-18 01:42 d-------- C:\DOKUME~1\Daniel\DoctorWeb 2007-04-18 01:21 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic 2007-04-16 12:14 d-------- C:\Programme\Notepad++ 2007-04-16 12:14 d-------- C:\DOKUME~1\Daniel\ANWEND~1\Notepad++ 2007-04-16 00:32 d-------- C:\sft 2007-04-09 16:06 d-------- C:\Programme\Room Arranger 2007-04-03 01:42 d-------- C:\DOKUME~1\Daniel\ANWEND~1\Armagetron 2007-03-26 01:19 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\HeartCreativeMfcdManager 2007-03-26 01:18 d-------- C:\Programme\NetPumper 2007-03-26 01:18 d-------- C:\Programme\HtmLiesLicense 2007-03-26 01:18 d-------- C:\DOKUME~1\Daniel\ANWEND~1\NetPumper 2007-03-26 01:18 d-------- C:\DOKUME~1\Daniel\ANWEND~1\HtmLiesLicense 2007-03-24 12:27 d-------- C:\Programme\Save 2007-03-24 12:22 d-------- C:\Programme\DAEMON Tools 2007-03-24 12:06 dr-h----- C:\DOKUME~1\Daniel\ANWEND~1\SecuROM 2007-03-22 17:38 d-------- C:\Programme\directx (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-19 12:26 61826 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-19 12:26 385174 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-17 17:09 4 --a------ C:\WINDOWS\system32\npptdpnm.dat 2007-04-16 01:18 -------- d-------- C:\Programme\sft loader 2007-04-12 18:33 -------- d-------- C:\Programme\lexmark x1100 series 2007-04-08 20:29 -------- d-------- C:\Programme\icqlite 2007-03-24 14:58 -------- d-------- C:\Programme\dosbox-0.65 2007-03-24 12:12 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-24 12:06 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-03-22 18:32 -------- d--h----- C:\Programme\installshield installation information 2007-03-22 17:19 -------- d-------- C:\Programme\ascaron entertainment 2007-03-18 17:29 -------- d-------- C:\Programme\netze 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-17 10:07 102400 --a------ C:\WINDOWS\system32\et7fm7.dll 2007-03-16 18:49 -------- d-------- C:\Programme\opera 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-05 17:15 -------- d-------- C:\Programme\no23 recorder 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-03 17:43 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2007-02-03 17:43 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2007-02-03 17:43 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-10 22:38 35488 --a------ C:\DOKUME~1\Daniel\ANWEND~1\gdipfontcachev1.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_10\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PSDrvCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe" "DataLayer"="C:\\PROGRA~1\\GEMEIN~1\\PCSuite\\DATALA~1\\DATALA~1.EXE" "CHotkey"="mHotkey.exe" "Dit"="Dit.exe" "DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "Zone Labs Client"="C:\\PROGRA~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "EA Core"="C:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "Generic Host Process"="C:\\WINDOWS\\system32\\scvvhost.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ file:///C:/DOKUME~1/Daniel/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93f261fc-7dce-4268-9edb-4c94f8afb899}"="RadioRipper.ShellExecuteHook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AA5AE65491099B48.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-19 12:47:01 C:\ComboFix-quarantined-files.txt ... 07-04-19 12:47