"Standard" - 07-04-21 18:48:02 Service Pack 2 ComboFix 07-04-21.2V - Running from: C:\Dokumente und Einstellungen\Standard\Desktop\ (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\mppampp.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\updater.exe C:\Programme\Gemeinsame Dateien\{33351~1\toolbardll.lzma C:\Programme\Gemeinsame Dateien\{33351~1\UnInstall.exe C:\Programme\Gemeinsame Dateien\{13351~1\directorexe.lzma C:\Programme\Gemeinsame Dateien\{13351~1\directordll.lzma C:\WINDOWS\hosts C:\WINDOWS\start.exe C:\Programme\Gemeinsame Dateien\{33351~1 C:\Programme\Gemeinsame Dateien\{13351~1 C:\WINDOWS\system32\drivers\aczqxtrs.sys C:\WINDOWS\system32\mppampp.dll C:\WINDOWS\system32\mppampp.dll.bak ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm -------\vwxdwmdx -------\LEGACY_VWXDWMDX ((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 )))))))))))))))))))))))))))))))))) 2007-04-21 16:23 83,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys 2007-04-21 16:23 59,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys 2007-04-21 16:23 52,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys 2007-04-21 16:23 39,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfileflt.sys 2007-04-21 16:23 26,064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys 2007-04-21 16:22 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2007-04-21 16:22 d-------- C:\Programme\Spyware Doctor 2007-04-21 16:22 d-------- C:\DOKUME~1\Standard\ANWEND~1\PC Tools 2007-04-21 16:05 d-------- C:\Programme\SpeedFan 2007-04-21 15:56 d-------- C:\avenger 2007-04-21 15:00 d--hs---- C:\FOUND.014 2007-04-20 23:21 d--hs---- C:\FOUND.013 2007-04-19 14:23 d--hs---- C:\FOUND.012 2007-04-18 16:26 d--hs---- C:\FOUND.011 2007-04-17 18:21 d--hs---- C:\FOUND.010 2007-04-12 23:23 d-------- C:\VundoFix Backups 2007-04-12 21:29 d-------- C:\Programme\RegistrySmart 2007-04-12 21:29 d-------- C:\DOKUME~1\Standard\ANWEND~1\RegistrySmart 2007-04-12 20:58 d-------- C:\WINDOWS\SxsCaPendDel 2007-04-12 18:50 dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien 2007-04-12 18:48 1,310,720 --ah----- C:\DOKUME~1\ADMINI~1\ntuser.dat 2007-04-12 18:48 dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-04-12 18:48 dr------- C:\DOKUME~1\ADMINI~1\Startmen 2007-04-12 18:48 d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2007-04-12 18:48 d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-04-12 18:48 d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-04-12 18:48 d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2007-04-12 18:48 d-------- C:\DOKUME~1\ADMINI~1\Favoriten 2007-04-12 17:09 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic 2007-04-12 16:35 7,168 --a------ C:\WINDOWS\SYSTEM32\macrovsn.dll 2007-04-12 16:35 636,416 --a------ C:\WINDOWS\SYSTEM32\mvccasp.dll 2007-04-12 16:35 344,576 --a------ C:\WINDOWS\SYSTEM32\mmxmpeg1.dll 2007-04-12 16:35 321,536 --a------ C:\WINDOWS\SYSTEM32\mmmpeg.dll 2007-04-12 16:35 291,600 --a------ C:\WINDOWS\SYSTEM32\DVD Express AV Decoder.DLL 2007-04-12 16:35 22,016 --a------ C:\WINDOWS\SYSTEM32\AllNode.DLL 2007-04-12 16:35 118,784 --a------ C:\WINDOWS\SYSTEM32\Sky2PCUI.dll 2007-04-12 16:35 106,496 --a------ C:\WINDOWS\SYSTEM32\SkyDll.dll 2007-04-12 16:03 d-------- C:\ProgDVB 2007-04-11 13:32 d-------- C:\Programme\Western Digital Technologies 2007-03-24 23:38 d-------- C:\Programme\KaLoMa (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-21 17:58 61294 --a------ C:\WINDOWS\SYSTEM32\perfc007.dat 2007-04-21 17:58 384546 --a------ C:\WINDOWS\SYSTEM32\perfh007.dat 2007-04-20 23:47 3778460 --ah----- C:\DOKUME~1\Standard\ANWEND~1\iconcache.db 2007-04-17 19:13 107008 --a------ C:\DOKUME~1\Standard\ANWEND~1\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini 2007-04-13 00:13 63040 --a------ C:\DOKUME~1\Standard\ANWEND~1\gdipfontcachev1.dat 2007-03-28 20:10 4608 --a------ C:\DOKUME~1\Standard\ANWEND~1\0157890a-1998-47a0-ac72-0ed7fb24077f.ini 2007-03-11 15:29 -------- d-------- C:\DOKUME~1\Standard\ANWEND~1\borland 2007-03-11 14:57 -------- d-------- C:\Programme\borland 2007-03-11 14:53 120 --a------ C:\DOKUME~1\Standard\ANWEND~1\fusioncache.dat 2007-02-01 17:47 6048 --a------ C:\DOKUME~1\Standard\ANWEND~1\231f7a36-b2fa-44b3-a8b6-39e02e56afc4.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4F8561AF-2827-9C96-797D-78507D6B1083} C:\WINDOWS\system\mswstl32.dll [x] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} C:\Programme\AOL\AOL Toolbar 3.0\aoltb.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programme\google\googletoolbar2.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Zone Labs Client"="C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SDTray"="\"C:\\Programme\\Spyware Doctor\\SDTrayApp.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "PowerBar"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "Printing Migration"="rundll32.exe C:\\WINDOWS\\system32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "CDRAutoRun"=hex:00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "CDRAutoRun"=hex:00,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "POINTER"="point32.exe" "HaMFrontPanel"="C:\\WINDOWS\\hampanel /B:Software\\Ambient\\HaM" "CHotKey"="mHotkey.exe" "Zone Labs Client"="C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe" "AVGCtrl"="C:\\PROGRAMME\\AVPERSONAL\\AVGCTRL.EXE /min" "ViewMgr"="C:\\Programme\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-] "Machine Debug Manager"="C:\\WINDOWS\\SYSTEM32\\MDM.EXE" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Server4PC.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Server4PC.lnk" "backup"="C:\\WINDOWS\\pss\\Server4PC.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\TECHNI~1\\bin\\SERVER~1.EXE " "item"="Server4PC" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="D:\\Eigene Dateien\\download\\gettingthere1988\\Neuer Ordner\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_FATIAEE" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAEE.EXE /P26 \"EPSON Stylus DX4200 Series\" /O6 \"USB001\" /M \"Stylus DX4200\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1125094515\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Programme\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPHSend" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\IPHSend\\IPHSend.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISStart" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\ISStart.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogiTray" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MsnMsgr" "hkey"="HKCU" "command"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PPE" "hkey"="HKLM" "command"="C:\\PROGRA~1\\PINNAC~1\\PPE\\PPE.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSDrvCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlaxoHelper" "hkey"="HKCU" "command"="C:\\Programme\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Programme\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkleldpx] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tkleldpx" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\tkleldpx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Programmstart beschleunigen.job C:\WINDOWS\tasks\PCHealth-Planer fr die Zusammenstellung der Daten.job C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-21 18:58:27 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ???????????????????????????????????????????????????????????????|p??|????m??|?`?w????????P?????@?8?@?????P???c"?s???s??????@?????N'?sTU2?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?U2??$@?8?@?8?@??????????U2??A2????s?@2??T2??@2??A2?0i?s????????`U2???? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-21 18:59:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-21 19:00