"Mathias Ortmann" - 2007-05-10 20:53:37 Service Pack 2 ComboFix 07-05.09.V - Running from: "C:\Dokumente und Einstellungen\Mathias Ortmann\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 )))))))))))))))))))))))))))))))))) 2007-05-10 19:58 2,438 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-10 19:57 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-10 19:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-10 19:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-05-10 15:21 d-------- C:\avenger 2007-05-10 13:44 d-------- C:\Programme\Enigma Software Group 2007-05-10 12:53 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-10 11:08 d-------- C:\Programme\Video ActiveX Access 2007-05-09 07:57 d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2007-04-21 04:55 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-21 04:55 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-10 17:55:21 63,976 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-10 17:55:21 391,574 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-05-10 17:51:06 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\SmartSurfer 2007-05-10 17:51:02 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\Skype 2007-05-10 17:50:55 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\OpenOffice.org2 2007-05-10 14:19:37 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\FRITZ! 2007-04-03 19:53:36 -------- d-----w C:\Programme\FeedReader30 2007-03-25 09:34:29 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\Sonic 2007-03-25 09:34:18 -------- d-----w C:\DOKUME~1\MATHIA~1\ANWEND~1\Leadertech 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 10:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll 2007-03-15 10:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll 2007-03-09 10:55:15 -------- d-----w C:\Programme\Final Draft Tagger 2007-03-09 10:55:15 -------- d-----w C:\Programme\Final Draft 7 2007-03-09 10:54:52 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Programme\Java\jre1.5.0_11\bin\ssv.dll" "{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}"="C:\Programme\Video ActiveX Access\iesplg.dll" "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\programme\google\googletoolbar3.dll" "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Programme\Windows Live Toolbar\msntb.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "nwiz"="nwiz.exe /installquiet /nodetect" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "HP Software Update"="C:\\Programme\\Hp\\HP Software Update\\HPWuSchd2.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Programme\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "QPService"="\"C:\\Programme\\HP\\QuickPlay\\QPService.exe\"" "eabconfg.cpl"="C:\\Programme\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "Cpqset"="C:\\Programme\\HPQ\\Default Settings\\cpqset.exe" "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "AVMWlanClient"="C:\\Programme\\avmwlanstick\\FRITZWLANMini.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{fa4fbf53-c766-4622-8011-a87a805eebf0}"="C:\WINDOWS\system32\antzozc.dll" [x] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\User_Feed_Synchronization-{25C9B8F7-1D4F-488C-ABCA-C84751A495B8}.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 20:55:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programme\HPQ\Default Settings\cpqset.exe???????????????????|?????? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-10 20:55:58 C:\ComboFix-quarantined-files.txt ... 2007-05-10 20:55