ComboFix 07-06-18.2 - I:\Antiviren\ComboFix.exe "Benning" - 2007-06-22 14:35:00 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\runtime2.sys ((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 ))))))))))))))))))))))))))))))) 2007-06-22 12:18 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-06-22 12:18 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-06-22 08:07 d-------- C:\WINDOWS\system32\LogFiles 2007-06-22 07:50 d-------- C:\Programme\HJT 2007-06-22 07:32 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-19 15:04 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-06-19 15:04 3,370,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-06-19 15:04 d----c--- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Kaspersky Lab 2007-06-19 15:02 d-------- C:\Programme\Kaspersky 2007-06-01 11:58 d-------- C:\Programme\Gemeinsame Dateien\Application 2007-06-01 11:58 d-------- C:\Programme\Gemeinsame Dateien\Ankiro 2007-06-01 11:58 d-------- C:\DOKUME~1\Benning\ANWEND~1\SPAMfighter 2007-06-01 11:57 d-------- C:\Programme\SPAMfighter 2007-05-31 09:57 d-------- C:\WINDOWS\pss 2007-05-25 10:34 0 --a------ C:\WINDOWS\ogx5r1bglo.dat 2007-05-24 15:56 16 --a------ C:\WINDOWS\hfs.dat 2007-05-22 20:30 d-------- C:\DOKUME~1\Benning\ANWEND~1\ICQ Toolbar (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-22 10:00:45 -------- d-----w C:\DOKUME~1\Benning\ANWEND~1\Skype 2007-05-31 15:37:43 63,580 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-31 15:37:43 391,000 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-05-31 12:54:59 -------- d-----w C:\Programme\EA SPORTS 2007-05-23 17:31:25 -------- d-----w C:\Programme\MSN Messenger 2007-05-20 18:45:41 16 ----a-w C:\WINDOWS\fdd.dat 2007-05-20 18:45:28 4 ----a-w C:\WINDOWS\system32\panmavic.dat 2007-05-16 11:55:18 16 ----a-w C:\WINDOWS\gdf.dat 2007-05-14 13:19:46 44 ----a-w C:\WINDOWS\system32\p2hhr.bat 2007-05-11 13:36:13 0 ----a-w C:\WINDOWS\vg8iqb.dll 2007-05-07 14:57:34 1,098,648 ----a-w C:\WINDOWS\system32\FreeImage.dll 2007-05-06 15:24:40 -------- d-----w C:\DOKUME~1\Benning\ANWEND~1\SopCast 2007-04-23 13:13:34 3,144,800 ----a-w C:\WINDOWS\ftxl.pif ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=F:\Programme\ICQToolbar\toolbaru.dll [2006-12-25 10:40] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29] {9CB65201-89C4-402c-BA80-02D8C59F9B1D}=C:\Programme\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL [2007-04-08 19:27] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\Windows Live Toolbar\msntb.dll [2006-10-11 00:26] {FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Programme\AskTBar\bar\2.bin\ASKTBAR.DLL [2007-04-08 19:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Programme\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE] "nwiz"="nwiz.exe" [2004-08-25 11:14 C:\WINDOWS\system32\nwiz.exe] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 17:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 08:16] "iSaverCtrl"="C:\Programme\iSaver\iSaverCtrl.exe" [2005-01-19 17:32] "ICQ Lite"="F:\Programme\ICQLite\ICQLite.exe" [2007-05-25 11:05] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-02-20 21:51] "SPAMfighter Agent"="C:\Programme\SPAMfighter\SFAgent.exe" [2007-05-07 16:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spamihilator"="F:\Anti-Viren\Spamihilator\spamihilator.exe" [2007-01-24 15:49] "Skype"="F:\Programme\Phone\Skype.exe" [2006-08-14 18:39] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-05-25 10:33] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=F:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{C7F76815-E647-4BCE-B21A-600CE626E5D8}"="C:\WINDOWS\system32\nvstatld.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\brwmgr] brwmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfgmgr] jfgmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\panmavic] C:\WINDOWS\system32\panmavic.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\slbipsch] C:\WINDOWS\system32\slbipsch.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swfmgr] swfmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vadmgr] vadmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmvmgr] wmvmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asedwes] C:\WINDOWS\system32\winvnkfi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpssystem] C:\WINDOWS\system32\smdlsset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cxsemse] C:\WINDOWS\system32\winvnkfi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "F:\Programme\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllcvss] C:\WINDOWS\system32\winvnkfi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmicss] C:\WINDOWS\system32\netwsmlx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\expcrt] C:\WINDOWS\system32\liscrts.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idmlcs] C:\WINDOWS\system32\rdlnldxc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idmlssp] C:\WINDOWS\system32\winvnkfi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfgdiag] C:\WINDOWS\system32\jfgconf.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbdmisd] reghpveg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MnEx32] C:\WINDOWS\system32\svhst32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playscl] C:\WINDOWS\system32\rdlnldxc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdkeylib] C:\WINDOWS\system32\sedkeyss.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smiproc] C:\WINDOWS\system32\ldmprocs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swfdiag] C:\WINDOWS\system32\swfconf.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67389be4-64bd-11d9-84ae-00112f436c7d}] AutoRun\command- I:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5e50f10-808e-11da-84e1-00112f436c7d}] AutoRun\command- K:\setupSNK.exe Contents of the 'Scheduled Tasks' folder 2006-11-07 13:42:14 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job 2006-12-13 21:06:23 C:\WINDOWS\tasks\PMCS_Wakeup633016443835000000.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-22 14:46:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-22 14:50:16 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-22 14:50 C:\ComboFix2.txt ... 2007-06-22 07:45 --- E O F ---