"Tamas Uhrin" - 2007-06-28 19:31:00 - ComboFix 07-06-26.8 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\regedit.com C:\WINDOWS\system32\RunOnce.t__ C:\WINDOWS\system32\RunOnce.tm_ C:\WINDOWS\system32\taskmgr.com ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-28 16:59 d-------- C:\WINDOWS\LastGood 2007-06-28 16:52 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Prevx 2007-06-28 16:51 77,312 --a------ C:\WINDOWS\ua2.dll 2007-06-28 16:51 218,112 --a------ C:\hjth.exe.exe 2007-06-28 14:55 d-------- C:\bases_x 2007-06-28 14:35 d-------- C:\!KillBox 2007-06-28 14:33 d-------- C:\escheck 2007-06-28 13:33 177,375 --a------ C:\escancheck110.sfx.exe 2007-06-28 13:31 73,728 --a------ C:\KillBox.exe 2007-06-28 13:07 d-a------ C:\WINDOWS\zts2.exe 2007-06-28 13:07 d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-06-28 13:07 d-a------ C:\WINDOWS\system32\iifgfgf.dll 2007-06-28 13:07 d-a------ C:\WINDOWS\rundll16.exe 2007-06-28 13:07 d-a------ C:\WINDOWS\rundl132.dll 2007-06-28 13:07 d-a------ C:\WINDOWS\logo1_.exe 2007-06-28 13:03 153,600 --a------ C:\WINDOWS\R.COM 2007-06-28 13:03 140,800 --a------ C:\WINDOWS\system32\T.COM 2007-06-28 12:54 d-------- C:\SpyDoc 2007-06-28 06:45 d-------- C:\Programme\Antispy 2007-06-28 06:43 17,222,416 --a------ C:\antivir_workstation_win7u_de_h.exe 2007-06-28 06:36 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe 2007-06-28 06:36 d-------- C:\Programme\Anispy 2007-06-27 18:57 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-27 18:56 1,090,971 --a------ C:\ComboFix.exe 2007-06-25 22:25 d-------- C:\Programme\Lavasoft 2007-06-25 21:49 d-------- C:\WINDOWS\exefld 2007-06-25 20:17 64,456 --a------ C:\WINDOWS\system32\asycfilt.dll 2007-06-25 19:35 44,032 --a------ C:\WINDOWS\unwash.exe 2007-06-25 19:35 d-------- C:\Programme\washer 2007-06-25 18:52 55,808 --a------ C:\WINDOWS\unSpySweeper.exe 2007-06-25 18:52 d-------- C:\Programme\Webroot 2007-06-24 19:07 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-06-24 18:25 dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-06-24 18:25 dr------- C:\DOKUME~1\ADMINI~1\Favoriten 2007-06-24 18:25 dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien 2007-06-24 18:25 d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2007-06-24 18:25 d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\toshiba 2007-06-24 18:25 d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Symantec 2007-06-24 18:25 d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Sonic 2007-06-24 18:25 d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Help 2007-06-24 18:24 1,310,720 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT 2007-06-24 18:24 dr------- C:\DOKUME~1\ADMINI~1\Startmen 2007-06-24 18:24 d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2007-06-24 18:24 d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-06-24 18:24 d-------- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-06-24 18:15 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-24 17:19 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-24 15:39 d-------- C:\Programme\Enigma Software Group 2007-06-24 02:11 83,456 --a------ C:\WINDOWS\system32\ggf.exe 2007-06-21 14:36 d-------- C:\WINDOWS\system32\fbksrfbj 2007-06-20 22:48 122,884 --a------ C:\WINDOWS\system32\update91010333.exe 2007-06-20 22:48 122,884 --a------ C:\WINDOWS\system32\update33674268.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update77526596.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update77119758.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update62523833.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update44105609.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update21677000.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update18561603.exe 2007-06-20 22:47 122,884 --a------ C:\WINDOWS\system32\update13428241.exe 2007-06-10 20:16 d-------- C:\DOKUME~1\TAMASU~1\ANWEND~1\Skype 2007-06-10 20:15 d-------- C:\Programme\Skype 2007-06-10 20:15 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype 2007-06-02 21:10 d-------- C:\DOKUME~1\TAMASU~1\ANWEND~1\dvdcss (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 17:21:55 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-06-28 15:08:28 -------- d-----w C:\Programme\Norton Internet Security 2007-06-28 10:53:55 -------- d-----w C:\Programme\Spiele 2007-06-28 10:49:20 122,884 ----a-w C:\WINDOWS\system32\update00822631.exe 2007-06-26 12:36:55 -------- d-----w C:\Programme\emule 2007-06-25 18:34:08 -------- d-----w C:\Programme\Security Task Manager 2007-06-25 18:17:12 1,384,478 ----a-w C:\WINDOWS\system32\msvbvm60.dll 2007-06-20 20:45:08 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1901.sys 2007-06-03 15:12:55 -------- d-----w C:\Programme\Brennprogramme 2007-05-23 17:36:30 -------- d-----w C:\Programme\CHEMIE 2007-05-03 15:57:26 1,796 ----a-w C:\DOKUME~1\TAMASU~1\ANWEND~1\wklnhst.dat 2007-05-02 19:02:35 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-05-02 19:02:35 -------- d-----w C:\Programme\PDF Editor 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [2005-05-18 17:21] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar1.dll [2006-10-17 16:04] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-05-12 15:40] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 23:44] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 23:43] "Toshiba Hotkey Utility"="C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-27 03:14] "SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 11:01] "PadTouch"="C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56] "URLLSTCK.exe"="C:\Programme\Norton Internet Security\UrlLstCk.exe" [2005-05-06 04:27] "!AVG Anti-Spyware"="C:\Programme\Anispy\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:05] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programme\Anispy\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] ~~\SafeBoot\Minimal\Base ~~\SafeBoot\Minimal\Boot Bus Extender ~~\SafeBoot\Minimal\Boot file system ~~\SafeBoot\Minimal\dmboot.sys ~~\SafeBoot\Minimal\dmio.sys ~~\SafeBoot\Minimal\dmload.sys ~~\SafeBoot\Minimal\dmserver ~~\SafeBoot\Minimal\File system ~~\SafeBoot\Minimal\Filter ~~\SafeBoot\Minimal\PCI Configuration ~~\SafeBoot\Minimal\Primary disk ~~\SafeBoot\Minimal\RpcSs ~~\SafeBoot\Minimal\SCSI Class ~~\SafeBoot\Minimal\sermouse.sys ~~\SafeBoot\Minimal\System Bus Extender ~~\SafeBoot\Minimal\vga.sys ~~\SafeBoot\Minimal\vgasave.sys ~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F} [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "Malware Sweeper"=C:\Programme\MalwareSweeper.com\MalwareSweeper\MalSwep.exe "gf1.0.0.2"=C:\WINDOWS\system32\ggf.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PE2CKFNT SE"=C:\Programme\FotoExpress\ChkFont.exe "DAEMON Tools"="C:\Programme\Daemon\daemon.exe" -lang 1033 "ICQ Lite"="C:\Programme\ICQLite\ICQLite\ICQLite.exe" -minimize "BigDog305"=C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "iTunesHelper"="C:\Programme\MSN Messenger\iTunesHelper.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\RunGame.exe *Newly Created Service* - PXRDDRIVER *Newly Created Service* - ROSA Contents of the 'Scheduled Tasks' folder 2007-06-28 16:00:02 C:\WINDOWS\tasks\At19.job 2007-05-25 18:00:23 C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - Tamas Uhrin.job 2007-06-28 13:59:03 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 19:33:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\hldrrr.exe scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"="C:\\Dokumente und Einstellungen\\Tamas Uhrin\\Anwendungsdaten\\hidires\\hidr.exe" "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" Completion time: 2007-06-28 19:34:11 C:\ComboFix-quarantined-files.txt ... 2007-06-28 19:34 --- E O F ---