"AndreaA" - 07-04-09 19:00:19 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\PROGRA~1\MOZILL~1"
((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))
2007-04-09 18:58 1,171,918 --a------ C:\Programme\ComboFix.exe
2007-04-08 19:33 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-08 19:32 982,577 --a------ C:\Programme\firetune114.exe
2007-04-08 17:24
d-------- C:\DOKUME~1\AndreaA\ANWEND~1\Sun
2007-04-08 11:45 2,152,421 --a------ C:\Programme\tvbrowser-2.5.2.exe
2007-04-07 14:50 d-------- C:\Programme\TV-Browser
2007-04-07 14:50 d-------- C:\DOKUME~1\AndreaA\TV-Browser
2007-04-06 10:53 18,692 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-04-05 21:00 d-------- C:\Programme\RSSOwl
2007-04-05 21:00 d-------- C:\DOKUME~1\AndreaA\.rssowl
2007-03-30 13:46 14,395,816 --a------ C:\Programme\zlsSetup_65_731_000_de.exe
2007-03-10 15:54 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
2007-03-10 15:53 d-------- C:\Programme\QuickTime Alternative
2007-03-10 15:53 d-------- C:\Programme\Media Player Classic
2007-03-10 15:50 12,654,554 --a------ C:\Programme\quicktimealt178.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-09 17:10 663 --a------ C:\Programme\verknpfung mit hijackthis.exe.lnk
2007-04-09 16:17 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-07 18:37 38893 --a------ C:\Programme\smiley_xtra-4.1.1-fx.zip
2007-04-07 14:58 -------- d-------- C:\Programme\limewire
2007-04-07 14:01 -------- d-------- C:\Programme\java
2007-03-25 12:48 48156 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-25 12:48 316594 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-25 15:13 14434 --a------ C:\WINDOWS\mozver.dat
2007-02-25 15:11 -------- d-------- C:\Programme\real
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet"
"NewsBee Private Edition"="\"C:\\Programme\\hhS Siegfried Hirsch\\NewsBee2\\RSS\\NewsBee2.exe\" /nosplash"
"TVgenial"="C:\\Programme\\TVgenial\\TVgenial.exe -d"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"System Failure Statistic"="cnstat.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinDSL MTU-Adjust"="WinDSL_MTU.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"System Failure Statistic"="cnstat.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"System Failure Statistic"="cnstat.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-09 19:03:25
C:\ComboFix-quarantined-files.txt ... 07-04-09 19:03