"AndreaA" - 07-04-09 19:00:19 Service Pack 2 ComboFix 07-04-05 - Running from: "C:\PROGRA~1\MOZILL~1" ((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 )))))))))))))))))))))))))))))))))) 2007-04-09 18:58 1,171,918 --a------ C:\Programme\ComboFix.exe 2007-04-08 19:33 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-08 19:32 982,577 --a------ C:\Programme\firetune114.exe 2007-04-08 17:24 d-------- C:\DOKUME~1\AndreaA\ANWEND~1\Sun 2007-04-08 11:45 2,152,421 --a------ C:\Programme\tvbrowser-2.5.2.exe 2007-04-07 14:50 d-------- C:\Programme\TV-Browser 2007-04-07 14:50 d-------- C:\DOKUME~1\AndreaA\TV-Browser 2007-04-06 10:53 18,692 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-04-05 21:00 d-------- C:\Programme\RSSOwl 2007-04-05 21:00 d-------- C:\DOKUME~1\AndreaA\.rssowl 2007-03-30 13:46 14,395,816 --a------ C:\Programme\zlsSetup_65_731_000_de.exe 2007-03-10 15:54 d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer 2007-03-10 15:53 d-------- C:\Programme\QuickTime Alternative 2007-03-10 15:53 d-------- C:\Programme\Media Player Classic 2007-03-10 15:50 12,654,554 --a------ C:\Programme\quicktimealt178.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-09 17:10 663 --a------ C:\Programme\verknpfung mit hijackthis.exe.lnk 2007-04-09 16:17 -------- d-------- C:\Programme\mozilla thunderbird 2007-04-07 18:37 38893 --a------ C:\Programme\smiley_xtra-4.1.1-fx.zip 2007-04-07 14:58 -------- d-------- C:\Programme\limewire 2007-04-07 14:01 -------- d-------- C:\Programme\java 2007-03-25 12:48 48156 --a------ C:\WINDOWS\system32\perfc007.dat 2007-03-25 12:48 316594 --a------ C:\WINDOWS\system32\perfh007.dat 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-25 15:13 14434 --a------ C:\WINDOWS\mozver.dat 2007-02-25 15:11 -------- d-------- C:\Programme\real (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet" "NewsBee Private Edition"="\"C:\\Programme\\hhS Siegfried Hirsch\\NewsBee2\\RSS\\NewsBee2.exe\" /nosplash" "TVgenial"="C:\\Programme\\TVgenial\\TVgenial.exe -d" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "System Failure Statistic"="cnstat.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "WinDSL MTU-Adjust"="WinDSL_MTU.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "System Failure Statistic"="cnstat.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "System Failure Statistic"="cnstat.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-09 19:03:25 C:\ComboFix-quarantined-files.txt ... 07-04-09 19:03