"Andrea" - 2007-05-31 12:46:25 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Dokumente und Einstellungen\Andrea\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 )))))))))))))))))))))))))))))))))) 2007-05-24 21:42 114,688 --a------ C:\WINDOWS\system32\netlogun.exe 2007-05-22 17:33 d-------- C:\Programme\Lavasoft 2007-05-22 14:45 d-------- C:\DOKUME~1\Andrea\ANWEND~1\Lavasoft 2007-05-08 17:05 d-------- C:\Programme\Kerio 2007-04-02 17:23 512 --a------ C:\ScanSectorLog.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-31 10:27:31 -------- d-----w C:\Programme\Spamihilator 2007-05-31 07:33:24 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-05-30 09:44:12 2,296 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-28 10:16:37 -------- d-----w C:\Programme\Bildverwaltung 2007-05-24 11:04:55 -------- d-----w C:\Programme\Lexmark X1100 Series 2007-05-16 11:49:01 -------- d-----w C:\Programme\ArcorOnline 2007-05-10 06:24:55 -------- d-----w C:\DOKUME~1\Andrea\ANWEND~1\AdobeUM 2007-05-04 14:43:48 -------- d-----w C:\Programme\eMule 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 15:32:57 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-04-03 19:46:48 -------- d-----w C:\Programme\Digipix 2007-03-25 10:41:10 391,000 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-03-25 10:41:09 63,580 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 19:05:30 35,504 ---ha-w C:\WINDOWS\system32\mlfcache.dat 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar2.dll [2007-01-20 00:55] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\Windows Live Toolbar\msntb.dll [2006-10-11 00:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-21 18:16] "SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48] "CHotKey"="mHotkey.exe" [] "Laser mouse"="C:\Programme\Laser Center\Laser Sensor Mouse\Panel.exe" [2005-06-20 13:15] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2002-01-01 17:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wetterde.newstool"="C:\Programme\wetterde\wettermelder.exe" [2006-02-21 13:56] "Spamihilator"="C:\Programme\Spamihilator\spamihilator.exe" [2007-01-24 15:49] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57] "TuneUp MemOptimizer"="C:\Programme\TuneUp Utilities\MemOptimizer.exe" [2002-11-13 14:20] "swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-15 21:40] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] C:\Programme\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] ~"C:\Programme\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarAgent] C:\Programme\phonostar\ps_agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer] C:\Programme\phonostar\ps_timer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" /background "Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" "SweetIM"=C:\Programme\Macrogaming\SweetIM\SweetIM.exe "PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "zango"="c:\programme\zango\zango.exe" "SweetIM"=C:\Programme\Macrogaming\SweetIM\SweetIM.exe "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup "InCD"=C:\Programme\Ahead\InCD\InCD.exe "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-05-18 15:15:01 C:\WINDOWS\tasks\1-Klick-Wartung.job 2007-05-31 10:25:11 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job 2007-05-31 10:01:03 C:\WINDOWS\tasks\HP Usg Daily.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 13:04:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-31 13:11:33 --- E O F ---