Simon Schneider - 06-09-19 9:30:54.56 Service Pack 2 ComboFix 06.09.14 - Running from: C:\Dokumente und Einstellungen\Simon Schneider\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * * DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\drsmartload2.dat C:\WINDOWS\teller2.chk C:\Programme\network\ipnetwork.exe C:\Programme\Inetget2 C:\Programme\snowball wars ((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 )))))))))))))))))))))))))))))))))) 2006-09-18 21:58 176,128 --a------ C:\WINDOWS\system32\syycum.dll 2006-09-18 21:53 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-19 09:20 13440 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2006-09-19 09:20 -------- d-------- C:\Programme\Mozilla Firefox 2006-09-18 23:23 -------- d-------- C:\Programme\Network 2006-09-18 23:19 -------- d-------- C:\Programme\CleanUp! 2006-09-18 22:50 -------- d-------- C:\Programme\strCodec 2006-09-18 22:46 60416 --a------ C:\WINDOWS\system32\drivers\egmno^wr.sys 2006-09-18 18:50 -------- d-------- C:\Programme\ICQToolbar 2006-09-14 20:16 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-09-10 18:47 -------- d-------- C:\Programme\ICQLite 2006-09-08 21:29 -------- d-------- C:\Programme\Winamp 2006-09-02 18:39 -------- d-------- C:\Programme\eMule 2006-08-30 12:48 -------- d-------- C:\Programme\SFT Loader 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-15 14:56 -------- d-------- C:\Programme\Internet Explorer 2006-08-02 13:33 -------- d-------- C:\Dokumente und Einstellungen\Simon Schneider\Anwendungsdaten\ICQLite 2006-08-02 13:32 -------- d-------- C:\Programme\Miranda IM 2006-08-02 00:02 -------- d-------- C:\Programme\FlashFXP 2006-08-01 23:09 -------- d-------- C:\Dokumente und Einstellungen\Simon Schneider\Anwendungsdaten\FlashFXP 2006-08-01 19:13 72748 --a------ C:\WINDOWS\unins000.exe 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll 2006-06-22 07:06 1441792 --a------ C:\WINDOWS\system32\query.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOLMIcon"="C:\\WINDOWS\\AOLMIcon.exe" "CurbPart"="C:\\DOKUME~1\\SIMONS~1\\ANWEND~1\\CHINRO~1\\fragglue.exe" "algchk.exe"="C:\\WINDOWS\\system32\\algchk.exe" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "Dit"="Dit.exe" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "scr body sixth site"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Funk Does Scr Body\\Memo media.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" "New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoActiveDesktopChanges"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 "NoActiveDesktop"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 "NoViewContextMenu"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "pmsngr.exe"="C:\\Programme\\strCodec\\pmsngr.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "hemadynamometer"="{6076d2b1-634c-4685-843b-f826045ea5dc}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NetPumper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NetPumperIEProxy" "hkey"="HKLM" "command"="\"C:\\Programme\\NetPumper\\NetPumperIEProxy.exe\"" "inimapping"="0" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\ABBE8484910D3954.job Completion time: 19.09.2006 9:34:52.90 ComboFix.txt ComboFix2.txt ComboFix3.txt