Rainer - 06-12-26 21:22:11,09 Service Pack 2 ComboFix 06.11.27 - Running from: "D:\Unzipped\Virus Cleaner\Combofix" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\onoes.exe C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\regedit.com C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\Programme\outlook ((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 )))))))))))))))))))))))))))))))))) 2006-12-25 22:09 d--hs---- C:\Config.Msi 2006-12-25 11:33 d--hs---- C:\Dokumente und Einstellungen\Rainer\Complete 2006-12-11 01:07 d-------- C:\Dokumente und Einstellungen\All Users\Documents 2006-12-11 01:06 d-------- C:\Programme\Sony Ericsson 2006-12-11 01:06 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca 2006-12-11 01:06 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson 2006-12-11 00:42 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys 2006-12-11 00:41 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys 2006-12-10 23:48 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys 2006-12-10 23:47 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2006-12-10 23:47 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys 2006-12-10 23:47 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2006-12-10 23:47 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2006-12-10 23:47 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2006-12-10 23:47 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys 2006-12-10 23:46 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2006-12-10 23:46 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2006-12-10 23:46 5,872 -ra------ C:\WINDOWS\system32\drivers\se27wh.sys 2006-12-10 23:41 d-------- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Teleca 2006-12-10 23:39 d----c--- C:\WINDOWS\system32\DRVSTORE 2006-12-10 23:37 d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared 2006-11-27 10:02 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll 2006-11-27 10:02 d-------- C:\Programme\Lame MP3 Codec 2006-11-27 09:44 65,024 --a------ C:\WINDOWS\IFinst26.exe 2006-11-27 09:44 d-------- C:\Programme\XviD 2006-11-27 09:43 770,048 --a------ C:\WINDOWS\system32\CDDBUISamsung.dll 2006-11-27 09:43 643,072 --a------ C:\WINDOWS\system32\CDDBControlSamsung.dll 2006-11-27 09:43 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSamsung.dll 2006-11-27 09:43 487,424 --a------ C:\WINDOWS\system32\CddbPlaylist2Samsung.dll 2006-11-27 09:43 262 --a------ C:\WINDOWS\system32\SNN_reg.bat 2006-11-27 09:43 249,856 --a------ C:\WINDOWS\system32\CddbPlaylistSamsung.dll 2006-11-27 09:43 225,280 --a------ C:\WINDOWS\system32\SNN_Crypto.dll 2006-11-27 09:43 147,456 --a------ C:\WINDOWS\system32\CddbCleanSamsung.dll 2006-11-27 09:43 139,264 --a------ C:\WINDOWS\system32\CddbMusicIDUISamsung.dll 2006-11-27 09:42 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2006-11-27 09:42 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2006-11-27 09:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2006-11-27 09:42 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2006-11-27 09:42 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll 2006-11-27 09:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2006-11-27 09:42 d-------- C:\Programme\Samsung (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-26 21:37 -------- d-------- C:\Programme\Norton Internet Security 2006-12-26 21:37 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2006-12-26 18:18 -------- d-------- C:\Programme\Mozilla Firefox 2006-12-26 10:18 -------- d-------- C:\Programme\XoftSpy 2006-12-25 23:01 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-12-25 23:01 -------- d-------- C:\Programme\Mobile Phone Manager 2006-12-25 23:01 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-12-25 23:01 -------- d-------- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\XCPCSync.OEM 2006-12-25 11:22 -------- d-------- C:\Programme\LimeWire 2006-12-21 21:06 -------- d-------- C:\Programme\ICQLite 2006-12-18 08:12 -------- d-------- C:\Programme\Internet Explorer 2006-12-18 08:08 -------- d-------- C:\Programme\Outlook Express 2006-12-18 08:08 -------- d-------- C:\Programme\Gemeinsame Dateien\System 2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-30 21:42 -------- d---s---- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft 2006-11-18 18:08 -------- d-------- C:\Programme\MSXML 4.0 2006-11-18 10:29 -------- d-------- C:\Programme\T-Online 2006-11-12 19:28 -------- d-------- C:\Programme\DivX 2006-11-12 19:27 -------- d-------- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\DivX 2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-07 07:53 1080 --a------ C:\WINDOWS\AUTOLNCH.REG 2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\"" "Arcor Online"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "gCac"="C:\\WINDOWS\\gcac.exe" "Arcor Online"="" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe" "XM2002"="C:\\Programme\\IPPS\\XM2002®\\XM2002.exe -auto" "iamapp"="C:\\Programme\\Norton Internet Security\\IAMAPP.EXE" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "YeppStudioAgent"="C:\\Programme\\Samsung\\SamsungMediaStudio4.1\\SamsungMediaStudioAgent.exe" @="" "Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "SpecifyDefaultButtons"=dword:00000000 "Btn_Search"=dword:00000000 "NoBandCustomize"=dword:00000000 "NoToolbarCustomize"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LimeShop\"" "hkey"="HKLM" "command"="javaw -cp \"C:\\Programme\\LimeShop\\System\\Code\" Main lp: \"C:\\Programme\\LimeShop\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\XoftSpy.job Completion time: 06-12-26 21:38:13.78 C:\ComboFix.txt ... 06-12-26 21:38