Nikolaj - 06-09-01 20:13:45.81 ComboFix 06.08.30BT - Running from: C:\Dokumente und Einstellungen\Nikolaj\Desktop\1111 ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\CLSID\{BFC97D7C-16D6-470E-913E-D2204CB8A8A4}] @="" [HKEY_CLASSES_ROOT\CLSID\{BFC97D7C-16D6-470E-913E-D2204CB8A8A4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BFC97D7C-16D6-470E-913E-D2204CB8A8A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BFC97D7C-16D6-470E-913E-D2204CB8A8A4}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{57EF8BC3-519D-46D7-BF7E-A1EE730E3E62}] @="" [HKEY_CLASSES_ROOT\CLSID\{57EF8BC3-519D-46D7-BF7E-A1EE730E3E62}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{57EF8BC3-519D-46D7-BF7E-A1EE730E3E62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{57EF8BC3-519D-46D7-BF7E-A1EE730E3E62}\InprocServer32] @="C:\\WINDOWS\\system32\\FG20DEU.DLL" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{7C08B7C7-F154-465F-B110-66944488A6A6}] @="" [HKEY_CLASSES_ROOT\CLSID\{7C08B7C7-F154-465F-B110-66944488A6A6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7C08B7C7-F154-465F-B110-66944488A6A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7C08B7C7-F154-465F-B110-66944488A6A6}\InprocServer32] @="C:\\WINDOWS\\system32\\myjetoledb40.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{F367EF6C-E975-4E53-8992-BE80A316FA45}] @="" [HKEY_CLASSES_ROOT\CLSID\{F367EF6C-E975-4E53-8992-BE80A316FA45}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F367EF6C-E975-4E53-8992-BE80A316FA45}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F367EF6C-E975-4E53-8992-BE80A316FA45}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{0C428FB8-ED83-404D-A9C4-ED7D363FF955}] @="" [HKEY_CLASSES_ROOT\CLSID\{0C428FB8-ED83-404D-A9C4-ED7D363FF955}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0C428FB8-ED83-404D-A9C4-ED7D363FF955}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0C428FB8-ED83-404D-A9C4-ED7D363FF955}\InprocServer32] @="C:\\WINDOWS\\system32\\ripcfgex.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{390E2789-6F87-4D11-A01F-5E6C4DCE3004}] @="" [HKEY_CLASSES_ROOT\CLSID\{390E2789-6F87-4D11-A01F-5E6C4DCE3004}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{390E2789-6F87-4D11-A01F-5E6C4DCE3004}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{390E2789-6F87-4D11-A01F-5E6C4DCE3004}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{2C85911A-59CD-4982-A29A-87F631BB6935}] @="" [HKEY_CLASSES_ROOT\CLSID\{2C85911A-59CD-4982-A29A-87F631BB6935}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2C85911A-59CD-4982-A29A-87F631BB6935}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2C85911A-59CD-4982-A29A-87F631BB6935}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\system32\avptif.dll C:\WINDOWS\system32\azao0193e.dll C:\WINDOWS\system32\dnro0193e.dll C:\WINDOWS\system32\en2ql1f51.dll C:\WINDOWS\system32\ewcapi.dll C:\WINDOWS\system32\FG20DEU.DLL C:\WINDOWS\system32\fgsdrv.dll C:\WINDOWS\system32\g6400ghme64a0.dll C:\WINDOWS\system32\jycript.dll C:\WINDOWS\system32\kgdycc.dll C:\WINDOWS\system32\m8po0i73e8.dll C:\WINDOWS\system32\mhfutil.dll C:\WINDOWS\system32\mjiwave.dll C:\WINDOWS\system32\mlrdim.dll C:\WINDOWS\system32\moisip.dll C:\WINDOWS\system32\mv48l9hu1.dll C:\WINDOWS\system32\myjetoledb40.dll C:\WINDOWS\system32\p08q0al5edq.dll C:\WINDOWS\system32\pgtorec.dll C:\WINDOWS\system32\q0psla771d.dll C:\WINDOWS\system32\ripcfgex.dll C:\WINDOWS\system32\untheme.dll C:\WINDOWS\system32\guard.tmp Granting sedebugprivilege to Administratoren ... successful ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) * * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 2006-09-01 20:06 18432 --a------ C:\WINDOWS\system32\sporder.dll 2006-07-18 21:56 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-07-01 21:00 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2006-07-01 21:00 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2006-07-01 21:00 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * * DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\Install.dat ((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 )))))))))))))))))))))))))))))))))) 2006-08-16 17:15 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE 2006-08-16 17:12 90,112 -ra------ C:\WINDOWS\system32\CNMCP79.exe 2006-08-16 17:12 8,704 --a------ C:\WINDOWS\system32\CNMVS79.DLL 2006-08-16 17:12 140,288 --a------ C:\WINDOWS\system32\CNMLM79.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-01 20:06 18432 --a------ C:\WINDOWS\system32\sporder.dll 2006-09-01 19:49 -------- d-------- C:\Programme\CleanUp! 2006-09-01 16:42 -------- d-------- C:\Programme\Winamp 2006-09-01 02:59 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\Real 2006-08-31 16:59 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\dvdcss 2006-08-31 16:55 -------- d-------- C:\Programme\ImTOO 2006-08-31 16:37 -------- d-------- C:\Programme\XviD 2006-08-30 00:20 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\SolidDocuments 2006-08-20 17:56 -------- d-------- C:\Programme\RadioClickerLite 2006-08-16 17:39 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\CD-LabelPrint 2006-08-16 17:15 -------- d-------- C:\Programme\Canon 2006-08-13 16:14 -------- d-------- C:\Programme\EA Games 2006-08-05 22:18 -------- d-------- C:\Programme\Opera 2006-08-04 20:39 8704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2006-08-04 20:36 -------- d--h----- C:\Programme\Zero G Registry 2006-08-03 21:36 -------- d-------- C:\Programme\SpeedFan 2006-08-02 21:26 -------- d-------- C:\Programme\WinRAR 2006-08-02 20:35 -------- d-------- C:\Programme\TweakNow PowerPack 2006 2006-07-28 19:54 -------- d-------- C:\Programme\Google 2006-07-28 19:38 -------- d-------- C:\Programme\eMule 2006-07-28 19:34 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\dvd mp3 each 2006-07-28 01:26 -------- d-a------ C:\Programme\ICQToolbar 2006-07-27 20:16 -------- d-------- C:\Programme\Call of Duty 2006-07-24 22:53 -------- d-------- C:\Dokumente und Einstellungen\Nikolaj\Anwendungsdaten\gpl tool 2006-07-24 12:06 -------- d-------- C:\Programme\dvd mp3 each 2006-07-18 21:56 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-07-18 21:52 -------- d-------- C:\Programme\SolidDocuments 2006-07-11 20:54 -------- d-------- C:\Programme\ICQLite 2006-07-06 02:22 -------- d-------- C:\Programme\Idigicon 2006-07-06 02:07 -------- d-------- C:\Programme\TweakNow RegCleaner Std 2006-07-06 01:16 -------- d-------- C:\Programme\1-abc 2006-07-01 21:07 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-07-01 21:00 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2006-07-01 21:00 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2006-07-01 21:00 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "Wizard"="" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "FirstSteps"="" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "zBrowser Launcher"="C:\\Programme\\Logitech\\iTouch\\iTouch.exe" "Logitech Utility"="Logi_MwX.Exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "zzzHPSETUP"="D:\\Setup.exe \\RESET" "HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\"" "mmtask"="C:\\Programme\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "HP Software Update"="C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe" "HideBashModePop"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\2defaulthidebash\\IdolThe.exe" "KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PC Booster"="C:\\Programme\\inKline Global\\PC Booster\\pcbooster.exe" "CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "VirtualCloneDrive"="\"C:\\Programme\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s" "GhostSurfDelSatellite"="\"C:\\Programme\\SpyCatcher\\DeleteSatellite.exe\"" "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize" "Jump Does Site One"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Trust Third Jump Does\\ante soft.exe" "Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "GhostSurfDelSatellite"="\"C:\\Programme\\SpyCatcher\\DeleteSatellite.exe\" nowait" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,d4,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,ea,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,ea,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\A843C3EA91807A9E.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-09-01 20:21:27.10 ComboFix.txt