Felix Lehmann - 06-08-26 17:10:38,71 ComboFix 06.08.26BT - Running from: C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Desktop ((((((((((((((((((((((((((((((( Files Created from 2006-07-26 to 2006-08-26 )))))))))))))))))))))))))))))))))) 2006-08-23 17:57 13,844 --a------ C:\WINDOWS\system32\sdlmnjea.exe 2006-08-22 16:55 13,844 --a------ C:\WINDOWS\system32\arktjgbv.exe 2006-08-18 16:47 13,844 --a------ C:\WINDOWS\system32\yxfigbes.exe 2006-08-10 20:26 2,580 --a------ C:\WINDOWS\system32\ebpumwqa.exe 2006-08-10 04:05 12,800 --a------ C:\WINDOWS\system32\WING32.dll 2006-07-26 07:09 65,556 --a------ C:\WINDOWS\system32\cwprxhwu.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-26 17:03 -------- d-------- C:\Programme\Mozilla Firefox 2006-08-26 16:59 -------- d-------- C:\Programme\Opera 2006-08-26 16:51 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Azureus 2006-08-26 16:49 -------- d-------- C:\Programme\Gamers.IRC 2006-08-24 17:49 -------- d-------- C:\Programme\CleanUp! 2006-08-23 13:41 -------- d-------- C:\Programme\Azureus 2006-08-23 02:51 -------- d-------- C:\Programme\PokerStars 2006-08-21 01:21 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Apple Computer 2006-08-19 01:04 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-08-19 01:02 -------- d-------- C:\Programme\QuickTime 2006-08-19 00:50 -------- d-------- C:\Programme\iTunes 2006-08-19 00:49 -------- d-------- C:\Programme\iPod 2006-08-10 15:37 -------- d-------- C:\Programme\Ubisoft 2006-08-09 22:01 -------- d-------- C:\Programme\Internet Explorer 2006-08-09 13:38 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Media Player Classic 2006-08-09 01:02 -------- d-------- C:\Programme\Real Alternative 2006-08-09 01:01 -------- d-------- C:\Programme\Media Player Classic 2006-08-09 01:01 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Real 2006-08-08 18:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-08-05 17:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2006-08-05 17:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2006-08-05 17:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2006-08-05 17:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2006-08-05 08:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-23 11:21 17750 --a------ C:\WINDOWS\system32\xnibmxyv.exe 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-19 19:32 -------- d-------- C:\Programme\ICQLite 2006-07-16 23:41 -------- d-------- C:\Programme\CatchTheSpermUnlimited 2006-07-16 00:57 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Adobe 2006-07-15 23:41 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-07-15 23:34 -------- dr------- C:\Programme\Felix Dateien 2006-07-15 20:23 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\AdobeUM 2006-07-15 20:13 869 --a------ C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\AdobeDLM.log 2006-07-15 20:13 0 --a------ C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\dm.ini 2006-07-15 20:13 -------- d-------- C:\Programme\Adobe 2006-07-15 20:11 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-07-13 16:58 -------- d-------- C:\Programme\Warcraft III 2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2006-07-05 22:53 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-07-05 22:16 71680 --a------ C:\WINDOWS\system32\dcomcfg.exe 2006-07-05 18:35 -------- d-------- C:\Programme\Lavasoft 2006-07-05 18:35 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Lavasoft 2006-07-05 18:28 -------- d-------- C:\Programme\Musik 2006-07-05 12:43 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\IDS_COMPANY 2006-07-01 17:54 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\Ahead 2006-07-01 17:50 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead 2006-07-01 17:39 -------- d-------- C:\Programme\Nero 2006-07-01 15:53 -------- d-------- C:\Programme\CDBurnerXP Pro 3 2006-06-27 20:58 -------- d-------- C:\Programme\Windows Media Player 2006-06-27 20:58 -------- d-------- C:\Programme\mIRC 2006-06-27 20:58 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\LimeWire 2006-06-27 20:16 57868 --a------ C:\WINDOWS\system32\regperf.exe 2006-06-27 20:16 18432 --a------ C:\WINDOWS\system32\winrzf32.dll 2006-06-27 20:13 -------- d-------- C:\Programme\TuneUp Utilities 2006 2006-06-27 20:13 -------- d-------- C:\Dokumente und Einstellungen\Felix Lehmann.MI6-FJXZHGFIEWD\Anwendungsdaten\TuneUp Software 2006-06-27 20:12 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2006-06-02 01:58 4096 --a------ C:\WINDOWS\system32\oodbsrs.dll 2006-06-02 01:56 112128 --a------ C:\WINDOWS\system32\oodbs.exe 2006-06-02 01:52 339456 --a------ C:\WINDOWS\system32\oodag.exe 2006-06-02 01:52 10240 --a------ C:\WINDOWS\system32\oodagrs.dll 2006-06-02 01:50 11264 --a------ C:\WINDOWS\system32\oodagmg.dll 2006-06-01 23:57 9728 --a------ C:\WINDOWS\system32\ootmapi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "SoundMan"="SOUNDMAN.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "*windows update"="wruauclt.exe" "wininet.dll"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] @="iexpl0res.exe" "start uploading"="smsss.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "*windows update"="wruauclt.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cmss"="system.exe" @="iexpl0res.exe" "start uploading"="smsss.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "cmss"="system.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] @="iexpl0res.exe" "start uploading"="smsss.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "*windows update"="wuaurclt.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cmss"="system.exe" @="iexpl0res.exe" "start uploading"="smsss.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "cmss"="system.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] @="iexpl0res.exe" "start uploading"="smsss.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "*windows update"="wuaurclt.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{7916f057-223f-4612-ac84-e882cbe043d4}"="bals" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{EFD771CE-E5AA-40F1-B9B6-035E3C09CFB8}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Microsoft Office.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Felix Lehmann.MI6-FJXZHGFIEWD^Startmenü^Programme^Autostart^Morpheus.lnk] "path"="C:\\Dokumente und Einstellungen\\Felix Lehmann.MI6-FJXZHGFIEWD\\Startmenü\\Programme\\Autostart\\Morpheus.lnk" "backup"="C:\\WINDOWS\\pss\\Morpheus.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Morpheus\\Morpheus.exe -min" "item"="Morpheus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Felix Lehmann.MI6-FJXZHGFIEWD^Startmenü^Programme^Autostart^Mp3tag Quick Pick.lnk] "path"="C:\\Dokumente und Einstellungen\\Felix Lehmann.MI6-FJXZHGFIEWD\\Startmenü\\Programme\\Autostart\\Mp3tag Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\Mp3tag Quick Pick.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Mp3tag\\MP3TAG~1.EXE " "item"="Mp3tag Quick Pick" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Felix Lehmann.MI6-FJXZHGFIEWD^Startmenü^Programme^Autostart^PowerReg Scheduler.exe] "path"="C:\\Dokumente und Einstellungen\\Felix Lehmann.MI6-FJXZHGFIEWD\\Startmenü\\Programme\\Autostart\\PowerReg Scheduler.exe" "backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup" "location"="Startup" "command"="C:\\Dokumente und Einstellungen\\Felix Lehmann.MI6-FJXZHGFIEWD\\Startmenü\\Programme\\Autostart\\PowerReg Scheduler.exe" "item"="PowerReg Scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Felix Lehmann.MI6-FJXZHGFIEWD^Startmenü^Programme^Autostart^Rainlendar.lnk] "path"="C:\\Dokumente und Einstellungen\\Felix Lehmann.MI6-FJXZHGFIEWD\\Startmenü\\Programme\\Autostart\\Rainlendar.lnk" "backup"="C:\\WINDOWS\\pss\\Rainlendar.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\RAINLE~1\\RAINLE~1.EXE " "item"="Rainlendar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iexpl0res" "hkey"="HKLM" "command"="iexpl0res.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Agent" "hkey"="HKLM" "command"="C:\\Programme\\Medion\\PowerCinema\\My_TV\\Agent.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Device] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="socks2" "hkey"="HKLM" "command"="C:\\WINDOWS\\socks2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DXM6Patch_981116] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="p_981116" "hkey"="HKLM" "command"="C:\\WINDOWS\\p_981116.exe /Q:A" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDesktop" "hkey"="HKCU" "command"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KHALMNPR" "hkey"="HKLM" "command"="KHALMNPR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Relay Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kpbavo" "hkey"="HKLM" "command"="kpbavo.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Update Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WkUFind" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplScan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msc32" "hkey"="HKLM" "command"="msc32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PowerStrip] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pstrip" "hkey"="HKLM" "command"="c:\\programme\\powerstrip\\pstrip.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RAM_DEFRAG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RAM_DEFRAG" "hkey"="HKLM" "command"="\"C:\\Programme\\RAM Defrag V2.55\\RAM_DEFRAG.EXE\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StyleXP" "hkey"="HKCU" "command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TBAction] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tbaction" "hkey"="HKLM" "command"="C:\\Programme\\Visual TimeAnalyzer\\tbaction.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TuneUp MemOptimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="memoptimizer" "hkey"="HKCU" "command"="\"C:\\Programme\\TuneUp Utilities 2006\\memoptimizer.exe\" autostart" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WeatherCast] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Weather" "hkey"="HKCU" "command"="\"C:\\Programme\\WeatherCast\\Weather.exe\" /q" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"C:\\Programme\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "TODslService"=dword:00000003 "StarWindService"=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "JMacro"="C:\\Programme\\Journal Macro\\JMacro.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 26.08.2006 17:11:42.17 ComboFix.txt ComboFix2.txt Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\WINDOWS\system32 26.08.2006 17:05 401.372 perfh009.dat 26.08.2006 17:05 62.460 perfc009.dat 26.08.2006 17:05 415.818 perfh007.dat 26.08.2006 17:05 75.116 perfc007.dat 26.08.2006 17:05 966.322 PerfStringBackup.INI 26.08.2006 17:03 54.112 vsconfig.xml 26.08.2006 17:03 2.206 wpa.dbl 26.08.2006 17:02 49.819 nvapps.xml 26.08.2006 17:00 23.280 OODBS.lor 24.08.2006 20:26 3.002 CONFIG.NT 23.08.2006 17:57 13.844 sdlmnjea.exe 22.08.2006 16:55 13.844 arktjgbv.exe 18.08.2006 16:47 13.844 yxfigbes.exe 10.08.2006 20:26 2.580 ebpumwqa.exe 08.08.2006 19:18 143 mcrh.tmp 08.08.2006 18:53 635.520 aswBoot.exe 05.08.2006 08:18 90.112 AVASTSS.scr 03.08.2006 03:22 8.255.912 MRT.exe 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 26.07.2006 07:09 65.556 cwprxhwu.exe 25.07.2006 22:33 615.936 urlmon.dll 25.07.2006 14:10 4.212 zllictbl.dat 23.07.2006 11:21 17.750 xnibmxyv.exe 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 09.07.2006 13:42 42.920 vsutil_loc0407.dll 09.07.2006 13:42 392.824 vsdatant.sys 09.07.2006 13:42 83.960 zlcomm.dll 09.07.2006 13:42 71.672 zlcommdb.dll 09.07.2006 13:42 59.384 vswmi.dll 09.07.2006 13:42 100.344 vsxml.dll 09.07.2006 13:42 71.672 vsregexp.dll 09.07.2006 13:42 440.312 vsutil.dll 09.07.2006 13:42 157.688 vsinit.dll 09.07.2006 13:42 268.280 vspubapi.dll 09.07.2006 13:42 104.440 vsmonapi.dll 09.07.2006 13:42 83.960 vsdata.dll 05.07.2006 22:16 8.192 simpole.tlb 05.07.2006 22:16 71.680 dcomcfg.exe 05.07.2006 12:55 1.057.792 kernel32.dll 05.07.2006 12:42 48.140 ld101.tmp 03.07.2006 16:50 4.286 ot.ico 27.06.2006 20:16 57.868 regperf.exe 27.06.2006 20:16 18.432 winrzf32.dll 26.06.2006 19:40 8.192 rasadhlp.dll 26.06.2006 19:40 148.480 dnsapi.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 10:53 27.136 xpsp3res.dll 20.06.2006 23:32 796.584 libeay32_0.9.6l.dll 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 12.06.2006 20:26 234.368 FNTCACHE.DAT 02.06.2006 01:58 4.096 oodbsrs.dll 02.06.2006 01:56 112.128 oodbs.exe 02.06.2006 01:52 339.456 oodag.exe 02.06.2006 01:52 10.240 oodagrs.dll 02.06.2006 01:50 11.264 oodagmg.dll 01.06.2006 23:57 9.728 ootmapi.dll 01.06.2006 20:47 163.840 jgdw400.dll 01.06.2006 20:47 27.648 jgpl400.dll Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\DOKUME~1\BESITZER\LOKALE~1\Temp 26.08.2006 17:05 240 datFind.zip 26.08.2006 17:03 16.384 ~DF2D69.tmp 26.08.2006 17:03 512 ~DF467.tmp 26.08.2006 17:03 16.384 ~DF454.tmp Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\WINDOWS 26.08.2006 17:02 0 0.log 26.08.2006 17:01 1.575.305 WindowsUpdate.log 26.08.2006 17:01 50 wiaservc.log 26.08.2006 17:01 159 wiadebug.log 26.08.2006 17:01 32.594 SchedLgU.Txt 26.08.2006 17:00 2.048 bootstat.dat 26.08.2006 17:00 912 icssys.log 26.08.2006 03:53 60.416 ALCFDRTM.VER 25.08.2006 18:13 116 NeroDigital.ini 25.08.2006 04:14 1.409 QTFont.for 25.08.2006 04:14 54.156 QTFont.qfn 24.08.2006 21:21 173.976 setupapi.log 24.08.2006 20:35 652 win.ini 24.08.2006 20:35 227 system.ini 24.08.2006 20:29 41.434 WgaNotify.log 24.08.2006 18:15 2.232.808 dp2_log.txt 21.08.2006 02:42 83.853 wmsetup.log 19.08.2006 00:51 950 GEARInstall.log 09.08.2006 22:03 260.593 comsetup.log 09.08.2006 22:03 160.470 ntdtcsetup.log 09.08.2006 22:03 117.091 iis6.log 09.08.2006 22:03 36.846 ocmsn.log 09.08.2006 22:03 1.355 imsins.log 09.08.2006 22:03 300.704 tsoc.log 09.08.2006 22:03 17.544 KB920214.log 09.08.2006 22:03 398.974 ocgen.log 09.08.2006 22:03 38.625 msgsocm.log 09.08.2006 22:03 768.605 FaxSetup.log 09.08.2006 22:03 1.355 imsins.BAK 09.08.2006 22:03 17.317 KB921883.log 09.08.2006 22:03 25.685 updspapi.log 09.08.2006 22:02 17.124 KB922616.log 09.08.2006 22:02 17.570 KB921398.log 09.08.2006 22:02 20.604 KB918899.log 09.08.2006 22:01 12.336 KB920670.log 09.08.2006 22:01 12.591 KB917422.log 09.08.2006 21:58 12.776 KB920683.log 08.08.2006 18:13 0 PowerReg.dat 12.07.2006 02:42 12.097 KB917159.log 12.07.2006 02:42 12.618 KB914388.log 12.07.2006 02:42 10.579 KB916595.log 01.07.2006 16:03 2.583 discwriter.log 01.07.2006 15:59 0 OrangeBurn.log 24.06.2006 19:16 106.508 War3Unin.dat 16.06.2006 13:34 31.833 spupdsvc.log 15.06.2006 23:54 11.021 KB917734.log 15.06.2006 23:53 14.417 KB918439.log 15.06.2006 23:53 14.777 KB917344.log 15.06.2006 23:53 14.552 KB917953.log 15.06.2006 23:53 14.533 KB911280.log 15.06.2006 23:53 17.860 KB916281.log 15.06.2006 23:52 11.758 KB914389.log 08.06.2006 20:02 19.744 KB908531.log 08.06.2006 19:49 13.897 KB904942.log 08.06.2006 19:31 14.483 WGA.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\ 26.08.2006 17:09 0 sys.txt 26.08.2006 17:08 11.406 system.txt 26.08.2006 17:08 435 systemtemp.txt 26.08.2006 17:06 106.481 system32.txt 26.08.2006 16:58 19.044 ComboFix.txt 24.08.2006 21:07 1.620 VundoFix.txt 24.08.2006 20:35 244 boot.ini