Logfile of HijackThis v1.99.1 Scan saved at 07:26:23, on 01.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Medion Info Display\MdionLCM.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Windows Defender\MSASCui.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\NCLAUNCH.EXe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Wolfgang Benetka\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {594A5A50-8345-425A-A584-0C594045B780} - C:\WINDOWS\system32\geedd.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: IESizer - {3CEE9EC1-84F7-11D9-BC7A-000021D3CE1D} - C:\Programme\IESizer\IESizer.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143570829000 O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/1188/defaults/activex/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Wolfgang Benetka - 06-12-01 7:39:28,42 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Wolfgang Benetka\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 )))))))))))))))))))))))))))))))))) 2006-12-01 07:30 d-------- C:\Programme\CleanUp! 2006-11-30 19:52 153,600 --a------ C:\WINDOWS\REGEDIT.COM 2006-11-30 19:52 153,600 --a------ C:\WINDOWS\R.COM 2006-11-30 19:52 140,800 --a------ C:\WINDOWS\system32\T.COM 2006-11-30 19:49 d-------- C:\bases_x 2006-11-30 19:48 d-------- C:\escheck 2006-11-04 21:59 d-------- C:\Programme\QuickTime 2006-11-04 21:58 d-------- C:\Programme\Apple Software Update 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-01 07:38 -------- d-------- C:\Dokumente und Einstellungen\Wolfgang Benetka\Anwendungsdaten\Skype 2006-12-01 07:37 -------- d-------- C:\Programme\Mozilla Firefox 2006-11-26 15:30 -------- d-------- C:\Programme\Diablo II 2006-11-26 15:29 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2006-11-25 16:37 8206 --a------ C:\Dokumente und Einstellungen\Wolfgang Benetka\Anwendungsdaten\wklnhst.dat 2006-11-18 09:21 -------- d-------- C:\Programme\Internet Explorer 2006-11-05 18:23 -------- d-------- C:\Programme\Funkelsteine 3 M - Materialien 2006-11-04 22:00 -------- d-------- C:\Programme\iTunes 2006-11-04 22:00 -------- d-------- C:\Programme\iPod 2006-11-02 08:28 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-10-28 15:31 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-10-28 11:56 -------- d-------- C:\Programme\Warcraft III 2006-10-26 08:01 -------- d-------- C:\Programme\Grisoft 2006-10-26 07:45 -------- d-------- C:\Dokumente und Einstellungen\Wolfgang Benetka\Anwendungsdaten\AVG7 2006-10-26 07:37 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-10-26 07:37 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-10-26 07:37 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-10-14 15:28 -------- d-------- C:\Programme\Windows Defender 2006-10-14 14:29 -------- d-------- C:\Programme\MSXML 4.0 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-04 21:41 -------- d-------- C:\Programme\Spybot - Search & Destroy 2006-10-02 17:29 -------- d-------- C:\Programme\Funkelsteine 3 Sprachbuch 2006-10-01 12:58 -------- d-------- C:\Programme\Free Download Manager 2006-10-01 12:07 -------- d-------- C:\Programme\Lavasoft 2006-10-01 12:07 -------- d-------- C:\Dokumente und Einstellungen\Wolfgang Benetka\Anwendungsdaten\Lavasoft 2006-10-01 11:08 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-01 10:33 678379 ---hs---- C:\WINDOWS\system32\ddeeg.bak1 2006-10-01 10:17 2829 --a------ C:\WINDOWS\War3Unin.pif 2006-10-01 10:17 126976 --a------ C:\WINDOWS\War3Unin.exe 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "SpybotSD TeaTimer"="\"C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="\"RunDLL32.exe\" NvMCTray.dll,NvTaskbarInit" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC" "PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC" "PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\"" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "HP Software Update"="\"C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job Completion time: 06-12-01 7:40:18.32 C:\ComboFix.txt ... 06-12-01 07:40 Verzeichnis von C:\WINDOWS\system32 01.12.2006 07:36 37.469 nvapps.xml 01.12.2006 07:36 2.206 wpa.dbl 01.12.2006 07:05 5.978 The One Ring.log 26.11.2006 15:29 43.520 CmdLineExt03.dll 16.11.2006 06:20 10.474.920 MRT.exe 04.11.2006 14:14 1.245.696 msxml4.dll 29.10.2006 07:58 63.152 perfc009.dat 29.10.2006 07:58 402.542 perfh009.dat 29.10.2006 07:58 417.312 perfh007.dat 29.10.2006 07:58 76.072 perfc007.dat 29.10.2006 07:58 970.772 PerfStringBackup.INI 25.10.2006 19:15 65.536 QuickTimeVR.qtx 25.10.2006 19:15 49.152 QuickTime.qts 16.10.2006 11:40 123.392 xpsp3res.dll 13.10.2006 13:35 146.432 nwprovau.dll 03.10.2006 15:19 287.704 FNTCACHE.DAT 01.10.2006 19:27 688.011 ddeeg.ini 01.10.2006 10:33 678.379 ddeeg.bak1 01.10.2006 10:27 4.286 ot.ico 19.09.2006 15:43 109.360 GEARAspi.dll 14.09.2006 09:39 615.936 urlmon.dll 14.09.2006 09:39 664.576 wininet.dll 14.09.2006 09:39 474.624 shlwapi.dll 14.09.2006 09:39 532.480 mstime.dll 14.09.2006 09:39 39.424 pngfilt.dll 14.09.2006 09:39 146.432 msrating.dll 14.09.2006 09:39 448.512 mshtmled.dll 14.09.2006 09:39 3.075.584 mshtml.dll 14.09.2006 09:39 16.384 jsproxy.dll 14.09.2006 09:39 205.312 dxtrans.dll 14.09.2006 09:39 357.888 dxtmsft.dll 14.09.2006 09:39 96.768 inseng.dll 14.09.2006 09:39 251.392 iepeers.dll 14.09.2006 09:39 55.808 extmgr.dll 14.09.2006 09:39 1.022.976 browseui.dll 14.09.2006 09:39 1.056.256 danim.dll 14.09.2006 09:39 152.064 cdfview.dll 13.09.2006 06:02 1.084.416 msxml3.dll 04.09.2006 07:12 1.494.016 shdocvw.dll Verzeichnis von C:\DOKUME~1\WOLFGA~1\LOKALE~1\Temp 01.12.2006 07:36 16.384 ~DFFD1E.tmp 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 150.741.282.816 Bytes frei Verzeichnis von C:\WINDOWS 01.12.2006 07:42 1.438.780 WindowsUpdate.log 01.12.2006 07:38 349.564 setupapi.log 01.12.2006 07:35 0 0.log 01.12.2006 07:35 3.854 ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt 01.12.2006 07:35 50 wiaservc.log 01.12.2006 07:35 157 wiadebug.log 01.12.2006 07:35 2.048 bootstat.dat 01.12.2006 07:34 32.554 SchedLgU.Txt 30.11.2006 19:52 26 Lic.xxx 18.11.2006 09:22 207.094 comsetup.log 18.11.2006 09:22 97.221 iis6.log 18.11.2006 09:22 33.361 ocmsn.log 18.11.2006 09:22 125.114 ntdtcsetup.log 18.11.2006 09:22 241.284 tsoc.log 18.11.2006 09:22 1.393 imsins.log 18.11.2006 09:22 16.448 KB923980.log 18.11.2006 09:22 30.346 msgsocm.log 18.11.2006 09:22 300.061 ocgen.log 18.11.2006 09:22 610.583 FaxSetup.log 18.11.2006 09:22 1.393 imsins.BAK 18.11.2006 09:22 16.468 KB924270.log 18.11.2006 09:22 43.490 updspapi.log 18.11.2006 09:22 15.643 KB920213.log 18.11.2006 09:21 17.709 KB922760.log 04.11.2006 22:01 121 GEARInstall.log 28.10.2006 12:01 316.640 WMSysPr9.prx 23.10.2006 15:46 46 thumbs.ini 15.10.2006 15:22 116 NeroDigital.ini 14.10.2006 15:01 231.932 setupact.log 14.10.2006 14:26 13.724 KB922819.log 14.10.2006 14:25 11.927 KB924191.log 14.10.2006 14:25 8.968 KB923191.log 14.10.2006 14:25 11.000 KB924496.log 14.10.2006 14:25 10.754 KB923414.log 01.10.2006 13:07 741 win.ini 01.10.2006 10:17 16.966 War3Unin.dat 01.10.2006 10:17 2.829 War3Unin.pif 01.10.2006 10:17 126.976 War3Unin.exe 27.09.2006 17:14 10.551 KB925486.log 13.09.2006 20:01 14.262 KB920685.log 13.09.2006 20:01 15.270 KB920872.log 13.09.2006 20:01 13.586 KB919007.log 13.09.2006 20:01 9.714 KB922582.log Verzeichnis von C:\WINDOWS\Temp 01.12.2006 07:35 2.048 sqlite_LeAOTrPIY2MM3rh 01.12.2006 07:35 0 CLML_AGENT_LOG1.txt 2 Datei(en) 2.048 Bytes 0 Verzeichnis(se), 150.741.266.432 Bytes frei Verzeichnis von C:\WINDOWS\Downloaded Program Files 27.07.2006 12:52 367 LegitCheckControl.inf 08.10.2005 21:56 65 desktop.ini 30.08.2005 12:28 1.701.488 ImageUploader_3.ocx 27.08.2005 12:30 5.065 swflash.inf 29.06.2005 17:17 227 opuc.inf 26.05.2005 03:19 293 muweb.inf 26.05.2005 03:19 291 wuweb.inf 09.02.2005 15:54 1.271 erma.inf 25.11.2004 08:37 337 ImageUploader_3.inf 16.10.2003 13:55 299.008 isusweb.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 12 Datei(en) 2.229.596 Bytes 0 Verzeichnis(se), 150.741.262.336 Bytes frei Verzeichnis von C:\ 01.12.2006 07:49 0 sys.txt 01.12.2006 07:48 845 down.txt 01.12.2006 07:48 336 tmp.txt 01.12.2006 07:47 13.058 system.txt 01.12.2006 07:47 287 systemtemp.txt 01.12.2006 07:45 107.831 system32.txt 01.12.2006 07:40 8.581 ComboFix.txt 01.12.2006 07:34 1.072.156.672 hiberfil.sys 01.12.2006 07:34 1.610.612.736 pagefile.sys 30.11.2006 21:33 50 23990098.$$$ 17.09.2006 15:43 32 VDFS.DMP