Critical System Error :-(Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
20.10.2006, 21:57
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
21.10.2006, 01:26
Ehrenmitglied
 Beiträge: 29434 |
#2
Lines21
1. scanne mit smitfraudfix - Option 1 und 2 (poste hier beide scanreporte) http://virus-protect.org/artikel/tools/smitfrautfix.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log , was vom avenger, nach neustart erscheint + poste noch mal die 6 logs von datfindbat - bis August 2006 ________ Fixe mit dem hijackThis: Zitat O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.10.2006, 12:48
...neu hier
Themenstarter Beiträge: 6 |
#3
hallo nochmal,
habe alles nach Anweisung befolgt und hier nun meine neuen Logs: SmitFraudFix v2.112 Scan done at 11:58:45,40, Sa 21.10.2006 Run from C:\Dokumente und Einstellungen\Apse\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\kernels64.exe Deleted C:\WINDOWS\system32\lfd.dat Deleted C:\WINDOWS\system32\msvol.tlb Deleted C:\WINDOWS\system32\ncompat.tlb Deleted C:\WINDOWS\system32\oiso.bin Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\taskdir.exe Deleted C:\WINDOWS\system32\taskdir~.exe Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\vxgamet?.exe Deleted C:\WINDOWS\system32\vxh8jkdq?.exe Deleted C:\WINDOWS\system32\winmuse.exe Deleted C:\WINDOWS\system32\zlbw.dll Deleted C:\DOKUME~1\Apse\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.112 Scan done at 11:58:45,40, Sa 21.10.2006 Run from C:\Dokumente und Einstellungen\Apse\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\kernels64.exe Deleted C:\WINDOWS\system32\lfd.dat Deleted C:\WINDOWS\system32\msvol.tlb Deleted C:\WINDOWS\system32\ncompat.tlb Deleted C:\WINDOWS\system32\oiso.bin Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\taskdir.exe Deleted C:\WINDOWS\system32\taskdir~.exe Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\vxgamet?.exe Deleted C:\WINDOWS\system32\vxh8jkdq?.exe Deleted C:\WINDOWS\system32\winmuse.exe Deleted C:\WINDOWS\system32\zlbw.dll Deleted C:\DOKUME~1\Apse\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rwlaxqik ******************* Script file located at: \??\C:\WINDOWS\mqtrujop.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\Programme\VVSN not found! Deletion of folder C:\Programme\VVSN failed! Could not process line: C:\Programme\VVSN Status: 0xc0000034 Folder C:\Programme\IntertopsMPP deleted successfully. Folder C:\Programme\PokerAce Hud deleted successfully. Folder C:\Program Files\Media Access not found! Deletion of folder C:\Program Files\Media Access failed! Could not process line: C:\Program Files\Media Access Status: 0xc0000034 Folder c:\windows\temp\adware not found! Deletion of folder c:\windows\temp\adware failed! Could not process line: c:\windows\temp\adware Status: 0xc0000034 Folder C:\Programme\PartyBingo not found! Deletion of folder C:\Programme\PartyBingo failed! Could not process line: C:\Programme\PartyBingo Status: 0xc0000034 Folder C:\Programme\Security Toolbar not found! Deletion of folder C:\Programme\Security Toolbar failed! Could not process line: C:\Programme\Security Toolbar Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Absolute Poker deleted successfully. Completed script processing. ******************* Finished! Terminate. 15.09.2006 12:49 248 systemdrv32.aso 08.09.2006 15:28 63.119 ipod.raw.exe 08.09.2006 15:28 4 winsub.xml 07.09.2006 12:54 57.384 avsda.dll 29.08.2006 19:43 135.168 swreg.exe 27.04.2006 17:49 288.417 SrchSTS.exe 31.03.2006 11:09 311.604 perfh009.dat 31.03.2006 11:09 39.992 perfc009.dat edit |
|
|
|
|
|
|
21.10.2006, 15:27
Ehrenmitglied
Beiträge: 29434 |
#4
1.Avenger
Zitat Files to delete:2. poste noch mal die 6 logs von datfindbat, vergiss nicht, wenn ich schreibe - vom Datum her bis bis August 2006, so bedeutet das nicht bis 2003  und es sind 6 logs, nicht nur eins dann finde ich auch den report vom avenger sehr eigenartig...hast du nur die programme reinkopiert ??? du solltest das komplette script - siehe oben reinkopieren...wenn du nicht korrekt arbeitest, kann ich dir nicht helfen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.10.2006, 16:02
...neu hier
Themenstarter Beiträge: 6 |
#5
tach,
so jetzt nochmal, erst die 6 logs system 32 log: 29.08.2006 19:43 135.168 swreg.exe 27.04.2006 17:49 288.417 SrchSTS.exe 31.03.2006 11:09 311.604 perfh009.dat 31.03.2006 11:09 39.992 perfc009.dat 31.03.2006 11:09 316.594 perfh007.dat 31.03.2006 11:09 48.156 perfc007.dat 31.03.2006 11:09 723.808 PerfStringBackup.INI 30.03.2006 17:16 108.600 FNTCACHE.DAT 15.01.2006 01:50 3.292 qtplugin.log 09.01.2006 10:36 40.960 swsc.exe 06.10.2005 14:16 3.799 jupdate-1.5.0_04-b05.log 13.08.2005 17:53 1.744 d3d9caps.dat 09.06.2005 23:14 1.300.312 MRT.exe 07.06.2005 12:50 608.448 COMCTL32.OCX 06.06.2005 17:28 269 spupdwxp.log 04.06.2005 11:03 2.150 ssmute.ini 03.06.2005 03:52 127.078 javaws.exe 03.06.2005 03:52 49.265 jpicpl32.cpl 03.06.2005 02:24 49.250 javaw.exe 03.06.2005 02:24 49.248 java.exe 27.05.2005 04:04 155.136 itircl.dll 27.05.2005 04:04 137.216 itss.dll 27.05.2005 04:04 546.304 hhctrl.ocx 27.05.2005 04:04 41.472 hhsetup.dll 26.05.2005 04:19 178.408 muweb.dll 26.05.2005 04:16 18.200 wups2.dll 26.05.2005 04:16 1.343.768 wuaueng.dll 26.05.2005 04:16 41.240 wups.dll 26.05.2005 04:16 173.536 wuweb.dll 26.05.2005 04:16 198.424 iuengine.dll 26.05.2005 04:16 75.544 cdm.dll 26.05.2005 04:16 174.872 wuauclt1.exe 26.05.2005 04:16 466.200 wuapi.dll 26.05.2005 04:16 174.872 wuaucpl.cpl 26.05.2005 04:16 194.840 wuaueng1.dll 26.05.2005 04:16 128.280 wucltui.dll 26.05.2005 04:16 124.696 wuauclt.exe 17.05.2005 02:42 17.408 xpsp3res.dll 11.05.2005 04:30 78.336 telnet.exe 06.05.2005 15:01 3.069 jupdate-1.5.0_02-b09.log 04.05.2005 14:45 271.360 msihnd.dll 04.05.2005 14:45 884.736 msimsg.dll 04.05.2005 14:45 15.360 msisip.dll 04.05.2005 14:45 78.848 msiexec.exe 04.05.2005 14:45 2.890.240 msi.dll 02.05.2005 22:56 663.552 wininet.dll 02.05.2005 22:56 605.696 urlmon.dll 02.05.2005 22:56 474.112 shlwapi.dll 02.05.2005 22:56 1.484.288 shdocvw.dll 02.05.2005 22:56 3.011.072 mshtml.dll 02.05.2005 22:56 448.512 mshtmled.dll 02.05.2005 22:56 39.424 pngfilt.dll 02.05.2005 22:56 146.432 msrating.dll 02.05.2005 22:56 250.880 iepeers.dll 02.05.2005 22:56 96.768 inseng.dll 02.05.2005 22:56 152.064 cdfview.dll 02.05.2005 22:56 1.019.904 browseui.dll 17.03.2005 18:20 21.840 SIntfNT.dll 17.03.2005 18:20 17.212 SIntf32.dll 17.03.2005 18:20 12.067 SIntf16.dll 17.03.2005 17:28 25.065 wmpscheme.xml 02.03.2005 20:09 291.840 winsrv.dll 02.03.2005 20:09 56.832 authz.dll 02.03.2005 20:09 578.560 user32.dll 02.03.2005 20:06 2.181.632 ntoskrnl.exe 02.03.2005 20:06 2.059.136 ntkrnlpa.exe 02.03.2005 20:06 1.836.416 win32k.sys 01.03.2005 12:19 96.768 UnPoker.exe 01.03.2005 01:11 8.491.008 shell32.dll 25.02.2005 05:34 15.584 spmsg.dll 25.02.2005 05:34 22.752 spupdsvc.exe 27.01.2005 07:04 0 atlfz.dll 26.01.2005 04:14 0 addak.exe 23.01.2005 10:02 0 atlvw32.exe 19.01.2005 10:10 133 s.bat 19.01.2005 05:00 0 appxq.exe 18.01.2005 11:46 0 mfcyr.exe 18.01.2005 08:35 0 atlre.exe 18.01.2005 05:34 4.402 cnhbr.txt 17.01.2005 12:58 0 atlnb.exe 15.01.2005 00:36 0 crnx32.dll 14.01.2005 10:57 395.776 rpcss.dll 14.01.2005 10:57 74.752 olecli32.dll 14.01.2005 10:57 37.888 olecnv32.dll 14.01.2005 10:57 1.285.120 ole32.dll 13.01.2005 15:04 0 appyy32.exe 11.01.2005 16:50 0 appyl32.exe 10.01.2005 18:02 0 addmd32.exe 10.01.2005 04:54 3.547 cyhwl.log 08.01.2005 08:47 0 iegc.exe 07.01.2005 14:11 0 crxj32.exe 04.01.2005 08:03 0 crlk.exe 27.12.2004 19:10 3.537 jrrqf.txt 07.12.2004 21:33 96.768 srvsvc.dll 24.11.2004 03:00 49.664 avmadd32.dll 17.11.2004 19:42 356.352 hypertrm.dll 16.11.2004 23:17 68.608 hlink.dll 09.11.2004 21:36 225.280 AOLDial.dll 29.10.2004 17:50 262.144 nvwrscs.dll 29.10.2004 17:50 258.048 nvwrsar.dll 29.10.2004 17:50 303.104 nvwrsesm.dll 29.10.2004 17:50 278.528 nvwrsfi.dll 29.10.2004 17:50 299.008 nvwrsfr.dll 29.10.2004 17:50 258.048 nvwrshe.dll edit Dieser Beitrag wurde am 21.10.2006 um 16:13 Uhr von Lines21 editiert.
|
|
|
|
|
|
|
21.10.2006, 16:11
Ehrenmitglied
Beiträge: 29434 |
#6
jetzt postest du sogar die Daten von 2001
- poste also die daten bis januar 2005 die restliche 5 logs__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.10.2006, 16:19
...neu hier
Themenstarter Beiträge: 6 |
#7
du bringst mich ja ganz durcheinander! ;-) du schreibst bis dann und dann. schreib doch einfach ab dann und dann dann hätte ich dich auch eher verstanden. Aber macht ja nichts. und zu meinen Logs: habe sie alle abgeschickt aber war wohl zu groß, wurde keine 2 Seite aufgemacht.
|
|
|
|
|
|
|
21.10.2006, 16:24
Ehrenmitglied
Beiträge: 29434 |
#8
von mir aus poste alle Daten von deinem Rechner ..als Anhang (siehe unten)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.10.2006, 16:26
...neu hier
Themenstarter Beiträge: 6 |
#9
hier die fünf anderen :
systemtemp: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3470-440F Verzeichnis von C:\DOKUME~1\Apse\LOKALE~1\Temp 21.10.2006 12:44 4 PMShared 21.10.2006 12:35 49.152 ~DF7447.tmp 21.10.2006 12:33 16.384 Perflib_Perfdata_b0.dat 21.10.2006 12:18 49.152 ~DF7EAE.tmp system: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3470-440F Verzeichnis von C:\WINDOWS 21.10.2006 12:55 211 wiadebug.log 21.10.2006 12:42 775 win.ini 21.10.2006 12:30 0 0.log 21.10.2006 12:29 1.449.062 WindowsUpdate.log 21.10.2006 12:29 50 wiaservc.log 21.10.2006 12:28 2.048 bootstat.dat 21.10.2006 12:27 32.548 SchedLgU.Txt 21.10.2006 12:00 120 setupact.log 21.10.2006 11:58 0 setuperr.log 21.10.2006 11:58 111.246 ntbtlog.txt 21.10.2006 11:56 596 EventSystem.log 20.10.2006 14:48 15.872 notepad32.exe 20.10.2006 14:11 13.568 mtwirl32.dll 20.10.2006 14:11 20.992 avpcc.dll 20.10.2006 12:04 25.088 spp3.dll 20.10.2006 12:03 18.432 wininet32.exe 20.10.2006 12:03 29.440 runwin32.exe 20.10.2006 12:03 24.320 dialup.exe 20.10.2006 12:03 8.960 y.exe 20.10.2006 12:03 9.216 xxxvideo.hta 20.10.2006 12:03 25.344 xplugin.dll 20.10.2006 12:03 30.976 x.exe 20.10.2006 12:03 17.408 winmgnt.exe 20.10.2006 12:03 13.824 window.exe 20.10.2006 12:03 8.192 winajbm.dll 20.10.2006 12:03 28.416 win64.exe 20.10.2006 12:03 17.920 win32e.exe 20.10.2006 12:03 32.512 waol.exe 20.10.2006 12:03 27.648 users32.exe 20.10.2006 12:03 12.544 time.exe 20.10.2006 12:03 19.968 systemcritical.exe 20.10.2006 12:03 26.368 systeem.exe 20.10.2006 12:03 17.408 olehelp.exe 20.10.2006 12:03 9.216 cpan.dll 20.10.2006 12:03 23.552 clrssn.exe 20.10.2006 12:03 31.232 astctl32.ocx 20.10.2006 12:02 25.344 accesss.exe 20.10.2006 12:02 12.032 inetdctr.dll 08.09.2006 15:31 54.156 QTFont.qfn 04.08.2006 11:06 6.917 mozver.dat 09.07.2006 02:13 192 winamp.ini 07.07.2006 15:49 4 pcup23467.dat 03.07.2006 19:15 1.409 QTFont.for 08.02.2006 20:49 107.134 UninstallFirefox.exe 12.01.2006 15:28 11.642 ModemLog_MicroLink 56k Internet c PnP.txt 29.12.2005 20:35 29.449 hpoins03.dat 29.12.2005 20:25 0 Sti_Trace.log 07.12.2005 12:37 4 bytespersecond.dat 19.10.2005 16:10 4 rfk5.bin 07.09.2005 10:55 40 ujf635.bin 07.09.2005 10:53 4 mjf735.bin 22.06.2005 12:04 32 pavsig.txt 06.06.2005 17:32 316.640 WMSysPr9.prx 27.05.2005 01:22 10.752 hh.exe 18.04.2005 18:13 403 ODBC.INI 11.04.2005 10:43 250 system.ini 31.03.2005 13:54 59 pp.enc 15.03.2005 14:06 4.096 d3dx.dat 15.02.2005 14:39 2.337 TGshell.MIF 31.01.2005 19:46 0 test 31.01.2005 19:46 15.872 taskman.exe 31.01.2005 13:26 0 apiby32.exe 30.01.2005 03:09 0 ntqs32.exe 27.01.2005 19:19 0 javapu32.exe 27.01.2005 04:12 4.402 blnph.txt 26.01.2005 12:22 0 d3qw32.exe 26.01.2005 08:04 0 syswi.exe 24.01.2005 20:50 0 d3nx32.exe 24.01.2005 10:18 0 nthg32.exe 23.01.2005 10:28 0 appzl32.exe 21.01.2005 13:44 0 iett.exe 17.01.2005 22:10 617 eReg.dat 17.01.2005 22:10 2 desktop.ini 17.01.2005 22:10 17.336 Angler.bmp 16.01.2005 04:58 0 javawc.exe 15.01.2005 19:05 34.818 wmprfDEU.prx 14.01.2005 15:15 376 mozregistry.dat 14.01.2005 08:23 1.272 Blaue Spitzen 16.bmp 13.01.2005 23:42 3.547 hqokg.dat 12.01.2005 23:19 0 PowerReg.dat 12.01.2005 11:05 17.062 Kaffeetasse.bmp 11.01.2005 13:53 764 reg.prm 07.01.2005 17:57 0 atltd32.exe 07.01.2005 13:11 0 syscz.exe 05.01.2005 04:54 80 explorer.scf 04.01.2005 08:55 4.402 jejtj.dat 02.01.2005 12:24 0 javaay.dll temp: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3470-440F Verzeichnis von C:\WINDOWS\Temp 20.10.2006 21:16 107.540 bt4564.bat 1 Datei(en) 107.540 Bytes 0 Verzeichnis(se), 495.464.448 Bytes frei down Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3470-440F Verzeichnis von C:\WINDOWS\Downloaded Program Files 02.12.2005 12:55 5.101 swflash.inf 26.05.2005 04:19 293 muweb.inf 11.04.2005 12:20 118.784 asinst.dll 23.03.2005 17:12 525 asinst.inf 04.03.2005 04:52 752 jinstall-1_5_0_02.inf 09.02.2005 16:54 1.271 erma.inf sys Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3470-440F Verzeichnis von C:\ 21.10.2006 16:25 0 sys.txt 21.10.2006 16:23 830 down.txt 21.10.2006 16:22 275 tmp.txt 21.10.2006 16:21 7.032 system.txt 21.10.2006 16:20 497 systemtemp.txt 21.10.2006 16:05 106.549 system32.txt 21.10.2006 15:44 328.204.288 pagefile.sys 21.10.2006 12:41 115.976 scan 2.txt 21.10.2006 12:28 133.750.784 hiberfil.sys 21.10.2006 12:28 3.152 avenger.txt 21.10.2006 12:25 1.080 ewpudgri.bat 21.10.2006 12:25 126.976 zip.exe 21.10.2006 12:02 1.459 rapport2.txt 21.10.2006 12:01 1.459 rapport.txt 20.10.2006 21:22 31.877 ComboFix.txt 06.04.2006 16:30 489 ICSYSINF.log 06.02.2006 17:28 1.152 sfflog2.txt 06.02.2006 17:16 2.160 sfflog1.txt 01.08.2005 10:40 155 Delme.bat 06.06.2005 16:22 212 boot.ini 06.06.2005 15:53 47.564 NTDETECT.COM 06.06.2005 15:53 251.184 ntldr 27.03.2005 11:59 4 dllimp_regmsft985 |
|
|
|
|
|
|
21.10.2006, 16:47
Ehrenmitglied
Beiträge: 29434 |
#10
es ist sinnlos, dein Rechner besteht seit Januar 2005 nur aus Viren, das alles rauszusuchen...
und es hat auch keinen Zweck. Deinem Rechner wird es guttun, mal plattgemacht und formatiert zu werden. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.10.2006, 16:49
...neu hier
Themenstarter Beiträge: 6 |
#11
ok, dann wird er formatiert. trotzdem danke für deine Hilfe.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
habe seit heute morgen das Problem mit dem oben genannten Thema. Habe schon selber versucht, hat aber leider licht geklappt. Hoffe Ihr könnt mir helfen. Danke im Vorraus.
Log:
Logfile of HijackThis v1.99.1
Scan saved at 21:08:25, on 20.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\msmapi32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AWMON] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Spiele\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Spiele\Titan Poker\casino.exe
O9 - Extra button: Intertops Poker - {A2AB1320-B1B6-40fd-A694-8197D8596FFD} - C:\Programme\IntertopsMPP\MPPoker.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128594816090
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Apse - 06-10-20 21:11:15.48 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Apse\Desktop"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Dokumente und Einstellungen\Marc Apsitis\Anwendungsdaten\Sskcwrd.dll
C:\Dokumente und Einstellungen\Marc Apsitis\Anwendungsdaten\Sskknwrd.dll
C:\Dokumente und Einstellungen\Marc Apsitis\Anwendungsdaten\Sskuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vxgamet1.exe
((((((((((((((((((((((((((((((( Files Created from 2006-09-20 to 2006-10-20 ))))))))))))))))))))))))))))))))))
2006-10-20 21:17 9,728 --a------ C:\WINDOWS\system32\vxgamet1.exe
2006-10-20 17:05 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-20 17:05 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-20 17:05 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-20 16:37 9,728 --a------ C:\WINDOWS\system32\performent202.dll
2006-10-20 14:48 15,872 --------- C:\WINDOWS\notepad32.exe
2006-10-20 14:11 20,992 --a------ C:\WINDOWS\avpcc.dll
2006-10-20 14:11 13,568 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-20 12:04 9,984 --a------ C:\WINDOWS\system32\VXH8JKDQ6.EXE
2006-10-20 12:04 9,472 --a------ C:\WINDOWS\system32\dload.exe
2006-10-20 12:04 31,488 --a------ C:\WINDOWS\system32\kernels64.exe
2006-10-20 12:04 29,952 --a------ C:\WINDOWS\system32\anti_troj.exe
2006-10-20 12:04 27,904 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-10-20 12:04 25,344 --a------ C:\WINDOWS\system32\POPCORN72.EXE
2006-10-20 12:04 25,344 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-20 12:04 25,088 --a------ C:\WINDOWS\spp3.dll
2006-10-20 12:04 21,504 --a------ C:\WINDOWS\system32\VXH8JKDQ2.EXE
2006-10-20 12:04 19,712 --a------ C:\WINDOWS\system32\perfont.exe
2006-10-20 12:04 17,664 --a------ C:\WINDOWS\system32\netstat2.exe
2006-10-20 12:04 16,640 --a------ C:\WINDOWS\system32\win32hp.dll
2006-10-20 12:04 16,128 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-20 12:04 14,592 --a------ C:\WINDOWS\system32\winmuse.exe
2006-10-20 12:04 10,240 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-20 12:03 9,216 --a------ C:\WINDOWS\cpan.dll
2006-10-20 12:03 8,960 --a------ C:\WINDOWS\y.exe
2006-10-20 12:03 8,192 --a------ C:\WINDOWS\winajbm.dll
2006-10-20 12:03 32,512 --a------ C:\WINDOWS\waol.exe
2006-10-20 12:03 30,976 --a------ C:\WINDOWS\x.exe
2006-10-20 12:03 29,440 --a------ C:\WINDOWS\runwin32.exe
2006-10-20 12:03 28,416 --a------ C:\WINDOWS\win64.exe
2006-10-20 12:03 27,648 --a------ C:\WINDOWS\users32.exe
2006-10-20 12:03 26,368 --a------ C:\WINDOWS\systeem.exe
2006-10-20 12:03 25,344 --a------ C:\WINDOWS\xplugin.dll
2006-10-20 12:03 24,320 --a------ C:\WINDOWS\dialup.exe
2006-10-20 12:03 23,552 --a------ C:\WINDOWS\clrssn.exe
2006-10-20 12:03 19,968 --a------ C:\WINDOWS\systemcritical.exe
2006-10-20 12:03 18,432 --a------ C:\WINDOWS\wininet32.exe
2006-10-20 12:03 17,920 --a------ C:\WINDOWS\win32e.exe
2006-10-20 12:03 17,408 --a------ C:\WINDOWS\winmgnt.exe
2006-10-20 12:03 17,408 --a------ C:\WINDOWS\olehelp.exe
2006-10-20 12:03 13,824 --a------ C:\WINDOWS\window.exe
2006-10-20 12:03 12,544 --a------ C:\WINDOWS\time.exe
2006-10-20 12:02 8,960 --a------ C:\WINDOWS\system32\ace16win.dll
2006-10-20 12:02 25,344 --a------ C:\WINDOWS\accesss.exe
2006-10-20 12:02 12,032 --a------ C:\WINDOWS\inetdctr.dll
2006-10-20 12:01 9,216 --a------ C:\WINDOWS\system32\nhqgisqt.exe
2006-10-20 12:01 8,192 --a------ C:\WINDOWS\system32\sklmnf.exe
2006-10-20 12:01 67,072 --a------ C:\WINDOWS\system32\msmapi32.exe
2006-10-20 12:01 18,432 --a------ C:\WINDOWS\system32\asgp32.dll
2006-10-20 12:01 13,824 --a------ C:\WINDOWS\system32\intr32.dll
2006-10-20 12:01 10,752 --a------ C:\WINDOWS\system32\instreg_tmp.exe
2006-10-20 12:01 0 --a------ C:\WINDOWS\system32\srk_32.exe
2006-10-20 12:01 0 --a------ C:\WINDOWS\system32\7d007.exe
2006-10-19 14:00 5,707 --a------ C:\WINDOWS\system32\vdywohbb.exe
2006-10-12 13:31 6,276 --a------ C:\WINDOWS\system32\fmjxqafp.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-20 17:05 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-10-20 16:52 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-20 14:06 -------- d-------- C:\Programme\IntertopsMPP
2006-10-20 13:04 -------- d-------- C:\Programme\AVPersonal
2006-09-15 11:46 -------- d-------- C:\Programme\PokerAce Hud
2006-09-08 15:29 8980 --a------ C:\WINDOWS\system32\taskdir~.exe
2006-09-08 15:29 46592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-09-08 15:28 63119 --a------ C:\WINDOWS\system32\taskdir.exe
2006-09-08 15:28 63119 --a------ C:\WINDOWS\system32\ipod.raw.exe
2006-08-28 15:56 -------- d-------- C:\Programme\AOL 9.0
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"AWMON"="\"C:\\Programme\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"AVGCtrl"="C:\\Programme\\AVPersonal\\AVGNT.EXE /min"
"Trickler"="\"c:\\windows\\temp\\adware\\fsg_4203.exe\""
"VisualStudio"="C:\\WINDOWS\\cApp.exe /i"
"SheduIer"="C:\\WINDOWS\\shch.exe /i"
"VVSN"="C:\\Programme\\VVSN\\VVSN.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000003
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061020-201025-725
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-201025-552
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20061020-201025-209
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20061020-201025-880
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061020-201025-449
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061020-201025-990
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061020-201025-125
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061020-201025-728
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061020-201025-764
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061020-201025-427
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061020-201025-197
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061020-201025-528
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061020-201025-456
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061020-201025-139
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061020-201025-855
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061020-201025-854
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061020-201025-631
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061020-201025-174
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061020-201025-588
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061020-201025-496
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061020-201025-115
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061020-201025-232
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061020-201025-461
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061020-201025-955
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061020-201025-457
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061020-201025-207
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061020-201025-541
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061020-201025-471
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061020-201025-828
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061020-201025-170
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061020-201025-304
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061020-201025-780
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061020-201025-840
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061020-201025-883
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061020-201025-155
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061020-201025-814
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061020-201025-349
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061020-201024-900
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061020-201024-874
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061020-201024-258
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061020-201024-541
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061020-201024-843
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061020-161159-672
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20061020-161159-110
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-161159-527
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20061020-161159-241
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061020-161159-174
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061020-161159-399
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061020-161159-743
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061020-161159-342
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061020-161159-567
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061020-161159-741
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061020-161159-457
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061020-161159-292
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061020-161159-563
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061020-161159-769
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061020-161159-225
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061020-161159-815
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061020-161159-695
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061020-161159-835
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061020-161159-747
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061020-161159-198
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061020-161159-678
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061020-161159-227
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061020-161159-287
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061020-161159-633
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061020-161159-981
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061020-161159-934
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061020-161159-454
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061020-161159-224
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061020-161159-511
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061020-161159-662
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061020-161159-441
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061020-161159-677
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061020-161159-630
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061020-161159-719
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061020-161159-580
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061020-161159-449
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061020-161159-309
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061020-161159-656
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061020-161159-298
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061020-161159-922
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061020-161159-641
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061020-161159-740
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061020-161017-976
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-160641-121
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-160640-618
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061020-160640-193
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061020-160640-309
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061020-160640-811
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061020-160640-854
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061020-160640-308
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061020-160640-572
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061020-160640-754
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061020-160640-904
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061020-160640-256
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061020-160640-445
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061020-160640-737
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061020-160640-384
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061020-160640-377
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061020-160640-655
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061020-160640-810
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061020-160640-157
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061020-160640-700
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061020-160640-753
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061020-160640-515
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061020-160640-191
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061020-160640-761
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061020-160640-172
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061020-160640-237
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061020-160640-891
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061020-160640-418
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061020-160640-894
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061020-160640-695
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061020-160640-694
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061020-160640-661
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061020-160640-605
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061020-160640-403
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061020-160640-677
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061020-160640-820
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061020-160640-371
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061020-160640-161
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061020-160640-922
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061020-160640-524
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061020-160640-175
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061020-155300-649
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - E:\Spiele\PartyBingo\RunBingo.exe (file missing)
backup-20061020-155259-267
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-154027-299
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
backup-20061020-154022-368
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Spiele\PartyPoker\RunApp.exe
backup-20061020-154027-587
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
backup-20061020-154022-400
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
backup-20061020-154021-499
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061020-154021-498
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061020-154021-325
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061020-154021-717
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061020-154021-920
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061020-154021-128
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061020-154021-741
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061020-154021-380
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061020-154021-840
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061020-154021-751
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061020-154021-941
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061020-154021-960
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061020-154021-932
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061020-154021-563
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061020-154021-519
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061020-154021-476
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061020-154021-277
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061020-154021-501
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061020-154021-470
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061020-154021-500
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061020-154021-363
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061020-154021-890
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061020-154021-323
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061020-154021-205
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061020-154021-558
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
backup-20061020-154021-700
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061020-154021-929
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061020-154021-431
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061020-154021-745
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061020-154021-762
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061020-154021-724
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061020-154021-681
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061020-154021-873
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061020-154021-771
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061020-154021-294
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061020-154021-879
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061020-154021-276
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061020-154021-210
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061020-154021-453
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061020-154021-560
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061020-154021-520
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061020-154021-336
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061020-154021-317
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
backup-20060206-134919-908
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
backup-20060206-134919-577
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20060206-134919-583
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
backup-20060206-134919-760
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20060206-134919-850
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A12B0B-9914-4C45-9392-AFBCBBCE34B6}: NameServer = 205.188.146.145
backup-20060206-134919-477
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20060206-134919-522
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp1CDB.tmp
backup-20060205-132913-766
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20060205-114539-600
O9 - Extra 'Tools' menuitem: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Programme\PartyBingo\bin\IEExtension_PB.dll
backup-20060205-114538-834
O9 - Extra button: partybingo.com - {9CDE474A-A688-48f4-8B49-55CFB2356A6F} - C:\Programme\PartyBingo\bin\IEExtension_PB.dll
backup-20060205-114538-439
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20060205-114451-985
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll
backup-20060205-114451-553
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp3EC1.tmp
backup-20050622-112328-248
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20050622-112328-671
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20050622-112328-643
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\APSE\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)
backup-20050622-112328-895
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
backup-20050607-122032-404
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
backup-20050607-122032-333
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20050607-122032-735
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
backup-20050607-122032-378
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20050607-122032-429
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20050607-122032-243
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20050607-115743-228
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
backup-20050607-115743-639
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
backup-20050604-124721-290
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
backup-20050604-124721-902
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
backup-20050604-124721-627
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
backup-20050604-124721-719
O4 - Startup: DLHelperEXE.exe
backup-20050604-124721-791
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
backup-20050604-124721-993
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
backup-20050604-124721-501
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
backup-20050604-124721-508
O4 - HKLM\..\Run: [VisualStudio] C:\WINDOWS\cApp.exe /i
backup-20050604-124721-121
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpCA70.tmp
backup-20050604-124721-255
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
backup-20050604-124720-808
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
backup-20050604-124721-922
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
backup-20050604-124720-702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1
backup-20050604-124720-985
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
backup-20050604-124720-979
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
backup-20050604-124720-731
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
backup-20050604-124720-158
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
Completion time: 06-10-20 21:22:55.32
C:\ComboFix.txt ... 06-10-20 21:22
20.10.2006 21:30 1.632 d3d8caps.dat
20.10.2006 21:29 17.145 nvapps.xml
20.10.2006 21:17 9.728 vxgamet1.exe
20.10.2006 16:38 22.272 ncompat.tlb
20.10.2006 16:38 22.016 msvol.tlb
20.10.2006 16:37 9.728 performent202.dll
20.10.2006 12:04 10.240 msmsn.exe
20.10.2006 12:04 14.592 winmuse.exe
20.10.2006 12:04 19.712 perfont.exe
20.10.2006 12:04 17.664 netstat2.exe
20.10.2006 12:04 31.488 kernels64.exe
20.10.2006 12:04 29.952 anti_troj.exe
20.10.2006 12:04 25.344 POPCORN72.EXE
20.10.2006 12:04 16.128 proqlaim.exe
20.10.2006 12:04 27.904 mpsegment.exe
20.10.2006 12:04 25.344 iewd.exe
20.10.2006 12:04 9.472 dload.exe
20.10.2006 12:04 16.640 win32hp.dll
20.10.2006 12:04 21.504 VXH8JKDQ2.EXE
20.10.2006 12:04 9.984 VXH8JKDQ6.EXE
20.10.2006 12:04 18.176 ts.ico
20.10.2006 12:04 12.288 ot.ico
20.10.2006 12:02 8.960 ace16win.dll
20.10.2006 12:01 18.432 asgp32.dll
20.10.2006 12:01 12 oiso.bin
20.10.2006 12:01 10.752 instreg_tmp.exe
20.10.2006 12:01 0 7d007.exe
20.10.2006 12:01 8.192 sklmnf.exe
20.10.2006 12:01 0 srk_32.exe
20.10.2006 12:01 239 lfd.dat
20.10.2006 12:01 243 pcf.pdf
20.10.2006 12:01 607 msmapi32.exe.MANIFEST
20.10.2006 12:01 67.072 msmapi32.exe
20.10.2006 12:01 13.824 intr32.dll
20.10.2006 12:01 9.216 nhqgisqt.exe
19.10.2006 14:00 5.707 vdywohbb.exe
19.10.2006 13:43 2.206 wpa.dbl
12.10.2006 13:31 6.276 fmjxqafp.exe
15.09.2006 12:49 248 systemdrv32.aso
08.09.2006 15:29 46.592 zlbw.dll
08.09.2006 15:29 8.980 taskdir~.exe
08.09.2006 15:28 63.119 taskdir.exe
08.09.2006 15:28 63.119 ipod.raw.exe
08.09.2006 15:28 4 winsub.xml
07.09.2006 12:54 57.384 avsda.dll
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3470-440F
Verzeichnis von C:\DOKUME~1\Apse\LOKALE~1\Temp
20.10.2006 21:36 4 PMShared
20.10.2006 21:31 16.384 Perflib_Perfdata_7e8.dat
20.10.2006 21:29 32.768 ~DFD3C5.tmp
20.10.2006 21:21 107.540 bt7411.bat
20.10.2006 20:58 16.384 Perflib_Perfdata_5a0.dat
20.10.2006 20:55 32.768 ~DFD065.tmp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3470-440F
Verzeichnis von C:\WINDOWS
20.10.2006 21:34 775 win.ini
20.10.2006 21:28 0 0.log
20.10.2006 21:28 159 wiadebug.log
20.10.2006 21:28 1.425.637 WindowsUpdate.log
20.10.2006 21:28 50 wiaservc.log
20.10.2006 21:27 2.048 bootstat.dat
20.10.2006 21:26 32.548 SchedLgU.Txt
20.10.2006 14:48 15.872 notepad32.exe
20.10.2006 14:11 13.568 mtwirl32.dll
20.10.2006 14:11 20.992 avpcc.dll
20.10.2006 12:04 25.088 spp3.dll
20.10.2006 12:03 18.432 wininet32.exe
20.10.2006 12:03 29.440 runwin32.exe
20.10.2006 12:03 24.320 dialup.exe
20.10.2006 12:03 8.960 y.exe
20.10.2006 12:03 9.216 xxxvideo.hta
20.10.2006 12:03 25.344 xplugin.dll
20.10.2006 12:03 30.976 x.exe
20.10.2006 12:03 17.408 winmgnt.exe
20.10.2006 12:03 13.824 window.exe
20.10.2006 12:03 8.192 winajbm.dll
20.10.2006 12:03 28.416 win64.exe
20.10.2006 12:03 17.920 win32e.exe
20.10.2006 12:03 32.512 waol.exe
20.10.2006 12:03 27.648 users32.exe
20.10.2006 12:03 12.544 time.exe
20.10.2006 12:03 19.968 systemcritical.exe
20.10.2006 12:03 26.368 systeem.exe
20.10.2006 12:03 17.408 olehelp.exe
20.10.2006 12:03 9.216 cpan.dll
20.10.2006 12:03 23.552 clrssn.exe
20.10.2006 12:03 31.232 astctl32.ocx
20.10.2006 12:02 25.344 accesss.exe
20.10.2006 12:02 12.032 inetdctr.dll
08.09.2006 15:31 54.156 QTFont.qfn
04.08.2006 11:06 6.917 mozver.dat
09.07.2006 02:13 192 winamp.ini
07.07.2006 15:49 4 pcup23467.dat
03.07.2006 19:15 1.409 QTFont.for
lume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3470-440F
Verzeichnis von C:\WINDOWS\Temp
20.10.2006 21:16 107.540 bt4564.bat
1 Datei(en) 107.540 Bytes
0 Verzeichnis(se), 595.476.480 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3470-440F
Verzeichnis von C:\WINDOWS\Downloaded Program Files
02.12.2005 12:55 5.101 swflash.inf
26.05.2005 04:19 293 muweb.inf
11.04.2005 12:20 118.784 asinst.dll
23.03.2005 17:12 525 asinst.inf
04.03.2005 04:52 752 jinstall-1_5_0_02.inf
09.02.2005 16:54 1.271 erma.inf
24.09.2004 11:50 65 desktop.ini
25.01.2004 13:43 1.087 qdiagcc.inf
25.08.2003 19:12 1.096 iuctl.inf
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
11 Datei(en) 130.833 Bytes
0 Verzeichnis(se), 595.472.384 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3470-440F
Verzeichnis von C:\
20.10.2006 21:45 0 sys.txt
20.10.2006 21:44 830 down.txt
20.10.2006 21:44 275 tmp.txt
20.10.2006 21:44 6.830 system.txt
20.10.2006 21:44 251.658.240 pagefile.sys
20.10.2006 21:43 608 systemtemp.txt
20.10.2006 21:40 106.553 system32.txt
20.10.2006 21:27 133.750.784 hiberfil.sys
20.10.2006 21:22 31.877 ComboFix.txt