Home » Viren, Trojaner & Malware Forum » Trojaner TR/Vundo.Gen - Logfiles - wer weiss was? » Themenansicht
Trojaner TR/Vundo.Gen - Logfiles - wer weiss was? |
||
|---|---|---|
| #0
| ||
|
01.11.2006, 00:15
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
01.11.2006, 15:16
Ehrenmitglied
 Beiträge: 29434 |
#2
Phil79
1. Vundofix anwenden http://virus-protect.org/artikel/tools/vundofixx.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** scanne mit smitfraud fix - Option 1 und 2 - poste hier beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html ** Klicke: Start -Ausfuehren- schreib rein: cmd dann kopiere in das schwarze DOS-Fenster: del %windir%\temp\*.* /f klicke "enter" schreibe Y  ________________________________________________________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)PC neustarten ** scanne und poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 01.11.2006 um 15:26 Uhr von Sabina editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hallo!
Ich habe den Trojaner mit Vundofix weg bekommen. Vundofix erkennt keine weiteren Files und Antivir meint auch es sei alles im Lot. Hab Vundofix vorher nur aus Threads aufgerufen die mich mit einer alten version verlinkt haben. Hab jetzt die aktuelle gefunden.
Danke an alle die den Faden gelesen haben, auch wenn ich selber drauf gekommen bin.
Für alle die im Vundo-Schlamassel sind hier der Link zum aktuellen VunduFix http://www.atribune.org/ccount/click.php?id=4
(VundoFix V6.2.6)
Grüße!
---------------------------------------------------------------------------
Meine ursprüngliche Nachricht:
Hallo!
Ich habe einen Laptop bekommen von jemanden der meine "da sei was drauf", und das einzige was ich wirklich machen kann ist ANtivir durchlaufen lassen.
Antivir hat auf dem Laptop den Trojaner TR/Vundo.Gen gefunden. Er befindet sich wohl in C:\Windows\System32\pmkhf.dll
Antivir konnte ihn aber nicht entfernen. Es wurde immer die Fehlermeldung "...kann nicht zugegriffen werden ... Datenträger geschützt oder keine Administratorrechte (so in etwa)..." angezeigt. Nach dem empfohlenen Neustart war der Trojaner auch immer noch da.
Mit dem Super Ad Blocker bin ich auch nicht weiter gekommen. VundoFix will das ich einen bestimmten File aus einem Forum eingebe, ich weiss aber nicht welchen.
Nun habe ich ein paar Logfiles (nach Anleitung eines Threads hier).
Die Logfiles mittels datfind.bat habe ich allerdings nur für system32, habe es leider nicht verstanden wie ich die logs 2. - 6. bekommen kann. Ich weiss nicht was ein Command-Fenster ist, bzw. es öffnet sich nur der Texteditor.
Nun hier die Logfiles, vielleicht kann mir jemand helfen oder weiss wo ich ansetzen kann.
---------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:16:14, on 31.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE
C:\Programme\WLAN Monitor\wlconfig.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\{E025F8D9-069F-1031-0104-060103060031}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Dokumente und Einstellungen\Max\Desktop\Logfiles\HijackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\peoxfyqf.dll
O2 - BHO: (no name) - {90E197FB-36A9-449E-908F-E9AE0E2D7E62} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programme\Gemeinsame Dateien\{3025F8D9-069F-1031-0104-060103060031}\MyToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programme\Gemeinsame Dateien\{3025F8D9-069F-1031-0104-060103060031}\MyToolBar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\SafetyBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Programme\VSToolbar\VSToolBar.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WLAN Quick-Starter] "C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt119YYDE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135960497062
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
O20 - Winlogon Notify: SABWinLogon - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
----------------------------------------------------------------------------
CleanUp! started on 10/31/06 23:20:01.
...
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\WINDOWS\temp\win1.tmp - deleted
C:\WINDOWS\temp\win10.tmp - deleted
C:\WINDOWS\temp\win100.tmp - deleted
C:\WINDOWS\temp\win101.tmp - deleted
C:\WINDOWS\temp\win102.tmp - deleted
C:\WINDOWS\temp\win103.tmp - deleted
C:\WINDOWS\temp\win104.tmp - deleted
C:\WINDOWS\temp\win105.tmp - deleted
C:\WINDOWS\temp\win106.tmp - deleted
C:\WINDOWS\temp\win107.tmp - deleted
C:\WINDOWS\temp\win108.tmp - deleted
C:\WINDOWS\temp\win109.tmp - deleted
C:\WINDOWS\temp\win10A.tmp - deleted
C:\WINDOWS\temp\win10B.tmp - deleted
C:\WINDOWS\temp\win10C.tmp - deleted
C:\WINDOWS\temp\win10D.tmp - deleted
C:\WINDOWS\temp\win10E.tmp - deleted
C:\WINDOWS\temp\win10F.tmp - deleted
C:\WINDOWS\temp\win11.tmp - deleted
C:\WINDOWS\temp\win110.tmp - deleted
C:\WINDOWS\temp\win111.tmp - deleted
C:\WINDOWS\temp\win112.tmp - deleted
C:\WINDOWS\temp\win113.tmp - deleted
C:\WINDOWS\temp\win114.tmp - deleted
C:\WINDOWS\temp\win115.tmp - deleted
C:\WINDOWS\temp\win116.tmp - deleted
C:\WINDOWS\temp\win117.tmp - deleted
C:\WINDOWS\temp\win118.tmp - deleted
C:\WINDOWS\temp\win119.tmp - deleted
C:\WINDOWS\temp\win11A.tmp - deleted
C:\WINDOWS\temp\win11B.tmp - deleted
C:\WINDOWS\temp\win11C.tmp - deleted
C:\WINDOWS\temp\win11D.tmp - deleted
C:\WINDOWS\temp\win11E.tmp - deleted
C:\WINDOWS\temp\win11F.tmp - deleted
C:\WINDOWS\temp\win12.tmp - deleted
C:\WINDOWS\temp\win120.tmp - deleted
C:\WINDOWS\temp\win121.tmp - deleted
C:\WINDOWS\temp\win122.tmp - deleted
C:\WINDOWS\temp\win123.tmp - deleted
C:\WINDOWS\temp\win125.tmp - deleted
C:\WINDOWS\temp\win126.tmp - deleted
C:\WINDOWS\temp\win127.tmp - deleted
C:\WINDOWS\temp\win128.tmp - deleted
C:\WINDOWS\temp\win129.tmp - deleted
C:\WINDOWS\temp\win12A.tmp - deleted
C:\WINDOWS\temp\win12B.tmp - deleted
C:\WINDOWS\temp\win12C.tmp - deleted
C:\WINDOWS\temp\win12D.tmp - deleted
C:\WINDOWS\temp\win12E.tmp - deleted
C:\WINDOWS\temp\win12F.tmp - deleted
C:\WINDOWS\temp\win13.tmp - deleted
C:\WINDOWS\temp\win130.tmp - deleted
C:\WINDOWS\temp\win131.tmp - deleted
C:\WINDOWS\temp\win132.tmp - deleted
C:\WINDOWS\temp\win133.tmp - deleted
C:\WINDOWS\temp\win134.tmp - deleted
C:\WINDOWS\temp\win135.tmp - deleted
C:\WINDOWS\temp\win136.tmp - deleted
C:\WINDOWS\temp\win137.tmp - deleted
C:\WINDOWS\temp\win138.tmp - deleted
C:\WINDOWS\temp\win139.tmp - deleted
C:\WINDOWS\temp\win13A.tmp - deleted
C:\WINDOWS\temp\win13B.tmp - deleted
C:\WINDOWS\temp\win13C.tmp - deleted
C:\WINDOWS\temp\win13D.tmp - deleted
C:\WINDOWS\temp\win13E.tmp - deleted
C:\WINDOWS\temp\win13F.tmp - deleted
C:\WINDOWS\temp\win14.tmp - deleted
C:\WINDOWS\temp\win140.tmp - deleted
C:\WINDOWS\temp\win141.tmp - deleted
C:\WINDOWS\temp\win142.tmp - deleted
C:\WINDOWS\temp\win143.tmp - deleted
C:\WINDOWS\temp\win144.tmp - deleted
C:\WINDOWS\temp\win145.tmp - deleted
C:\WINDOWS\temp\win146.tmp - deleted
C:\WINDOWS\temp\win147.tmp - deleted
C:\WINDOWS\temp\win148.tmp - deleted
C:\WINDOWS\temp\win149.tmp - deleted
C:\WINDOWS\temp\win14A.tmp - deleted
C:\WINDOWS\temp\win14B.tmp - deleted
C:\WINDOWS\temp\win14C.tmp - deleted
C:\WINDOWS\temp\win14D.tmp - deleted
C:\WINDOWS\temp\win14E.tmp - deleted
C:\WINDOWS\temp\win14F.tmp - deleted
C:\WINDOWS\temp\win15.tmp - deleted
C:\WINDOWS\temp\win150.tmp - deleted
C:\WINDOWS\temp\win151.tmp - deleted
C:\WINDOWS\temp\win152.tmp - deleted
C:\WINDOWS\temp\win153.tmp - deleted
C:\WINDOWS\temp\win154.tmp - deleted
C:\WINDOWS\temp\win155.tmp - deleted
C:\WINDOWS\temp\win156.tmp - deleted
C:\WINDOWS\temp\win157.tmp - deleted
C:\WINDOWS\temp\win158.tmp - deleted
C:\WINDOWS\temp\win159.tmp - deleted
C:\WINDOWS\temp\win15A.tmp - deleted
C:\WINDOWS\temp\win15B.tmp - deleted
C:\WINDOWS\temp\win15C.tmp - deleted
C:\WINDOWS\temp\win15D.tmp - deleted
C:\WINDOWS\temp\win15E.tmp - deleted
C:\WINDOWS\temp\win15F.tmp - deleted
C:\WINDOWS\temp\win16.tmp - deleted
C:\WINDOWS\temp\win160.tmp - deleted
C:\WINDOWS\temp\win161.tmp - deleted
C:\WINDOWS\temp\win162.tmp - deleted
C:\WINDOWS\temp\win163.tmp - deleted
C:\WINDOWS\temp\win164.tmp - deleted
C:\WINDOWS\temp\win165.tmp - deleted
C:\WINDOWS\temp\win166.tmp - deleted
C:\WINDOWS\temp\win167.tmp - deleted
C:\WINDOWS\temp\win168.tmp - deleted
C:\WINDOWS\temp\win169.tmp - deleted
C:\WINDOWS\temp\win16A.tmp - deleted
C:\WINDOWS\temp\win16B.tmp - deleted
C:\WINDOWS\temp\win16D.tmp - deleted
C:\WINDOWS\temp\win16E.tmp - deleted
C:\WINDOWS\temp\win16F.tmp - deleted
C:\WINDOWS\temp\win17.tmp - deleted
C:\WINDOWS\temp\win170.tmp - deleted
C:\WINDOWS\temp\win171.tmp - deleted
C:\WINDOWS\temp\win172.tmp - deleted
C:\WINDOWS\temp\win173.tmp - deleted
C:\WINDOWS\temp\win174.tmp - deleted
C:\WINDOWS\temp\win175.tmp - deleted
C:\WINDOWS\temp\win176.tmp - deleted
C:\WINDOWS\temp\win177.tmp - deleted
C:\WINDOWS\temp\win178.tmp - deleted
C:\WINDOWS\temp\win179.tmp - deleted
C:\WINDOWS\temp\win17A.tmp - deleted
C:\WINDOWS\temp\win17B.tmp - deleted
C:\WINDOWS\temp\win17C.tmp - deleted
C:\WINDOWS\temp\win17D.tmp - deleted
C:\WINDOWS\temp\win17E.tmp - deleted
C:\WINDOWS\temp\win17F.tmp - deleted
C:\WINDOWS\temp\win18.tmp - deleted
C:\WINDOWS\temp\win180.tmp - deleted
C:\WINDOWS\temp\win181.tmp - deleted
C:\WINDOWS\temp\win182.tmp - deleted
C:\WINDOWS\temp\win183.tmp - deleted
C:\WINDOWS\temp\win184.tmp - deleted
C:\WINDOWS\temp\win185.tmp - deleted
C:\WINDOWS\temp\win186.tmp - deleted
C:\WINDOWS\temp\win187.tmp - deleted
C:\WINDOWS\temp\win188.tmp - deleted
C:\WINDOWS\temp\win189.tmp - deleted
C:\WINDOWS\temp\win18A.tmp - deleted
C:\WINDOWS\temp\win18B.tmp - deleted
C:\WINDOWS\temp\win18C.tmp - deleted
C:\WINDOWS\temp\win18D.tmp - deleted
C:\WINDOWS\temp\win18E.tmp - deleted
C:\WINDOWS\temp\win18F.tmp - deleted
C:\WINDOWS\temp\win19.tmp - deleted
C:\WINDOWS\temp\win190.tmp - deleted
C:\WINDOWS\temp\win191.tmp - deleted
C:\WINDOWS\temp\win192.tmp - deleted
C:\WINDOWS\temp\win193.tmp - deleted
C:\WINDOWS\temp\win194.tmp - deleted
C:\WINDOWS\temp\win195.tmp - deleted
C:\WINDOWS\temp\win196.tmp - deleted
C:\WINDOWS\temp\win197.tmp - deleted
C:\WINDOWS\temp\win198.tmp - deleted
C:\WINDOWS\temp\win199.tmp - deleted
C:\WINDOWS\temp\win19A.tmp - deleted
C:\WINDOWS\temp\win19B.tmp - deleted
C:\WINDOWS\temp\win19C.tmp - deleted
C:\WINDOWS\temp\win19D.tmp - deleted
C:\WINDOWS\temp\win19E.tmp - deleted
C:\WINDOWS\temp\win19F.tmp - deleted
C:\WINDOWS\temp\win1A.tmp - deleted
C:\WINDOWS\temp\win1A0.tmp - deleted
C:\WINDOWS\temp\win1A1.tmp - deleted
C:\WINDOWS\temp\win1A2.tmp - deleted
C:\WINDOWS\temp\win1A3.tmp - deleted
C:\WINDOWS\temp\win1A4.tmp - deleted
C:\WINDOWS\temp\win1A6.tmp - deleted
C:\WINDOWS\temp\win1A7.tmp - deleted
C:\WINDOWS\temp\win1A8.tmp - deleted
C:\WINDOWS\temp\win1A9.tmp - deleted
C:\WINDOWS\temp\win1AA.tmp - deleted
C:\WINDOWS\temp\win1AB.tmp - deleted
C:\WINDOWS\temp\win1AC.tmp - deleted
C:\WINDOWS\temp\win1AD.tmp - deleted
C:\WINDOWS\temp\win1AE.tmp - deleted
C:\WINDOWS\temp\win1AF.tmp - deleted
C:\WINDOWS\temp\win1B.tmp - deleted
C:\WINDOWS\temp\win1B0.tmp - deleted
C:\WINDOWS\temp\win1B1.tmp - deleted
C:\WINDOWS\temp\win1B2.tmp - deleted
C:\WINDOWS\temp\win1B3.tmp - deleted
C:\WINDOWS\temp\win1B4.tmp - deleted
C:\WINDOWS\temp\win1B5.tmp - deleted
C:\WINDOWS\temp\win1B6.tmp - deleted
C:\WINDOWS\temp\win1B7.tmp - deleted
C:\WINDOWS\temp\win1BA.tmp - deleted
C:\WINDOWS\temp\win1BD.tmp - deleted
C:\WINDOWS\temp\win1BE.tmp - deleted
C:\WINDOWS\temp\win1BF.tmp - deleted
C:\WINDOWS\temp\win1C.tmp - deleted
C:\WINDOWS\temp\win1C2.tmp - deleted
C:\WINDOWS\temp\win1C4.tmp - deleted
C:\WINDOWS\temp\win1C5.tmp - deleted
C:\WINDOWS\temp\win1C9.tmp - deleted
C:\WINDOWS\temp\win1D.tmp - deleted
C:\WINDOWS\temp\win1E.tmp - deleted
C:\WINDOWS\temp\win1E0.tmp - deleted
C:\WINDOWS\temp\win1E1.tmp - deleted
C:\WINDOWS\temp\win1EE.tmp - deleted
C:\WINDOWS\temp\win1EF.tmp - deleted
C:\WINDOWS\temp\win1F.tmp - deleted
C:\WINDOWS\temp\win2.tmp - deleted
C:\WINDOWS\temp\win20.tmp - deleted
C:\WINDOWS\temp\win20F.tmp - deleted
C:\WINDOWS\temp\win21.tmp - deleted
C:\WINDOWS\temp\win210.tmp - deleted
C:\WINDOWS\temp\win213.tmp - deleted
C:\WINDOWS\temp\win214.tmp - deleted
C:\WINDOWS\temp\win22.tmp - deleted
C:\WINDOWS\temp\win23.tmp - deleted
C:\WINDOWS\temp\win23A.tmp - deleted
C:\WINDOWS\temp\win23B.tmp - deleted
C:\WINDOWS\temp\win24.tmp - deleted
C:\WINDOWS\temp\win240.tmp - deleted
C:\WINDOWS\temp\win241.tmp - deleted
C:\WINDOWS\temp\win25.tmp - deleted
C:\WINDOWS\temp\win25F.tmp - deleted
C:\WINDOWS\temp\win26.tmp - deleted
C:\WINDOWS\temp\win260.tmp - deleted
C:\WINDOWS\temp\win27.tmp - deleted
C:\WINDOWS\temp\win273.tmp - deleted
C:\WINDOWS\temp\win274.tmp - deleted
C:\WINDOWS\temp\win28.tmp - deleted
C:\WINDOWS\temp\win285.tmp - deleted
C:\WINDOWS\temp\win286.tmp - deleted
C:\WINDOWS\temp\win29.tmp - deleted
C:\WINDOWS\temp\win298.tmp - deleted
C:\WINDOWS\temp\win29A.tmp - deleted
C:\WINDOWS\temp\win2A.tmp - deleted
C:\WINDOWS\temp\win2AA.tmp - deleted
C:\WINDOWS\temp\win2AB.tmp - deleted
C:\WINDOWS\temp\win2B.tmp - deleted
C:\WINDOWS\temp\win2C.tmp - deleted
C:\WINDOWS\temp\win2D.tmp - deleted
C:\WINDOWS\temp\win2DC.tmp - deleted
C:\WINDOWS\temp\win2DD.tmp - deleted
C:\WINDOWS\temp\win2E.tmp - deleted
C:\WINDOWS\temp\win2F.tmp - deleted
C:\WINDOWS\temp\win3.tmp - deleted
C:\WINDOWS\temp\win30.tmp - deleted
C:\WINDOWS\temp\win31.tmp - deleted
C:\WINDOWS\temp\win314.tmp - deleted
C:\WINDOWS\temp\win315.tmp - deleted
C:\WINDOWS\temp\win32.tmp - deleted
C:\WINDOWS\temp\win33.tmp - deleted
C:\WINDOWS\temp\win34.tmp - deleted
C:\WINDOWS\temp\win34D.tmp - deleted
C:\WINDOWS\temp\win34E.tmp - deleted
C:\WINDOWS\temp\win35.tmp - deleted
C:\WINDOWS\temp\win36.tmp - deleted
C:\WINDOWS\temp\win37.tmp - deleted
C:\WINDOWS\temp\win38.tmp - deleted
C:\WINDOWS\temp\win381.tmp - deleted
C:\WINDOWS\temp\win382.tmp - deleted
C:\WINDOWS\temp\win388.tmp - deleted
C:\WINDOWS\temp\win39.tmp - deleted
C:\WINDOWS\temp\win39D.tmp - deleted
C:\WINDOWS\temp\win39E.tmp - deleted
C:\WINDOWS\temp\win39F.tmp - deleted
C:\WINDOWS\temp\win3A.tmp - deleted
C:\WINDOWS\temp\win3A0.tmp - deleted
C:\WINDOWS\temp\win3A1.tmp - deleted
C:\WINDOWS\temp\win3A3.tmp - deleted
C:\WINDOWS\temp\win3B.tmp - deleted
C:\WINDOWS\temp\win3B1.tmp - deleted
C:\WINDOWS\temp\win3B2.tmp - deleted
C:\WINDOWS\temp\win3C.tmp - deleted
C:\WINDOWS\temp\win3D.tmp - deleted
C:\WINDOWS\temp\win3E.tmp - deleted
C:\WINDOWS\temp\win3EA.tmp - deleted
C:\WINDOWS\temp\win3EB.tmp - deleted
C:\WINDOWS\temp\win3F.tmp - deleted
C:\WINDOWS\temp\win4.tmp - deleted
C:\WINDOWS\temp\win40.tmp - deleted
C:\WINDOWS\temp\win41.tmp - deleted
C:\WINDOWS\temp\win42.tmp - deleted
C:\WINDOWS\temp\win423.tmp - deleted
C:\WINDOWS\temp\win424.tmp - deleted
C:\WINDOWS\temp\win426.tmp - deleted
C:\WINDOWS\temp\win427.tmp - deleted
C:\WINDOWS\temp\win429.tmp - deleted
C:\WINDOWS\temp\win42A.tmp - deleted
C:\WINDOWS\temp\win43.tmp - deleted
C:\WINDOWS\temp\win44.tmp - deleted
C:\WINDOWS\temp\win45.tmp - deleted
C:\WINDOWS\temp\win46.tmp - deleted
C:\WINDOWS\temp\win47.tmp - deleted
C:\WINDOWS\temp\win47E.tmp - deleted
C:\WINDOWS\temp\win47F.tmp - deleted
C:\WINDOWS\temp\win48.tmp - deleted
C:\WINDOWS\temp\win49.tmp - deleted
C:\WINDOWS\temp\win4A.tmp - deleted
C:\WINDOWS\temp\win4B.tmp - deleted
C:\WINDOWS\temp\win4C.tmp - deleted
C:\WINDOWS\temp\win4D.tmp - deleted
C:\WINDOWS\temp\win4E.tmp - deleted
C:\WINDOWS\temp\win4F.tmp - deleted
C:\WINDOWS\temp\win4FD.tmp - deleted
C:\WINDOWS\temp\win4FE.tmp - deleted
C:\WINDOWS\temp\win5.tmp - deleted
C:\WINDOWS\temp\win50.tmp - deleted
C:\WINDOWS\temp\win51.tmp - deleted
C:\WINDOWS\temp\win52.tmp - deleted
C:\WINDOWS\temp\win52C.tmp - deleted
C:\WINDOWS\temp\win52D.tmp - deleted
C:\WINDOWS\temp\win53.tmp - deleted
C:\WINDOWS\temp\win54.tmp - deleted
C:\WINDOWS\temp\win55.tmp - deleted
C:\WINDOWS\temp\win56.tmp - deleted
C:\WINDOWS\temp\win57.tmp - deleted
C:\WINDOWS\temp\win575.tmp - deleted
C:\WINDOWS\temp\win576.tmp - deleted
C:\WINDOWS\temp\win58.tmp - deleted
C:\WINDOWS\temp\win59.tmp - deleted
C:\WINDOWS\temp\win5A.tmp - deleted
C:\WINDOWS\temp\win5B.tmp - deleted
C:\WINDOWS\temp\win5B3.tmp - deleted
C:\WINDOWS\temp\win5B4.tmp - deleted
C:\WINDOWS\temp\win5C.tmp - deleted
C:\WINDOWS\temp\win5D.tmp - deleted
C:\WINDOWS\temp\win5E.tmp - deleted
C:\WINDOWS\temp\win5EB.tmp - deleted
C:\WINDOWS\temp\win5EC.tmp - deleted
C:\WINDOWS\temp\win5F.tmp - deleted
C:\WINDOWS\temp\win6.tmp - deleted
C:\WINDOWS\temp\win60.tmp - deleted
C:\WINDOWS\temp\win61.tmp - deleted
C:\WINDOWS\temp\win62.tmp - deleted
C:\WINDOWS\temp\win63.tmp - deleted
C:\WINDOWS\temp\win635.tmp - deleted
C:\WINDOWS\temp\win636.tmp - deleted
C:\WINDOWS\temp\win64.tmp - deleted
C:\WINDOWS\temp\win65.tmp - deleted
C:\WINDOWS\temp\win66.tmp - deleted
C:\WINDOWS\temp\win67.tmp - deleted
C:\WINDOWS\temp\win679.tmp - deleted
C:\WINDOWS\temp\win67A.tmp - deleted
C:\WINDOWS\temp\win68.tmp - deleted
C:\WINDOWS\temp\win69.tmp - deleted
C:\WINDOWS\temp\win6A.tmp - deleted
C:\WINDOWS\temp\win6B.tmp - deleted
C:\WINDOWS\temp\win6BF.tmp - deleted
C:\WINDOWS\temp\win6C.tmp - deleted
C:\WINDOWS\temp\win6C0.tmp - deleted
C:\WINDOWS\temp\win6C8.tmp - deleted
C:\WINDOWS\temp\win6C9.tmp - deleted
C:\WINDOWS\temp\win6D.tmp - deleted
C:\WINDOWS\temp\win6D7.tmp - deleted
C:\WINDOWS\temp\win6D8.tmp - deleted
C:\WINDOWS\temp\win6E.tmp - deleted
C:\WINDOWS\temp\win6F.tmp - deleted
C:\WINDOWS\temp\win7.tmp - deleted
C:\WINDOWS\temp\win70.tmp - deleted
C:\WINDOWS\temp\win704.tmp - deleted
C:\WINDOWS\temp\win705.tmp - deleted
C:\WINDOWS\temp\win70A.tmp - deleted
C:\WINDOWS\temp\win70B.tmp - deleted
C:\WINDOWS\temp\win71.tmp - deleted
C:\WINDOWS\temp\win72.tmp - deleted
C:\WINDOWS\temp\win73.tmp - deleted
C:\WINDOWS\temp\win73D.tmp - deleted
C:\WINDOWS\temp\win73E.tmp - deleted
C:\WINDOWS\temp\win74.tmp - deleted
C:\WINDOWS\temp\win74A.tmp - deleted
C:\WINDOWS\temp\win74B.tmp - deleted
C:\WINDOWS\temp\win75.tmp - deleted
C:\WINDOWS\temp\win76.tmp - deleted
C:\WINDOWS\temp\win77.tmp - deleted
C:\WINDOWS\temp\win773.tmp - deleted
C:\WINDOWS\temp\win774.tmp - deleted
C:\WINDOWS\temp\win78.tmp - deleted
C:\WINDOWS\temp\win79.tmp - deleted
C:\WINDOWS\temp\win799.tmp - deleted
C:\WINDOWS\temp\win79A.tmp - deleted
C:\WINDOWS\temp\win79C.tmp - deleted
C:\WINDOWS\temp\win79D.tmp - deleted
C:\WINDOWS\temp\win7A.tmp - deleted
C:\WINDOWS\temp\win7B.tmp - deleted
C:\WINDOWS\temp\win7B9.tmp - deleted
C:\WINDOWS\temp\win7BA.tmp - deleted
C:\WINDOWS\temp\win7C.tmp - deleted
C:\WINDOWS\temp\win7CD.tmp - deleted
C:\WINDOWS\temp\win7CE.tmp - deleted
C:\WINDOWS\temp\win7D.tmp - deleted
C:\WINDOWS\temp\win7E.tmp - deleted
C:\WINDOWS\temp\win7E5.tmp - deleted
C:\WINDOWS\temp\win7E6.tmp - deleted
C:\WINDOWS\temp\win7E7.tmp - deleted
C:\WINDOWS\temp\win7E8.tmp - deleted
C:\WINDOWS\temp\win7F.tmp - deleted
C:\WINDOWS\temp\win7FE.tmp - deleted
C:\WINDOWS\temp\win7FF.tmp - deleted
C:\WINDOWS\temp\win8.tmp - deleted
C:\WINDOWS\temp\win80.tmp - deleted
C:\WINDOWS\temp\win80D.tmp - deleted
C:\WINDOWS\temp\win80E.tmp - deleted
C:\WINDOWS\temp\win81.tmp - deleted
C:\WINDOWS\temp\win81F.tmp - deleted
C:\WINDOWS\temp\win82.tmp - deleted
C:\WINDOWS\temp\win820.tmp - deleted
C:\WINDOWS\temp\win82A.tmp - deleted
C:\WINDOWS\temp\win82B.tmp - deleted
C:\WINDOWS\temp\win83.tmp - deleted
C:\WINDOWS\temp\win839.tmp - deleted
C:\WINDOWS\temp\win83A.tmp - deleted
C:\WINDOWS\temp\win84.tmp - deleted
C:\WINDOWS\temp\win84D.tmp - deleted
C:\WINDOWS\temp\win84E.tmp - deleted
C:\WINDOWS\temp\win85.tmp - deleted
C:\WINDOWS\temp\win856.tmp - deleted
C:\WINDOWS\temp\win857.tmp - deleted
C:\WINDOWS\temp\win858.tmp - deleted
C:\WINDOWS\temp\win859.tmp - deleted
C:\WINDOWS\temp\win85C.tmp - deleted
C:\WINDOWS\temp\win85D.tmp - deleted
C:\WINDOWS\temp\win86.tmp - deleted
C:\WINDOWS\temp\win862.tmp - deleted
C:\WINDOWS\temp\win863.tmp - deleted
C:\WINDOWS\temp\win864.tmp - deleted
C:\WINDOWS\temp\win87.tmp - deleted
C:\WINDOWS\temp\win88.tmp - deleted
C:\WINDOWS\temp\win89.tmp - deleted
C:\WINDOWS\temp\win89C.tmp - deleted
C:\WINDOWS\temp\win89D.tmp - deleted
C:\WINDOWS\temp\win8A.tmp - deleted
C:\WINDOWS\temp\win8B.tmp - deleted
C:\WINDOWS\temp\win8C.tmp - deleted
C:\WINDOWS\temp\win8CA.tmp - deleted
C:\WINDOWS\temp\win8CB.tmp - deleted
C:\WINDOWS\temp\win8D.tmp - deleted
C:\WINDOWS\temp\win8E.tmp - deleted
C:\WINDOWS\temp\win8F.tmp - deleted
C:\WINDOWS\temp\win8F8.tmp - deleted
C:\WINDOWS\temp\win8F9.tmp - deleted
C:\WINDOWS\temp\win9.tmp - deleted
C:\WINDOWS\temp\win90.tmp - deleted
C:\WINDOWS\temp\win91.tmp - deleted
C:\WINDOWS\temp\win92.tmp - deleted
C:\WINDOWS\temp\win926.tmp - deleted
C:\WINDOWS\temp\win927.tmp - deleted
C:\WINDOWS\temp\win93.tmp - deleted
C:\WINDOWS\temp\win94.tmp - deleted
C:\WINDOWS\temp\win95.tmp - deleted
C:\WINDOWS\temp\win954.tmp - deleted
C:\WINDOWS\temp\win955.tmp - deleted
C:\WINDOWS\temp\win96.tmp - deleted
C:\WINDOWS\temp\win97.tmp - deleted
C:\WINDOWS\temp\win98.tmp - deleted
C:\WINDOWS\temp\win985.tmp - deleted
C:\WINDOWS\temp\win986.tmp - deleted
C:\WINDOWS\temp\win99.tmp - deleted
C:\WINDOWS\temp\win9A.tmp - deleted
C:\WINDOWS\temp\win9B.tmp - deleted
C:\WINDOWS\temp\win9C.tmp - deleted
C:\WINDOWS\temp\win9CD.tmp - deleted
C:\WINDOWS\temp\win9CE.tmp - deleted
C:\WINDOWS\temp\win9D.tmp - deleted
C:\WINDOWS\temp\win9E.tmp - deleted
C:\WINDOWS\temp\win9F.tmp - deleted
C:\WINDOWS\temp\winA.tmp - deleted
C:\WINDOWS\temp\winA0.tmp - deleted
C:\WINDOWS\temp\winA1.tmp - deleted
C:\WINDOWS\temp\winA19.tmp - deleted
C:\WINDOWS\temp\winA1A.tmp - deleted
C:\WINDOWS\temp\winA2.tmp - deleted
C:\WINDOWS\temp\winA3.tmp - deleted
C:\WINDOWS\temp\winA4.tmp - deleted
C:\WINDOWS\temp\winA4A.tmp - deleted
C:\WINDOWS\temp\winA4B.tmp - deleted
C:\WINDOWS\temp\winA5.tmp - deleted
C:\WINDOWS\temp\winA6.tmp - deleted
C:\WINDOWS\temp\winA6D.tmp - deleted
C:\WINDOWS\temp\winA6E.tmp - deleted
C:\WINDOWS\temp\winA7.tmp - deleted
C:\WINDOWS\temp\winA8.tmp - deleted
C:\WINDOWS\temp\winA9.tmp - deleted
C:\WINDOWS\temp\winA9A.tmp - deleted
C:\WINDOWS\temp\winA9B.tmp - deleted
C:\WINDOWS\temp\winAA.tmp - deleted
C:\WINDOWS\temp\winAB.tmp - deleted
C:\WINDOWS\temp\winAC.tmp - deleted
C:\WINDOWS\temp\winAC2.tmp - deleted
C:\WINDOWS\temp\winAC3.tmp - deleted
C:\WINDOWS\temp\winAD.tmp - deleted
C:\WINDOWS\temp\winAE.tmp - deleted
C:\WINDOWS\temp\winAE7.tmp - deleted
C:\WINDOWS\temp\winAE8.tmp - deleted
C:\WINDOWS\temp\winAF.tmp - deleted
C:\WINDOWS\temp\winB.tmp - deleted
C:\WINDOWS\temp\winB0.tmp - deleted
C:\WINDOWS\temp\winB0A.tmp - deleted
C:\WINDOWS\temp\winB0B.tmp - deleted
C:\WINDOWS\temp\winB1.tmp - deleted
C:\WINDOWS\temp\winB2.tmp - deleted
C:\WINDOWS\temp\winB2D.tmp - deleted
C:\WINDOWS\temp\winB2E.tmp - deleted
C:\WINDOWS\temp\winB3.tmp - deleted
C:\WINDOWS\temp\winB4.tmp - deleted
C:\WINDOWS\temp\winB4B.tmp - deleted
C:\WINDOWS\temp\winB4C.tmp - deleted
C:\WINDOWS\temp\winB5.tmp - deleted
C:\WINDOWS\temp\winB6.tmp - deleted
C:\WINDOWS\temp\winB63.tmp - deleted
C:\WINDOWS\temp\winB64.tmp - deleted
C:\WINDOWS\temp\winB7.tmp - deleted
C:\WINDOWS\temp\winB8.tmp - deleted
C:\WINDOWS\temp\winB89.tmp - deleted
C:\WINDOWS\temp\winB8A.tmp - deleted
C:\WINDOWS\temp\winB9.tmp - deleted
C:\WINDOWS\temp\winBA.tmp - deleted
C:\WINDOWS\temp\winBAF.tmp - deleted
C:\WINDOWS\temp\winBB.tmp - deleted
C:\WINDOWS\temp\winBB0.tmp - deleted
C:\WINDOWS\temp\winBC.tmp - deleted
C:\WINDOWS\temp\winBD.tmp - deleted
C:\WINDOWS\temp\winBD2.tmp - deleted
C:\WINDOWS\temp\winBD3.tmp - deleted
C:\WINDOWS\temp\winBE.tmp - deleted
C:\WINDOWS\temp\winBF.tmp - deleted
C:\WINDOWS\temp\winBF5.tmp - deleted
C:\WINDOWS\temp\winBF6.tmp - deleted
C:\WINDOWS\temp\winC.tmp - deleted
C:\WINDOWS\temp\winC0.tmp - deleted
C:\WINDOWS\temp\winC1.tmp - deleted
C:\WINDOWS\temp\winC18.tmp - deleted
C:\WINDOWS\temp\winC19.tmp - deleted
C:\WINDOWS\temp\winC2.tmp - deleted
C:\WINDOWS\temp\winC3.tmp - deleted
C:\WINDOWS\temp\winC3B.tmp - deleted
C:\WINDOWS\temp\winC3C.tmp - deleted
C:\WINDOWS\temp\winC4.tmp - deleted
C:\WINDOWS\temp\winC5.tmp - deleted
C:\WINDOWS\temp\winC52.tmp - deleted
C:\WINDOWS\temp\winC53.tmp - deleted
C:\WINDOWS\temp\winC58.tmp - deleted
C:\WINDOWS\temp\winC59.tmp - deleted
C:\WINDOWS\temp\winC6.tmp - deleted
C:\WINDOWS\temp\winC7.tmp - deleted
C:\WINDOWS\temp\winC7C.tmp - deleted
C:\WINDOWS\temp\winC7D.tmp - deleted
C:\WINDOWS\temp\winC8.tmp - deleted
C:\WINDOWS\temp\winC9.tmp - deleted
C:\WINDOWS\temp\winCA.tmp - deleted
C:\WINDOWS\temp\winCB.tmp - deleted
C:\WINDOWS\temp\winCB0.tmp - deleted
C:\WINDOWS\temp\winCB1.tmp - deleted
C:\WINDOWS\temp\winCC.tmp - deleted
C:\WINDOWS\temp\winCD.tmp - deleted
C:\WINDOWS\temp\winCE.tmp - deleted
C:\WINDOWS\temp\winCEB.tmp - deleted
C:\WINDOWS\temp\winCEC.tmp - deleted
C:\WINDOWS\temp\winCF.tmp - deleted
C:\WINDOWS\temp\winD.tmp - deleted
C:\WINDOWS\temp\winD0.tmp - deleted
C:\WINDOWS\temp\winD1.tmp - deleted
C:\WINDOWS\temp\winD13.tmp - deleted
C:\WINDOWS\temp\winD14.tmp - deleted
C:\WINDOWS\temp\winD2.tmp - deleted
C:\WINDOWS\temp\winD3.tmp - deleted
C:\WINDOWS\temp\winD38.tmp - deleted
C:\WINDOWS\temp\winD39.tmp - deleted
C:\WINDOWS\temp\winD4.tmp - deleted
C:\WINDOWS\temp\winD5.tmp - deleted
C:\WINDOWS\temp\winD57.tmp - deleted
C:\WINDOWS\temp\winD58.tmp - deleted
C:\WINDOWS\temp\winD6.tmp - deleted
C:\WINDOWS\temp\winD7.tmp - deleted
C:\WINDOWS\temp\winD8.tmp - deleted
C:\WINDOWS\temp\winD9.tmp - deleted
C:\WINDOWS\temp\winDA.tmp - deleted
C:\WINDOWS\temp\winDB.tmp - deleted
C:\WINDOWS\temp\winDC.tmp - deleted
C:\WINDOWS\temp\winDD.tmp - deleted
C:\WINDOWS\temp\winDE.tmp - deleted
C:\WINDOWS\temp\winDF.tmp - deleted
C:\WINDOWS\temp\winE.tmp - deleted
C:\WINDOWS\temp\winE0.tmp - deleted
C:\WINDOWS\temp\winE1.tmp - deleted
C:\WINDOWS\temp\winE2.tmp - deleted
C:\WINDOWS\temp\winE3.tmp - deleted
C:\WINDOWS\temp\winE4.tmp - deleted
C:\WINDOWS\temp\winE5.tmp - deleted
C:\WINDOWS\temp\winE6.tmp - deleted
C:\WINDOWS\temp\winE7.tmp - deleted
C:\WINDOWS\temp\winE8.tmp - deleted
C:\WINDOWS\temp\winE9.tmp - deleted
C:\WINDOWS\temp\winEA.tmp - deleted
C:\WINDOWS\temp\winEA.tmp.exe - deleted
C:\WINDOWS\temp\winEB.tmp - deleted
C:\WINDOWS\temp\winEC.tmp - deleted
C:\WINDOWS\temp\winED.tmp - deleted
C:\WINDOWS\temp\winEE.tmp - deleted
C:\WINDOWS\temp\winEF.tmp - deleted
C:\WINDOWS\temp\winF.tmp - deleted
C:\WINDOWS\temp\winF0.tmp - deleted
C:\WINDOWS\temp\winF1.tmp - deleted
C:\WINDOWS\temp\winF2.tmp - deleted
C:\WINDOWS\temp\winF3.tmp - deleted
C:\WINDOWS\temp\winF4.tmp - deleted
C:\WINDOWS\temp\winF5.tmp - deleted
C:\WINDOWS\temp\winF6.tmp - deleted
C:\WINDOWS\temp\winF7.tmp - deleted
C:\WINDOWS\temp\winF8.tmp - deleted
C:\WINDOWS\temp\winF9.tmp - deleted
C:\WINDOWS\temp\winFA.tmp - deleted
C:\WINDOWS\temp\winFB.tmp - deleted
C:\WINDOWS\temp\winFC.tmp - deleted
C:\WINDOWS\temp\winFD.tmp - deleted
C:\WINDOWS\temp\winFE.tmp - deleted
C:\WINDOWS\temp\winFF.tmp - deleted
C:\WINDOWS\temp\Cookies\ - deleted
C:\WINDOWS\temp\IntelChip\Chipins.log - deleted
C:\WINDOWS\temp\IntelChip\ - deleted
C:\WINDOWS\temp\nsfEE.tmp\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\ - deleted
C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted
C:\WINDOWS\temp\_avast4_\ - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Max\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Max\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Gast\Cookies\gast@de.f868.mail.yahoo[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@google[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ivwbox[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@mobile[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\AGRSMMSG.EXE-0034A7F7.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-2F40681F.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\E_S4I0C2.EXE-38A90D4E.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS(2).EXE-01BBF229.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-082C019D.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-20B0AFFE.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf - deleted
C:\WINDOWS\Prefetch\ISHOST.EXE-38143B6A.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHAP.EXE-055A5C9F.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSHTA.EXE-331DF029.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-32066BA5.pf - deleted
C:\WINDOWS\Prefetch\NMBGMONITOR.EXE-0BC10095.pf - deleted
C:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-1DBCF9FD.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted
C:\WINDOWS\Prefetch\OPXPAPP.EXE-164E3FC8.pf - deleted
C:\WINDOWS\Prefetch\OSD.EXE-1249DB6E.pf - deleted
C:\WINDOWS\Prefetch\PROCESS.EXE-04DD1489.pf - deleted
C:\WINDOWS\Prefetch\REALMON.EXE-040CB3EE.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1224CF94.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E68835.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1857459C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-30908AFF.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\SABSVC.EXE-09C5A199.pf - deleted
C:\WINDOWS\Prefetch\SADBLOCK.EXE-04FA6991.pf - deleted
C:\WINDOWS\Prefetch\SCUREAPP.EXE-2160E713.pf - deleted
C:\WINDOWS\Prefetch\SUPERADBLOCKER.EXE-29C776E2.pf - deleted
C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-254A7B2B.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VPNGUI.EXE-10986A0F.pf - deleted
C:\WINDOWS\Prefetch\VUNDOFIX.EXE-25D5E753.pf - deleted
C:\WINDOWS\Prefetch\WBUTTON.EXE-2B351ECF.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WLAN QUICK-STARTER.EXE-006F6477.pf - deleted
C:\WINDOWS\Prefetch\WLCONFIG.EXE-2F4818AC.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\ZYWATCH.EXE-3B845DFD.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 767.8 MB of disk space from 33934 files.
CleanUp! finished on 10/31/06 23:24:01.
-----------------------------------------------------------------------------------------------------------------------------------------
CleanUp! started on 10/31/06 23:30:17.
C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006103120061101\index.dat - deleted
C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006103120061101\ - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Max@file:///C:/Dokumente%20und%20Einstellungen/Max/Desktop/Logfiles/hijackthis.log - deleted
Visited: SYSTEM@res://SAdBlock.exe/%2323/%23131 - deleted
Visited: Max@file:///C:/Dokumente%20und%20Einstellungen/Max/Desktop/Logfiles/Neu%20Textdokument.txt - deleted
Visited: SYSTEM@res://SAdBlock.exe/%2323/%23159 - deleted
Visited: Max@res://C:\Programme\Softex\OmniPass\scureapp.exe/waitdlg.htm - deleted
Visited: Max@res://C:\Programme\Softex\OmniPass\scureapp.exe/index.html - deleted
Visited: SYSTEM@res://SAdBlock.exe/%2323/%23161 - deleted
C:\Dokumente und Einstellungen\Max\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Max\Recent\hijackthis.log.lnk - deleted
C:\Dokumente und Einstellungen\Max\Recent\Logfiles.lnk - deleted
C:\Dokumente und Einstellungen\Max\Recent\Neu Textdokument.txt.lnk - deleted
C:\DOKUME~1\Max\LOKALE~1\Temp\ginstall.dll - deleted
C:\DOKUME~1\Max\LOKALE~1\Temp\~DF20AE.tmp - deleted
C:\DOKUME~1\Max\LOKALE~1\Temp\~DFC9BF.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Max\LOKALE~1\Temp\~DFC9BF.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CLML_AGENT_LOG1.txt currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\sqlite_bBveZwEQF4RhXRa currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\Dokumente und Einstellungen\Max\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Max\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\AGRSMMSG.EXE-0034A7F7.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-2F40681F.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\ISHOST.EXE-38143B6A.pf - deleted
C:\WINDOWS\Prefetch\ISMINI.EXE-086D1795.pf - deleted
C:\WINDOWS\Prefetch\ISSEARCH.EXE-0E6059A7.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\ZYWATCH.EXE-3B845DFD.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 817.2 KB of disk space from 31 files.
CleanUp! finished on 10/31/06 23:30:18.
-------------------------------------------------------------
Max - 06-10-31 23:32:18,57 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Max\Desktop\Logfiles"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ixt0.dll
C:\Programme\Safety Bar
C:\WINDOWS\system32\components
C:\Programme\Gemeinsame Dateien\{3025F8D9-069F-1031-0104-060103060031}
C:\Programme\Gemeinsame Dateien\{E025F8D9-069F-1031-0104-060103060031}
((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))
2006-10-31 21:08 363,771 ---hs---- C:\WINDOWS\system32\fhkmp.ini2
2006-10-31 20:34 0 --a------ C:\WINDOWS\system32\cmmgr32.exe
2006-10-31 20:34 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-10-31 20:34 0 --------- C:\WINDOWS\system32\mspaint.exe
2006-10-30 22:36 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2006-10-30 22:36 298,571 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
2006-10-30 22:36 177,152 --a------ C:\WINDOWS\system32\CSGina.dll
2006-10-30 22:36 163,840 --a------ C:\WINDOWS\system32\vpnapi.dll
2006-10-30 22:36 139,604 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2006-10-30 22:36 113,596 --a------ C:\WINDOWS\system32\dneinobj.dll
2006-10-30 22:32 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-30 22:32 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-30 22:32 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-07 20:23 86,036 --a------ C:\WINDOWS\system32\peoxfyqf.dll
2006-10-07 20:23 684,084 --------- C:\WINDOWS\system32\pmkhf.dll
2006-10-07 20:23 357,812 ---hs---- C:\WINDOWS\system32\fhkmp.bak1
2006-10-07 20:23 143,380 --a------ C:\WINDOWS\system32\aftbciqe.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-31 23:40 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-31 23:29 -------- d-------- C:\Programme\WLAN Quick-Starter
2006-10-31 23:28 -------- d-------- C:\Programme\WLAN Monitor
2006-10-31 23:18 -------- d-------- C:\Programme\CleanUp!
2006-10-31 21:09 -------- d-------- C:\Programme\SuperAdBlocker.com
2006-10-31 20:58 -------- d-------- C:\Programme\SpyQuake2.com
2006-10-31 20:34 -------- d-------- C:\Programme\Launch Manager
2006-10-31 20:28 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-10-31 20:28 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\SuperAdBlocker.com
2006-10-30 22:36 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-30 22:36 -------- d-------- C:\Programme\Gemeinsame Dateien\Deterministic Networks
2006-10-30 22:36 -------- d-------- C:\Programme\Cisco Systems
2006-10-30 22:32 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-10-08 13:52 -------- d-------- C:\Programme\Warcraft III
2006-10-07 20:23 -------- d-------- C:\Programme\VSToolbar
2006-10-07 20:23 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\SearchToolbarCorp
2006-10-07 19:20 -------- d-------- C:\Programme\Windows NT
2006-10-03 18:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-10-03 18:18 -------- d-------- C:\Programme\Nero
2006-10-03 18:09 -------- d-------- C:\Programme\Ahead
2006-09-30 17:17 -------- d-------- C:\Programme\Gemeinsame Dateien\AccSys
2006-09-28 18:08 -------- d-------- C:\Programme\MyGlobalSearch
2006-09-25 18:23 -------- d-------- C:\Programme\Google
2006-09-22 18:44 -------- d---s---- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Microsoft
2006-09-22 18:44 -------- d-------- C:\Programme\Microsoft Digital Image 2006
2006-09-07 21:01 -------- d-------- C:\Programme\MSN
2006-09-07 21:01 -------- d-------- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\MSNInstaller
2006-09-05 15:08 -------- d-------- C:\Programme\MSN Messenger
2006-09-05 15:05 -------- d-------- C:\Programme\ALDI Sued Foto Service
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"SuperAdBlocker"="C:\\Programme\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AGRSMMSG"="AGRSMMSG.exe"
"LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\""
"HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\""
"Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AntivirusRegistration"="C:\\Programme\\CA\\Etrust Antivirus\\Register.exe"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"InstantOn"="\"C:\\Programme\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe"
"EPSON Stylus C64 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0C2.EXE /P23 \"EPSON Stylus C64 Series\" /O6 \"USB001\" /M \"Stylus C64\""
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"WLAN Quick-Starter"="\"C:\\Programme\\WLAN Quick-Starter\\WLAN Quick-Starter.exe\" -update"
"wlconfig"="\"C:\\Programme\\WLAN Monitor\\wlconfig.exe\" -autostart"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033 -noicon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\Msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-31 23:41:52.54
C:\ComboFix.txt ... 06-10-31 23:41
------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E025-F8D9
Verzeichnis von c:\
31.10.2006 23:48 0 dirdat.txt
31.10.2006 23:46 117.134 system32.txt
31.10.2006 23:41 12.280 ComboFix.txt
31.10.2006 23:40 1.072.156.672 hiberfil.sys
31.10.2006 23:40 1.073.741.824 pagefile.sys
05.10.2006 20:33 3.519 3526A5.tmp
05.10.2006 20:33 4.176 35269B.tmp
05.10.2006 20:33 4.322 352693.tmp
05.10.2006 20:32 4.322 352691.tmp
05.10.2006 20:32 4.249 35268B.tmp
05.10.2006 20:32 4.249 352684.tmp
05.10.2006 20:32 3.957 35267E.tmp
05.10.2006 20:32 3.957 35267A.tmp
05.10.2006 20:31 3.957 352676.tmp
05.10.2006 20:31 5.008 042672.tmp
05.10.2006 20:31 3.957 35266E.tmp
05.10.2006 20:31 5.154 04266D.tmp
05.10.2006 20:31 3.957 352668.tmp
05.10.2006 20:31 5.592 042667.tmp
05.10.2006 20:31 3.957 352662.tmp
05.10.2006 20:31 5.592 042661.tmp
05.10.2006 20:31 3.957 352656.tmp
05.10.2006 20:31 5.592 042655.tmp
05.10.2006 20:31 3.957 35264B.tmp
05.10.2006 20:31 5.592 04264A.tmp
05.10.2006 20:30 3.957 352638.tmp
05.10.2006 20:30 5.592 042637.tmp
05.10.2006 20:30 3.957 352629.tmp
05.10.2006 20:30 5.592 042628.tmp
05.10.2006 20:30 3.957 352622.tmp
05.10.2006 20:30 5.592 042621.tmp
05.10.2006 20:30 3.957 35261D.tmp
05.10.2006 20:30 5.592 04261C.tmp
05.10.2006 20:30 3.957 352616.tmp
05.10.2006 20:30 5.592 042615.tmp
05.10.2006 20:29 3.957 352610.tmp
05.10.2006 20:29 5.592 04260F.tmp
05.10.2006 20:29 3.957 35260A.tmp
05.10.2006 20:29 5.592 042609.tmp
05.10.2006 20:29 3.957 352604.tmp
05.10.2006 20:29 5.592 042603.tmp
05.10.2006 20:29 3.957 3525FC.tmp
05.10.2006 20:29 5.592 0425FB.tmp
05.10.2006 20:29 3.957 3525F6.tmp
05.10.2006 20:29 5.592 0425F5.tmp
05.10.2006 20:29 3.957 3525F0.tmp
05.10.2006 20:29 5.592 0425EF.tmp
05.10.2006 20:28 3.884 3525EA.tmp
05.10.2006 20:28 5.592 0425E9.tmp
05.10.2006 20:28 3.884 3525E5.tmp
05.10.2006 20:28 5.592 0425E4.tmp
05.10.2006 20:28 3.884 3525DF.tmp
05.10.2006 20:28 5.592 0425DE.tmp
05.10.2006 20:28 3.884 3525DA.tmp
05.10.2006 20:28 5.592 0425D9.tmp
05.10.2006 20:28 3.884 3525D0.tmp
05.10.2006 20:28 5.592 0425CF.tmp
05.10.2006 20:28 3.884 3525C9.tmp
05.10.2006 20:28 5.592 0425C8.tmp
05.10.2006 20:27 3.688 3525BE.tmp
05.10.2006 20:27 5.738 0425BD.tmp
05.10.2006 20:27 3.050 3525B6.tmp
05.10.2006 20:27 5.738 0425B5.tmp
05.10.2006 20:27 2.582 3525B3.tmp
05.10.2006 20:27 4.910 0425B2.tmp
05.10.2006 20:24 2.395 352571.tmp
05.10.2006 20:23 3.457 042570.tmp
03.10.2006 19:00 211 boot.ini
20.07.2006 08:48 150 YServer.txt
22.06.2006 15:18 16 mxfilerelatedcache.mxc2
30.12.2005 19:04 50 AUTOEXEC.BAT
30.12.2005 18:46 800 IPH.PH
30.12.2005 17:32 251.712 ntldr
30.12.2005 14:07 0 MSDOS.SYS
30.12.2005 14:07 0 CONFIG.SYS
30.12.2005 14:07 0 IO.SYS
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 47.564 NTDETECT.COM
78 Datei(en) 2.146.615.841 Bytes
0 Verzeichnis(se), 19.545.169.920 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E025-F8D9
Verzeichnis von C:\WINDOWS\system32
31.10.2006 23:48 363.825 fhkmp.ini2
31.10.2006 23:42 0 nvapps.xml
31.10.2006 23:40 2.206 wpa.dbl
31.10.2006 20:34 0 mspaint.exe
31.10.2006 20:34 0 cmmgr32.exe
30.10.2006 22:37 8 success
30.10.2006 21:12 393.706 perfh007.dat
30.10.2006 21:12 54.390 perfc009.dat
30.10.2006 21:12 382.646 perfh009.dat
30.10.2006 21:12 65.468 perfc007.dat
30.10.2006 21:12 905.072 PerfStringBackup.INI
08.10.2006 14:42 363.405 fhkmp.ini
08.10.2006 14:10 362.972 fhkmp.tmp
08.10.2006 12:32 4.286 ot.ico
08.10.2006 12:32 4.286 ts.ico
07.10.2006 20:23 143.380 aftbciqe.exe
07.10.2006 20:23 86.036 peoxfyqf.dll
07.10.2006 20:23 357.812 fhkmp.bak1
07.10.2006 20:23 684.084 pmkhf.dll
07.10.2006 19:20 57 mapisvc.inf
11.09.2006 18:37 8.960.936 MRT.exe
07.09.2006 12:54 57.384 avsda.dll
21.08.2006 13:26 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
28.07.2006 12:30 3.079.168 mshtml.dll
27.07.2006 14:25 679.424 inetcomm.dll
25.07.2006 21:42 617.472 urlmon.dll
21.07.2006 09:29 72.704 hlink.dll
2084 Datei(en) 429.730.032 Bytes
0 Verzeichnis(se), 19.545.042.944 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: E025-F8D9
Verzeichnis von C:\WINDOWS
31.10.2006 23:40 0 0.log
31.10.2006 23:40 3.922 ModemLog_Agere Systems HDA Modem.txt
31.10.2006 23:40 1.894.963 WindowsUpdate.log
31.10.2006 23:40 2.048 bootstat.dat
31.10.2006 23:38 32.548 SchedLgU.Txt
31.10.2006 20:34 153.852 setupapi.log
31.10.2006 20:34 0 ORUN32.EXE
21.10.2006 18:04 116 NeroDigital.ini
21.10.2006 17:47 140.618 ntbtlog.txt
08.10.2006 14:17 86.512 wmsetup.log
08.10.2006 11:46 426.737 FaxSetup.log
07.10.2006 20:12 50 wiaservc.log
07.10.2006 20:12 216 wiadebug.log
07.10.2006 19:21 88.359 ntdtcsetup.log
07.10.2006 19:21 63.922 iis6.log
07.10.2006 19:21 143.898 comsetup.log
07.10.2006 19:21 4.566 imsins.log
07.10.2006 19:21 22.910 ocmsn.log
07.10.2006 19:21 165.998 tsoc.log
07.10.2006 19:21 219.662 ocgen.log
07.10.2006 19:21 20.717 msgsocm.log
03.10.2006 19:00 227 system.ini
03.10.2006 19:00 685 win.ini
03.10.2006 18:17 27.056 Directx.log
26.09.2006 18:35 11.108 KB925486.log
26.09.2006 18:35 1.374 imsins.BAK
22.09.2006 17:58 183.887 setupact.log
15.09.2006 20:01 13.668 KB920685.log
15.09.2006 20:01 15.441 KB920872.log
15.09.2006 20:00 13.817 KB919007.log
15.09.2006 20:00 9.354 KB922582.log
15.09.2006 20:00 36.219 updspapi.log
11.09.2006 18:21 754 WORDPAD.INI
13.08.2006 21:07 16.630 KB920214.log
13.08.2006 21:07 16.349 KB921883.log
13.08.2006 21:07 16.205 KB922616.