Virus Alert Was kann ich tun damit es weg geht

Thema ist geschlossen!
Thema ist geschlossen!
#0
15.06.2006, 20:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 Simon007

1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

2.
avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\hzclqhc.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\dxole32.exe
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\koo.dat
C:\YServer.txt
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3.
poste das log vom avenger, was erscheint

4.
SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Anleitung: http://virus-protect.org/artikel/tools/smitfrautfix.html

entpacke es ( falls kein zip-Tool vorhanden ist: http://www.paehl.de/german.php -->SIMPLYZIP)auf dem Desktop

1. doppelklick smitfraudfix.cmd
2. schreibe: 1 (es wird ein Report von den infizierten Dateien erstellt)
3. doppelklick smitfraudfix.cmd
4. schreibe: 2
auf die Frage: "Voulez-vous nettoyer le registre ?" antworte mit: o [o/n] , falls festgestellt wird, dass die Datei wininet.dll infiziert ist, antworte auf die Frage: " Corriger le fichier infecté ?" mit o [o/n] die Taskleiste verschwindet + Bildschirm..alles wird blau werden...warte...

wenn der Scan beeendet ist, kopiere die Logfile ab [C:\rapport.txt]

-------------------------------------------------------------
5.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann nach der Reinigung wieder aktivieren)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2006, 20:38
...neu hier

Beiträge: 4
#32 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yrfgdjxh

*******************

Script file located at: \??\C:\brmjplqq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully.
File C:\WINDOWS\system32\stdole3.tlb deleted successfully.
File C:\WINDOWS\system32\hzclqhc.dll deleted successfully.
File C:\WINDOWS\system32\ot.ico deleted successfully.
File C:\WINDOWS\system32\dxole32.exe deleted successfully.
File C:\WINDOWS\system32\ts.ico deleted successfully.
File C:\WINDOWS\system32\regperf.exe deleted successfully.
File C:\WINDOWS\IE4 Error Log.txt deleted successfully.
File C:\WINDOWS\koo.dat deleted successfully.
File C:\YServer.txt deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
15.06.2006, 20:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 o.k. ;)
poste dann auch das Log von smitfraud.fix (C:\rapport.txt), dann suche C:\avenger\backup.zip und loeschen
und deaktiviere die Systemwiederherstellung (dann wieder aktivieren)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2006, 20:43
...neu hier

Beiträge: 4
#34 SmitFraudFix v2.60

Scan done at 20:39:20,57, 15.06.2006
Run from C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Simon\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Simon\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




SmitFraudFix v2.60

Scan done at 20:40:02,78, 15.06.2006
Run from C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Seitenanfang Seitenende
15.06.2006, 20:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 alles wieder o.k. ??? ;)

den Bildschirm kannst du selbst nach Belieben wieder einstellen
rechtsklick auf das Desktop-> Eigenschaften
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2006, 20:54
...neu hier

Beiträge: 4
#36 jo :> Das vieh ist endlich weg, nur eine kurze Frage. Kommen meine BIldschirmhintergründe nach nem Neustart wieder?

Ich danke dir viemals für diese geile und schnelle Hilfe. Klasse, wie du uns heir hilfst :> TausendDank
Seitenanfang Seitenende
19.06.2006, 17:30
...neu hier

Beiträge: 2
#37 Servus ich habe auch diesen "VIrus Alert"

habe mal "hijacthis" benützt hier mal die log dazu:

Logfile of HijackThis v1.99.1
Scan saved at 17:24:47, on 19.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Winamp\winampa.exe
C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\a6c1583e.exe
C:\DOKUME~1\KENYON~1\EIGENE~1\FNTS~1\fast.exe
C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\01ed68f1.exe
C:\Dokumente und Einstellungen\KenyonMartin\Anwendungsdaten\?ystem\r?gedit.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\NN\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {67294BA9-DB3D-81B1-1FB3-D2BFA880D0E4} - C:\WINDOWS\system32\wcpnc.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: (no name) - {67294BA9-DB3D-81B1-1FB3-D2BFA880D0E4} - C:\WINDOWS\system32\wcpnc.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbxywuv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [a6c1583e.exe] C:\WINDOWS\system32\a6c1583e.exe
O4 - HKLM\..\Run: [01ed68f1.exe] C:\WINDOWS\system32\01ed68f1.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a6c1583e.exe] C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\a6c1583e.exe
O4 - HKCU\..\Run: [Oowa] "C:\DOKUME~1\KENYON~1\EIGENE~1\FNTS~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [01ed68f1.exe] C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\01ed68f1.exe
O4 - HKCU\..\Run: [Jueb] C:\Dokumente und Einstellungen\KenyonMartin\Anwendungsdaten\?ystem\r?gedit.exe

O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: AutoRuns.txt
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxywuv - C:\WINDOWS\SYSTEM32\cbxywuv.dll
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe





SO und jetzt der CleanUP!



CleanUp! started on 06/19/06 17:42:43.
...
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wx.pyc - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wxc.pyd - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wxmsw24h.dll - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\__init__.pyc - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\__version__.pyc - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\appcompat.txt - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\firefox.exe.hdmp - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\firefox.exe.mdmp - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\license.txt - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\value.shl - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_d3dx9_25_x64.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_d3dx9_25_x86.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_MDX_x86.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDA.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDANT.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDAXP.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\DirectX.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\DSETUP.dll - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dsetup32.dll - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxnt.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxsetup.exe - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxupdate.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Feb2005_d3dx9_24_x64.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Feb2005_d3dx9_24_x86.cab - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\launcher.exe - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\Launcher.inf - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\OEM - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\setuplng.dll - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\setups.exe - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\unregwtr.exe - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\WINWORD.msp - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wkclspgm.chm - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksclnbt.chm - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksfont.ttf - deleted
C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksfontb.ttf - deleted
C:\WINDOWS\002058_.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SETA.tmp - deleted
C:\WINDOWS\temp\CamServr.log - deleted
C:\WINDOWS\temp\CamWizrd.log - deleted
C:\WINDOWS\temp\hpzcoi00.log - deleted
C:\WINDOWS\temp\hpzcoi01.log - deleted
C:\WINDOWS\temp\hpzcoi02.log - deleted
C:\WINDOWS\temp\hpzcoi03.log - deleted
C:\WINDOWS\temp\Instmed.log - deleted
C:\WINDOWS\temp\InstVid.log - deleted
C:\WINDOWS\temp\LgDSetup.txt - deleted
C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat - deleted
C:\WINDOWS\temp\Perflib_Perfdata_548.dat - deleted
C:\WINDOWS\temp\svrhost.exe - deleted
C:\WINDOWS\temp\win1.tmp - deleted
C:\WINDOWS\temp\win2.tmp - deleted
C:\WINDOWS\temp\win200.tmp - deleted
C:\WINDOWS\temp\win203.tmp - deleted
C:\WINDOWS\temp\win204.tmp - deleted
C:\WINDOWS\temp\win207.tmp - deleted
C:\WINDOWS\temp\win208.tmp - deleted
C:\WINDOWS\temp\win233.tmp - deleted
C:\WINDOWS\temp\win234.tmp - deleted
C:\WINDOWS\temp\win235.tmp - deleted
C:\WINDOWS\temp\win236.tmp - deleted
C:\WINDOWS\temp\win268.tmp - deleted
C:\WINDOWS\temp\win269.tmp - deleted
C:\WINDOWS\temp\win26A.tmp - deleted
C:\WINDOWS\temp\win26B.tmp - deleted
C:\WINDOWS\temp\win26E.tmp - deleted
C:\WINDOWS\temp\win26F.tmp - deleted
C:\WINDOWS\temp\win270.tmp - deleted
C:\WINDOWS\temp\win271.tmp - deleted
C:\WINDOWS\temp\win27A.tmp - deleted
C:\WINDOWS\temp\win27B.tmp - deleted
C:\WINDOWS\temp\win27C.tmp - deleted
C:\WINDOWS\temp\win27D.tmp - deleted
C:\WINDOWS\temp\win280.tmp - deleted
C:\WINDOWS\temp\win281.tmp - deleted
C:\WINDOWS\temp\win282.tmp - deleted
C:\WINDOWS\temp\win28D.tmp - deleted
C:\WINDOWS\temp\win28E.tmp - deleted
C:\WINDOWS\temp\win28F.tmp - deleted
C:\WINDOWS\temp\win2B6.tmp - deleted
C:\WINDOWS\temp\win2B7.tmp - deleted
C:\WINDOWS\temp\win2B8.tmp - deleted
C:\WINDOWS\temp\win2CD.tmp - deleted
C:\WINDOWS\temp\win2CE.tmp - deleted
C:\WINDOWS\temp\win2CF.tmp - deleted
C:\WINDOWS\temp\win2ED.tmp - deleted
C:\WINDOWS\temp\win2EE.tmp - deleted
C:\WINDOWS\temp\win2EF.tmp - deleted
C:\WINDOWS\temp\win2F6.tmp - deleted
C:\WINDOWS\temp\win2F7.tmp - deleted
C:\WINDOWS\temp\win2F8.tmp - deleted
C:\WINDOWS\temp\win2F9.tmp - deleted
C:\WINDOWS\temp\win2FA.tmp - deleted
C:\WINDOWS\temp\win2FB.tmp - deleted
C:\WINDOWS\temp\win3.tmp - deleted
C:\WINDOWS\temp\win332.tmp - deleted
C:\WINDOWS\temp\win333.tmp - deleted
C:\WINDOWS\temp\win334.tmp - deleted
C:\WINDOWS\temp\win340.tmp - deleted
C:\WINDOWS\temp\win341.tmp - deleted
C:\WINDOWS\temp\win4.tmp - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaDe.rtf - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaEn.rtf - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaEs.rtf - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaFr.rtf - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaIt.rtf - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\InstallWizard.exe - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\SaiOsSpec.dll - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\DirectX\dsetup.dll - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data1.cab - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data1.hdr - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data2.cab - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\ikernel.ex_ - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\layout.bin - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\Setup.exe - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\Setup.ini - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\setup.inx - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data1.cab - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data1.hdr - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data2.cab - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\ikernel.ex_ - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\layout.bin - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\Setup.exe - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\Setup.ini - deleted
C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\setup.inx - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\KenyonMartin\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\KenyonMartin\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\3DSETUP.EXE-357760AC.pf - deleted
C:\WINDOWS\Prefetch\5424699.TMP-089B38F9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\ALBUMDB2.EXE-36D06D95.pf - deleted
C:\WINDOWS\Prefetch\ATLJABBER.EXE-23ADE3FD.pf - deleted
C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf - deleted
C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf - deleted
C:\WINDOWS\Prefetch\AUTORUN.EXE-377CFE57.pf - deleted
C:\WINDOWS\Prefetch\AutoRuns.txt - deleted
C:\WINDOWS\Prefetch\BL2001_PATCH.EXE-344B908C.pf - deleted
C:\WINDOWS\Prefetch\CL.EXE-04E1C6B6.pf - deleted
C:\WINDOWS\Prefetch\CLOKSPL.EXE-0585CB00.pf - deleted
C:\WINDOWS\Prefetch\CLOKSPL.EXE-06EFC98E.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf - deleted
C:\WINDOWS\Prefetch\CTPLAY.EXE-0682938E.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DEVENV.EXE-31CEB673.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DIVXSM.EXE-3407AB62.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EASOINSTALLER.EXE-30FA1B54.pf - deleted
C:\WINDOWS\Prefetch\EDITOR.EXE-23F0C560.pf - deleted
C:\WINDOWS\Prefetch\EDITOR2.EXE-0D9B70B4.pf - deleted
C:\WINDOWS\Prefetch\EHM2005.EXE-12293819.pf - deleted
C:\WINDOWS\Prefetch\EMULE.EXE-135621B8.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\FM2005.EXE-24B7FC1E.pf - deleted
C:\WINDOWS\Prefetch\FOOTBALLMANAGER.EXE-2ECA333F.pf - deleted
C:\WINDOWS\Prefetch\FOOTBALLMANAGER.ICD-029BA537.pf - deleted
C:\WINDOWS\Prefetch\FOOTBALLMANAGER.ICD-2368CC45.pf - deleted
C:\WINDOWS\Prefetch\FOOTBA~1.EXE-061FCDD4.pf - deleted
C:\WINDOWS\Prefetch\GAME#J2H.EXE-22C9F092.pf - deleted
C:\WINDOWS\Prefetch\GILDEGOLD.EXE-035566D1.pf - deleted
C:\WINDOWS\Prefetch\GTA3.EXE-0642F680.pf - deleted
C:\WINDOWS\Prefetch\GTA3_MYTY_MO_NOCD_CRACK.EXE-09995788.pf - deleted
C:\WINDOWS\Prefetch\GTA3_MYTY_MO_NOCD_CRACK.EXE-1A701484.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HL.EXE-14B85D17.pf - deleted
C:\WINDOWS\Prefetch\HL2.EXE-0B93352C.pf - deleted
C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted
C:\WINDOWS\Prefetch\HPHUSG04.EXE-3508B69A.pf - deleted
C:\WINDOWS\Prefetch\HPZENG07.EXE-3732AEC1.pf - deleted
C:\WINDOWS\Prefetch\HPZSTC07.EXE-14965F81.pf - deleted
C:\WINDOWS\Prefetch\HVIDEOS2.EXE-14D68569.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-092EF074.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\I_VIEW32.EXE-0B6C3BA4.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-0E3C6CF8.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHER.EXE-1DAC2EF3.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MANIFESTENGINE.EXE-06F4B0B1.pf - deleted
C:\WINDOWS\Prefetch\MSHTML2.EXE-2A6CB716.pf - deleted
C:\WINDOWS\Prefetch\MSHTML3.EXE-2492269C.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf - deleted
C:\WINDOWS\Prefetch\MSPDBSRV.EXE-374F2FCA.pf - deleted
C:\WINDOWS\Prefetch\NBA_LIVE_2006_2006_KEYGEN.EXE-2B4E8F9D.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted
C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-280EC446.pf - deleted
C:\WINDOWS\Prefetch\NHL06.EXE-0A91082F.pf - deleted
C:\WINDOWS\Prefetch\NHL06.EXE-227D44A2.pf - deleted
C:\WINDOWS\Prefetch\NHL06PATCH3-EU.EXE-36DAFACA.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted
C:\WINDOWS\Prefetch\OINS.EXE-0884BAB5.pf - deleted
C:\WINDOWS\Prefetch\OPENCASCADE_WIN32.EXE-102BD6D4.pf - deleted
C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf - deleted
C:\WINDOWS\Prefetch\POWERDVD.EXE-35D9A3BA.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\REGPERF.EXE-037EE2A7.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1219744B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-14FA0143.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F88488D.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-284F98D5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C98112A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-381F47DB.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3910966A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A2202A5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-43F81FC8.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AA67F81.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BE5028B.pf - deleted
C:\WINDOWS\Prefetch\RUNGAME.EXE-1C5AADE1.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
C:\WINDOWS\Prefetch\SETUPWINDOWS.EXE-0BC26C22.pf - deleted
C:\WINDOWS\Prefetch\SKYPE.EXE-21F19BC8.pf - deleted
C:\WINDOWS\Prefetch\SOFFICE.BIN-13DC9FB8.pf - deleted
C:\WINDOWS\Prefetch\SOFFICE.EXE-0BED0A91.pf - deleted
C:\WINDOWS\Prefetch\SPORTSWRAPPER.EXE-20BCC661.pf - deleted
C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted
C:\WINDOWS\Prefetch\START.EXE-2629DD07.pf - deleted
C:\WINDOWS\Prefetch\STEAM.EXE-378F9359.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SWRITER.EXE-0F096DD2.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-1C1FA5B1.pf - deleted
C:\WINDOWS\Prefetch\TEST1.EXE-0DA5276F.pf - deleted
C:\WINDOWS\Prefetch\UNINS000.EXE-1F9B2BD4.pf - deleted
C:\WINDOWS\Prefetch\VSJITDEBUGGER.EXE-022310C0.pf - deleted
C:\WINDOWS\Prefetch\WIN225.TMP.EXE-2C45B36A.pf - deleted
C:\WINDOWS\Prefetch\WIN22F.TMP.EXE-3422D893.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\WINDOWS\Prefetch\WINDOWS-SUN-1.3.1_06.EXE-0F11EBC6.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\_INS0432._MP-2C5EC704.pf - deleted
C:\WINDOWS\Prefetch\_IU14D2N.TMP-056144E0.pf - deleted
C:\WINDOWS\Prefetch\~E5.0001-30A82012.pf - deleted
C:\WINDOWS\Prefetch\~F51E43.TMP-33E46980.pf - deleted
C:\temp\100_0959.JPG - deleted
C:\temp\Thumbs.db - deleted
C:\temp\WMALog.txt - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 567.7 MB of disk space from 7861 files.
CleanUp! finished on 06/19/06 17:42:54.#







system32.txt von den letzten 3 monaten:
19.06.2006 17:52 4.980 stdole3.tlb
19.06.2006 17:32 3.936 ffastlog.txt
19.06.2006 17:32 39.018 nvapps.xml
19.06.2006 17:32 6.656 simpole.tlb
19.06.2006 17:32 28.672 hp100.tmp
19.06.2006 17:32 67.080 ld100.tmp
19.06.2006 16:38 176.128 yvvdj.dll
19.06.2006 16:38 47.616 dcomcfg.exe
19.06.2006 16:38 4.286 ot.ico
19.06.2006 16:38 10.556 atmclk.exe
19.06.2006 16:38 4.286 ts.ico
19.06.2006 16:36 39.437 cbxywuv.dll
19.06.2006 16:36 20.992 01ed68f1.exe
19.06.2006 16:36 156.672 oins.exe
19.06.2006 16:36 78.856 regperf.exe
19.06.2006 16:36 13.312 a6c1583e.exe
19.06.2006 16:36 15.317 winmbj32.dll
06.06.2006 16:53 139.264 wcpnc.dll

29.05.2006 18:50 2.206 wpa.dbl
03.05.2006 06:31 167.504 FNTCACHE.DAT
02.05.2006 16:32 76.238 perfc009.dat
02.05.2006 16:32 439.004 perfh009.dat
02.05.2006 16:32 462.088 perfh007.dat
02.05.2006 16:32 94.226 perfc007.dat
02.05.2006 16:32 939.322 PerfStringBackup.INI
25.04.2006 21:47 7.006 jupdate-1.5.0_06-b05.log
25.04.2006 21:06 5.691 mapisvc.inf
25.04.2006 21:06 69.632 system.mdw
11.04.2006 22:13 1.197 lvcoinst.log
02.03.2006 19:17 3.683 qtplugin.log
09.01.2006 20:37 34.064 lhacm.acm


Temp der letzten 3 MOnate:
Verzeichnis von C:\DOKUME~1\KENYON~1\LOKALE~1\Temp

19.06.2006 17:51 9.144 LVCOMSX.LOG
19.06.2006 17:42 78.404 jusched.log
19.06.2006 17:32 4.760 HPH1FC.tmp
19.06.2006 17:09 2.378.074 NAV.log
19.06.2006 17:05 16.384 ~DFA844.tmp
19.06.2006 17:05 16.384 ~DF79D0.tmp
19.06.2006 17:05 4.760 HPH1FB.tmp
19.06.2006 16:36 190 cli223.bat
19.06.2006 16:36 0 win23E.tmp
19.06.2006 16:36 43 removalfile.bat
19.06.2006 16:36 0 win23D.tmp
19.06.2006 16:36 0 win23C.tmp
19.06.2006 16:36 0 239.tmp
19.06.2006 16:36 0 win238.tmp
19.06.2006 16:36 78.336 win234.tmp.exe
19.06.2006 16:36 20.992 h91746.exe
19.06.2006 16:36 0 win232.tmp
19.06.2006 16:36 183.880 win231.tmp.exe
19.06.2006 16:36 0 win230.tmp
19.06.2006 16:36 0 win22E.tmp
19.06.2006 16:36 13.312 win22C.tmp.exe
19.06.2006 16:36 0 win22A.tmp
19.06.2006 16:36 13.312 win228.tmp.exe
19.06.2006 16:36 11.776 win225.tmp.exe
19.06.2006 16:36 0 win226.tmp
19.06.2006 16:36 1.031 win224.tmp
19.06.2006 16:36 15.317 cli223.tmp

19.06.2006 13:52 0 lw6206.tmp
19.06.2006 13:11 16.384 ~DFD0C3.tmp
19.06.2006 13:11 16.384 ~DFABFE.tmp
19.06.2006 13:11 4.760 HPH1FA.tmp
19.06.2006 03:28 16.384 ~DF8EB5.tmp
19.06.2006 03:28 16.384 ~DF8763.tmp
19.06.2006 01:18 0 8i52C1.tmp
19.06.2006 01:18 0 ikc2C0.tmp
19.06.2006 01:17 0 2nu2BF.tmp
19.06.2006 01:16 0 q092BD.tmp
19.06.2006 01:16 0 x062BB.tmp
19.06.2006 01:15 0 bf92B9.tmp
19.06.2006 01:13 0 jub2B8.tmp
19.06.2006 01:11 0 1be2B7.tmp
19.06.2006 01:09 0 fy72B6.tmp
19.06.2006 01:08 0 8z92B4.tmp
19.06.2006 01:08 0 fmb2B2.tmp
19.06.2006 01:07 0 0682B0.tmp
19.06.2006 01:06 0 fv22AF.tmp
19.06.2006 01:05 0 xz02AD.tmp
19.06.2006 01:04 0 oll2AB.tmp
19.06.2006 01:03 0 d192AA.tmp
19.06.2006 01:03 0 pau2A9.tmp
19.06.2006 00:59 0 ku02A8.tmp
19.06.2006 00:58 0 bah2A7.tmp
19.06.2006 00:58 0 skw2A6.tmp
19.06.2006 00:53 0 3r62A5.tmp
19.06.2006 00:52 0 w992A4.tmp
19.06.2006 00:49 0 bt42A3.tmp
19.06.2006 00:46 0 ew02A2.tmp
19.06.2006 00:46 0 rs62A0.tmp
19.06.2006 00:45 0 rxp29E.tmp
19.06.2006 00:44 0 9w329C.tmp
19.06.2006 00:44 0 upn29B.tmp
19.06.2006 00:43 0 vqg299.tmp
19.06.2006 00:40 0 asq297.tmp
19.06.2006 00:39 0 wj1295.tmp
19.06.2006 00:39 0 vk9294.tmp
19.06.2006 00:37 0 00x293.tmp
19.06.2006 00:37 0 yw2292.tmp
19.06.2006 00:35 0 kln291.tmp
19.06.2006 00:34 0 rcy290.tmp
19.06.2006 00:34 0 imu28F.tmp
19.06.2006 00:32 0 lj028E.tmp
19.06.2006 00:31 0 xeu28C.tmp
19.06.2006 00:30 0 rl428A.tmp
19.06.2006 00:30 0 am0289.tmp
19.06.2006 00:24 0 qdo288.tmp
19.06.2006 00:24 0 ccy287.tmp
19.06.2006 00:22 0 9ls286.tmp
19.06.2006 00:22 0 qq4284.tmp
19.06.2006 00:20 0 hy6282.tmp
19.06.2006 00:20 0 0er280.tmp
19.06.2006 00:15 0 77r27F.tmp
19.06.2006 00:14 0 uc727E.tmp
19.06.2006 00:10 0 z0427D.tmp
19.06.2006 00:09 0 n2627C.tmp
19.06.2006 00:07 0 fon27A.tmp
19.06.2006 00:06 0 op0279.tmp
19.06.2006 00:04 0 m43278.tmp
19.06.2006 00:04 0 98v277.tmp
19.06.2006 00:03 0 s0f274.tmp
19.06.2006 00:03 0 299276.tmp
19.06.2006 00:03 0 wag275.tmp
19.06.2006 00:01 0 7c7272.tmp
19.06.2006 00:00 0 yo4271.tmp
18.06.2006 23:52 0 2xj270.tmp
18.06.2006 23:52 0 m2526F.tmp
18.06.2006 23:47 0 0gr26D.tmp
18.06.2006 23:44 0 v0q26C.tmp
18.06.2006 23:43 0 fnd26B.tmp
18.06.2006 23:42 0 pwt26A.tmp
18.06.2006 23:41 0 ndx268.tmp
18.06.2006 23:40 0 ksu266.tmp
18.06.2006 23:37 0 jqa265.tmp
18.06.2006 23:36 0 59c263.tmp
18.06.2006 23:36 0 8w1262.tmp
18.06.2006 23:36 0 n1m260.tmp
18.06.2006 23:35 0 h1m25F.tmp
18.06.2006 23:35 0 93e25E.tmp
18.06.2006 23:34 0 1y225B.tmp
18.06.2006 23:34 0 e7r25A.tmp
18.06.2006 23:33 0 59p259.tmp
18.06.2006 23:31 0 i98258.tmp
18.06.2006 23:31 0 it6257.tmp
18.06.2006 23:30 0 y6n256.tmp
18.06.2006 23:29 0 lv2255.tmp
18.06.2006 23:29 0 vz4254.tmp
18.06.2006 23:28 0 ges253.tmp
18.06.2006 23:26 0 jes251.tmp
18.06.2006 23:24 0 6kv250.tmp
18.06.2006 23:22 0 1ih24F.tmp
18.06.2006 23:21 0 zk224E.tmp
18.06.2006 23:20 0 pck24D.tmp
18.06.2006 23:18 0 bnl24C.tmp
18.06.2006 23:17 0 9nb24B.tmp
18.06.2006 23:16 0 srd24A.tmp
18.06.2006 23:16 0 o3h249.tmp
18.06.2006 23:15 0 yaq248.tmp
18.06.2006 23:14 0 97o247.tmp
18.06.2006 23:13 0 v8q246.tmp
18.06.2006 23:11 0 eng245.tmp
18.06.2006 23:10 0 hu2244.tmp
18.06.2006 23:09 0 4u5243.tmp
18.06.2006 23:07 0 wx8242.tmp
18.06.2006 23:07 0 szp241.tmp
18.06.2006 23:06 0 ia5240.tmp
18.06.2006 23:05 0 ovk23F.tmp
18.06.2006 23:05 0 np023E.tmp

18.06.2006 15:07 4.760 HPH1F8.tmp
18.06.2006 12:06 16.384 ~DF9EE7.tmp
18.06.2006 12:06 16.384 ~DF880B.tmp
18.06.2006 12:06 4.760 HPH1F9.tmp
17.06.2006 11:08 16.384 ~DF94EE.tmp
17.06.2006 11:08 16.384 ~DF7307.tmp
17.06.2006 11:08 4.760 HPH1F7.tmp
17.06.2006 00:38 16.384 ~DF71E6.tmp
17.06.2006 00:38 16.384 ~DF8D1F.tmp
17.06.2006 00:38 4.760 HPH1F6.tmp
16.06.2006 10:01 16.384 ~DFA734.tmp
16.06.2006 10:01 16.384 ~DF8FC4.tmp
16.06.2006 10:01 4.760 HPH1F5.tmp
16.06.2006 01:55 16.384 ~DF6F03.tmp
Dieser Beitrag wurde am 19.06.2006 um 17:59 Uhr von KenyonMartin editiert.
Seitenanfang Seitenende
19.06.2006, 18:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38 KenyonMartin

1. SCHRITT:
smitfraud.fix anwenden
http://virus-protect.org/artikel/tools/smitfrautfix.html

2.
danach: poste noch mal die 4 Logs von datfindbat

3.
echo.zip
entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip
-------------

dann beginnt die eigentliche Reinigung..purityscan...usw.....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.06.2006, 19:20
...neu hier

Beiträge: 2
#39 Danke hat nach dem 1ten Schritt geklappt war im abg. modus und habe die regestrie gelöscht. Systemwiederherstellung wie vor einem Tag (hab das virus heute eingefangen) und nun ist wieder alles ok. dANKE
Seitenanfang Seitenende