Virus Alert Was kann ich tun damit es weg gehtThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
15.06.2006, 20:27
Ehrenmitglied
Beiträge: 29434 |
||
|
||
15.06.2006, 20:38
...neu hier
Beiträge: 4 |
#32
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\yrfgdjxh ******************* Script file located at: \??\C:\brmjplqq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully. File C:\WINDOWS\system32\stdole3.tlb deleted successfully. File C:\WINDOWS\system32\hzclqhc.dll deleted successfully. File C:\WINDOWS\system32\ot.ico deleted successfully. File C:\WINDOWS\system32\dxole32.exe deleted successfully. File C:\WINDOWS\system32\ts.ico deleted successfully. File C:\WINDOWS\system32\regperf.exe deleted successfully. File C:\WINDOWS\IE4 Error Log.txt deleted successfully. File C:\WINDOWS\koo.dat deleted successfully. File C:\YServer.txt deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
15.06.2006, 20:41
Ehrenmitglied
Beiträge: 29434 |
#33
o.k.
poste dann auch das Log von smitfraud.fix (C:\rapport.txt), dann suche C:\avenger\backup.zip und loeschen und deaktiviere die Systemwiederherstellung (dann wieder aktivieren) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.06.2006, 20:43
...neu hier
Beiträge: 4 |
#34
SmitFraudFix v2.60
Scan done at 20:39:20,57, 15.06.2006 Run from C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unzipped\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Simon\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Simon\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.60 Scan done at 20:40:02,78, 15.06.2006 Run from C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unzipped\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
15.06.2006, 20:52
Ehrenmitglied
Beiträge: 29434 |
#35
alles wieder o.k. ???
den Bildschirm kannst du selbst nach Belieben wieder einstellen rechtsklick auf das Desktop-> Eigenschaften __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.06.2006, 20:54
...neu hier
Beiträge: 4 |
#36
jo :> Das vieh ist endlich weg, nur eine kurze Frage. Kommen meine BIldschirmhintergründe nach nem Neustart wieder?
Ich danke dir viemals für diese geile und schnelle Hilfe. Klasse, wie du uns heir hilfst :> TausendDank |
|
|
||
19.06.2006, 17:30
...neu hier
Beiträge: 2 |
#37
Servus ich habe auch diesen "VIrus Alert"
habe mal "hijacthis" benützt hier mal die log dazu: Logfile of HijackThis v1.99.1 Scan saved at 17:24:47, on 19.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Winamp\winampa.exe C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\a6c1583e.exe C:\DOKUME~1\KENYON~1\EIGENE~1\FNTS~1\fast.exe C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\01ed68f1.exe C:\Dokumente und Einstellungen\KenyonMartin\Anwendungsdaten\?ystem\r?gedit.exe C:\Programme\22M WLAN\WLANMON.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\OpenOffice.org 2.0\program\soffice.exe C:\Programme\Creative\ShareDLL\MediaDet.Exe C:\Programme\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\System32\CTSvcCDA.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\NN\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - {67294BA9-DB3D-81B1-1FB3-D2BFA880D0E4} - C:\WINDOWS\system32\wcpnc.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll O2 - BHO: (no name) - {67294BA9-DB3D-81B1-1FB3-D2BFA880D0E4} - C:\WINDOWS\system32\wcpnc.dll O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbxywuv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [a6c1583e.exe] C:\WINDOWS\system32\a6c1583e.exe O4 - HKLM\..\Run: [01ed68f1.exe] C:\WINDOWS\system32\01ed68f1.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [a6c1583e.exe] C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\a6c1583e.exe O4 - HKCU\..\Run: [Oowa] "C:\DOKUME~1\KENYON~1\EIGENE~1\FNTS~1\fast.exe" -vt yazb O4 - HKCU\..\Run: [01ed68f1.exe] C:\Dokumente und Einstellungen\KenyonMartin\Lokale Einstellungen\Anwendungsdaten\01ed68f1.exe O4 - HKCU\..\Run: [Jueb] C:\Dokumente und Einstellungen\KenyonMartin\Anwendungsdaten\?ystem\r?gedit.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: AutoRuns.txt O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: cbxywuv - C:\WINDOWS\SYSTEM32\cbxywuv.dll O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe SO und jetzt der CleanUP! CleanUp! started on 06/19/06 17:42:43. ... C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wx.pyc - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wxc.pyd - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\wxmsw24h.dll - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\__init__.pyc - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\tmpwrfnqpinstall\setup_res\libs\wxPython\__version__.pyc - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\appcompat.txt - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\firefox.exe.hdmp - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\WER7198.dir00\firefox.exe.mdmp - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\license.txt - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\value.shl - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_d3dx9_25_x64.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_d3dx9_25_x86.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Apr2005_MDX_x86.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDA.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDANT.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\BDAXP.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\DirectX.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\DSETUP.dll - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dsetup32.dll - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxnt.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxsetup.exe - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxupdate.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Feb2005_d3dx9_24_x64.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\{AE79C72C-D03B-4708-9457-8816B4E14DA0}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\Feb2005_d3dx9_24_x86.cab - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\launcher.exe - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\Launcher.inf - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\OEM - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\setuplng.dll - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\setups.exe - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\unregwtr.exe - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\WINWORD.msp - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wkclspgm.chm - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksclnbt.chm - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksfont.ttf - deleted C:\DOKUME~1\KENYON~1\LOKALE~1\Temp\~WKS99TEMP\wksfontb.ttf - deleted C:\WINDOWS\002058_.tmp - deleted C:\WINDOWS\SET3.tmp - deleted C:\WINDOWS\SETA.tmp - deleted C:\WINDOWS\temp\CamServr.log - deleted C:\WINDOWS\temp\CamWizrd.log - deleted C:\WINDOWS\temp\hpzcoi00.log - deleted C:\WINDOWS\temp\hpzcoi01.log - deleted C:\WINDOWS\temp\hpzcoi02.log - deleted C:\WINDOWS\temp\hpzcoi03.log - deleted C:\WINDOWS\temp\Instmed.log - deleted C:\WINDOWS\temp\InstVid.log - deleted C:\WINDOWS\temp\LgDSetup.txt - deleted C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_548.dat - deleted C:\WINDOWS\temp\svrhost.exe - deleted C:\WINDOWS\temp\win1.tmp - deleted C:\WINDOWS\temp\win2.tmp - deleted C:\WINDOWS\temp\win200.tmp - deleted C:\WINDOWS\temp\win203.tmp - deleted C:\WINDOWS\temp\win204.tmp - deleted C:\WINDOWS\temp\win207.tmp - deleted C:\WINDOWS\temp\win208.tmp - deleted C:\WINDOWS\temp\win233.tmp - deleted C:\WINDOWS\temp\win234.tmp - deleted C:\WINDOWS\temp\win235.tmp - deleted C:\WINDOWS\temp\win236.tmp - deleted C:\WINDOWS\temp\win268.tmp - deleted C:\WINDOWS\temp\win269.tmp - deleted C:\WINDOWS\temp\win26A.tmp - deleted C:\WINDOWS\temp\win26B.tmp - deleted C:\WINDOWS\temp\win26E.tmp - deleted C:\WINDOWS\temp\win26F.tmp - deleted C:\WINDOWS\temp\win270.tmp - deleted C:\WINDOWS\temp\win271.tmp - deleted C:\WINDOWS\temp\win27A.tmp - deleted C:\WINDOWS\temp\win27B.tmp - deleted C:\WINDOWS\temp\win27C.tmp - deleted C:\WINDOWS\temp\win27D.tmp - deleted C:\WINDOWS\temp\win280.tmp - deleted C:\WINDOWS\temp\win281.tmp - deleted C:\WINDOWS\temp\win282.tmp - deleted C:\WINDOWS\temp\win28D.tmp - deleted C:\WINDOWS\temp\win28E.tmp - deleted C:\WINDOWS\temp\win28F.tmp - deleted C:\WINDOWS\temp\win2B6.tmp - deleted C:\WINDOWS\temp\win2B7.tmp - deleted C:\WINDOWS\temp\win2B8.tmp - deleted C:\WINDOWS\temp\win2CD.tmp - deleted C:\WINDOWS\temp\win2CE.tmp - deleted C:\WINDOWS\temp\win2CF.tmp - deleted C:\WINDOWS\temp\win2ED.tmp - deleted C:\WINDOWS\temp\win2EE.tmp - deleted C:\WINDOWS\temp\win2EF.tmp - deleted C:\WINDOWS\temp\win2F6.tmp - deleted C:\WINDOWS\temp\win2F7.tmp - deleted C:\WINDOWS\temp\win2F8.tmp - deleted C:\WINDOWS\temp\win2F9.tmp - deleted C:\WINDOWS\temp\win2FA.tmp - deleted C:\WINDOWS\temp\win2FB.tmp - deleted C:\WINDOWS\temp\win3.tmp - deleted C:\WINDOWS\temp\win332.tmp - deleted C:\WINDOWS\temp\win333.tmp - deleted C:\WINDOWS\temp\win334.tmp - deleted C:\WINDOWS\temp\win340.tmp - deleted C:\WINDOWS\temp\win341.tmp - deleted C:\WINDOWS\temp\win4.tmp - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaDe.rtf - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaEn.rtf - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaEs.rtf - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaFr.rtf - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\EulaIt.rtf - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\InstallWizard.exe - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\SaiOsSpec.dll - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\DirectX\dsetup.dll - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data1.cab - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data1.hdr - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\data2.cab - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\ikernel.ex_ - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\layout.bin - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\Setup.exe - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\Setup.ini - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Drivers\setup.inx - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data1.cab - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data1.hdr - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\data2.cab - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\ikernel.ex_ - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\layout.bin - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\Setup.exe - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\Setup.ini - deleted C:\WINDOWS\temp\Saitek\WebInstall\SD_WinNT_3_2_0_18\IWiz\Software\setup.inx - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\KenyonMartin\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\KenyonMartin\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\3DSETUP.EXE-357760AC.pf - deleted C:\WINDOWS\Prefetch\5424699.TMP-089B38F9.pf - deleted C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted C:\WINDOWS\Prefetch\ALBUMDB2.EXE-36D06D95.pf - deleted C:\WINDOWS\Prefetch\ATLJABBER.EXE-23ADE3FD.pf - deleted C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf - deleted C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf - deleted C:\WINDOWS\Prefetch\AUTORUN.EXE-377CFE57.pf - deleted C:\WINDOWS\Prefetch\AutoRuns.txt - deleted C:\WINDOWS\Prefetch\BL2001_PATCH.EXE-344B908C.pf - deleted C:\WINDOWS\Prefetch\CL.EXE-04E1C6B6.pf - deleted C:\WINDOWS\Prefetch\CLOKSPL.EXE-0585CB00.pf - deleted C:\WINDOWS\Prefetch\CLOKSPL.EXE-06EFC98E.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf - deleted C:\WINDOWS\Prefetch\CTPLAY.EXE-0682938E.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted C:\WINDOWS\Prefetch\DEVENV.EXE-31CEB673.pf - deleted C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted C:\WINDOWS\Prefetch\DIVXSM.EXE-3407AB62.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted C:\WINDOWS\Prefetch\EASOINSTALLER.EXE-30FA1B54.pf - deleted C:\WINDOWS\Prefetch\EDITOR.EXE-23F0C560.pf - deleted C:\WINDOWS\Prefetch\EDITOR2.EXE-0D9B70B4.pf - deleted C:\WINDOWS\Prefetch\EHM2005.EXE-12293819.pf - deleted C:\WINDOWS\Prefetch\EMULE.EXE-135621B8.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted C:\WINDOWS\Prefetch\FM2005.EXE-24B7FC1E.pf - deleted C:\WINDOWS\Prefetch\FOOTBALLMANAGER.EXE-2ECA333F.pf - deleted C:\WINDOWS\Prefetch\FOOTBALLMANAGER.ICD-029BA537.pf - deleted C:\WINDOWS\Prefetch\FOOTBALLMANAGER.ICD-2368CC45.pf - deleted C:\WINDOWS\Prefetch\FOOTBA~1.EXE-061FCDD4.pf - deleted C:\WINDOWS\Prefetch\GAME#J2H.EXE-22C9F092.pf - deleted C:\WINDOWS\Prefetch\GILDEGOLD.EXE-035566D1.pf - deleted C:\WINDOWS\Prefetch\GTA3.EXE-0642F680.pf - deleted C:\WINDOWS\Prefetch\GTA3_MYTY_MO_NOCD_CRACK.EXE-09995788.pf - deleted C:\WINDOWS\Prefetch\GTA3_MYTY_MO_NOCD_CRACK.EXE-1A701484.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted C:\WINDOWS\Prefetch\HL.EXE-14B85D17.pf - deleted C:\WINDOWS\Prefetch\HL2.EXE-0B93352C.pf - deleted C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted C:\WINDOWS\Prefetch\HPHUSG04.EXE-3508B69A.pf - deleted C:\WINDOWS\Prefetch\HPZENG07.EXE-3732AEC1.pf - deleted C:\WINDOWS\Prefetch\HPZSTC07.EXE-14965F81.pf - deleted C:\WINDOWS\Prefetch\HVIDEOS2.EXE-14D68569.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\IKERNEL.EXE-092EF074.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted C:\WINDOWS\Prefetch\I_VIEW32.EXE-0B6C3BA4.pf - deleted C:\WINDOWS\Prefetch\JAVA.EXE-0E3C6CF8.pf - deleted C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted C:\WINDOWS\Prefetch\LAUNCHER.EXE-1DAC2EF3.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\MANIFESTENGINE.EXE-06F4B0B1.pf - deleted C:\WINDOWS\Prefetch\MSHTML2.EXE-2A6CB716.pf - deleted C:\WINDOWS\Prefetch\MSHTML3.EXE-2492269C.pf - deleted C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf - deleted C:\WINDOWS\Prefetch\MSPDBSRV.EXE-374F2FCA.pf - deleted C:\WINDOWS\Prefetch\NBA_LIVE_2006_2006_KEYGEN.EXE-2B4E8F9D.pf - deleted C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-280EC446.pf - deleted C:\WINDOWS\Prefetch\NHL06.EXE-0A91082F.pf - deleted C:\WINDOWS\Prefetch\NHL06.EXE-227D44A2.pf - deleted C:\WINDOWS\Prefetch\NHL06PATCH3-EU.EXE-36DAFACA.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted C:\WINDOWS\Prefetch\OINS.EXE-0884BAB5.pf - deleted C:\WINDOWS\Prefetch\OPENCASCADE_WIN32.EXE-102BD6D4.pf - deleted C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf - deleted C:\WINDOWS\Prefetch\POWERDVD.EXE-35D9A3BA.pf - deleted C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted C:\WINDOWS\Prefetch\REGPERF.EXE-037EE2A7.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1219744B.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-14FA0143.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F88488D.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-284F98D5.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C98112A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-381F47DB.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3910966A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A2202A5.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-43F81FC8.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AA67F81.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BE5028B.pf - deleted C:\WINDOWS\Prefetch\RUNGAME.EXE-1C5AADE1.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted C:\WINDOWS\Prefetch\SETUPWINDOWS.EXE-0BC26C22.pf - deleted C:\WINDOWS\Prefetch\SKYPE.EXE-21F19BC8.pf - deleted C:\WINDOWS\Prefetch\SOFFICE.BIN-13DC9FB8.pf - deleted C:\WINDOWS\Prefetch\SOFFICE.EXE-0BED0A91.pf - deleted C:\WINDOWS\Prefetch\SPORTSWRAPPER.EXE-20BCC661.pf - deleted C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted C:\WINDOWS\Prefetch\START.EXE-2629DD07.pf - deleted C:\WINDOWS\Prefetch\STEAM.EXE-378F9359.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\SWRITER.EXE-0F096DD2.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-1C1FA5B1.pf - deleted C:\WINDOWS\Prefetch\TEST1.EXE-0DA5276F.pf - deleted C:\WINDOWS\Prefetch\UNINS000.EXE-1F9B2BD4.pf - deleted C:\WINDOWS\Prefetch\VSJITDEBUGGER.EXE-022310C0.pf - deleted C:\WINDOWS\Prefetch\WIN225.TMP.EXE-2C45B36A.pf - deleted C:\WINDOWS\Prefetch\WIN22F.TMP.EXE-3422D893.pf - deleted C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted C:\WINDOWS\Prefetch\WINDOWS-SUN-1.3.1_06.EXE-0F11EBC6.pf - deleted C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\WINDOWS\Prefetch\_INS0432._MP-2C5EC704.pf - deleted C:\WINDOWS\Prefetch\_IU14D2N.TMP-056144E0.pf - deleted C:\WINDOWS\Prefetch\~E5.0001-30A82012.pf - deleted C:\WINDOWS\Prefetch\~F51E43.TMP-33E46980.pf - deleted C:\temp\100_0959.JPG - deleted C:\temp\Thumbs.db - deleted C:\temp\WMALog.txt - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.1 recovered 567.7 MB of disk space from 7861 files. CleanUp! finished on 06/19/06 17:42:54.# system32.txt von den letzten 3 monaten: 19.06.2006 17:52 4.980 stdole3.tlb 19.06.2006 17:32 3.936 ffastlog.txt 19.06.2006 17:32 39.018 nvapps.xml 19.06.2006 17:32 6.656 simpole.tlb 19.06.2006 17:32 28.672 hp100.tmp 19.06.2006 17:32 67.080 ld100.tmp 19.06.2006 16:38 176.128 yvvdj.dll 19.06.2006 16:38 47.616 dcomcfg.exe 19.06.2006 16:38 4.286 ot.ico 19.06.2006 16:38 10.556 atmclk.exe 19.06.2006 16:38 4.286 ts.ico 19.06.2006 16:36 39.437 cbxywuv.dll 19.06.2006 16:36 20.992 01ed68f1.exe 19.06.2006 16:36 156.672 oins.exe 19.06.2006 16:36 78.856 regperf.exe 19.06.2006 16:36 13.312 a6c1583e.exe 19.06.2006 16:36 15.317 winmbj32.dll 06.06.2006 16:53 139.264 wcpnc.dll 29.05.2006 18:50 2.206 wpa.dbl 03.05.2006 06:31 167.504 FNTCACHE.DAT 02.05.2006 16:32 76.238 perfc009.dat 02.05.2006 16:32 439.004 perfh009.dat 02.05.2006 16:32 462.088 perfh007.dat 02.05.2006 16:32 94.226 perfc007.dat 02.05.2006 16:32 939.322 PerfStringBackup.INI 25.04.2006 21:47 7.006 jupdate-1.5.0_06-b05.log 25.04.2006 21:06 5.691 mapisvc.inf 25.04.2006 21:06 69.632 system.mdw 11.04.2006 22:13 1.197 lvcoinst.log 02.03.2006 19:17 3.683 qtplugin.log 09.01.2006 20:37 34.064 lhacm.acm Temp der letzten 3 MOnate: Verzeichnis von C:\DOKUME~1\KENYON~1\LOKALE~1\Temp 19.06.2006 17:51 9.144 LVCOMSX.LOG 19.06.2006 17:42 78.404 jusched.log 19.06.2006 17:32 4.760 HPH1FC.tmp 19.06.2006 17:09 2.378.074 NAV.log 19.06.2006 17:05 16.384 ~DFA844.tmp 19.06.2006 17:05 16.384 ~DF79D0.tmp 19.06.2006 17:05 4.760 HPH1FB.tmp 19.06.2006 16:36 190 cli223.bat 19.06.2006 16:36 0 win23E.tmp 19.06.2006 16:36 43 removalfile.bat 19.06.2006 16:36 0 win23D.tmp 19.06.2006 16:36 0 win23C.tmp 19.06.2006 16:36 0 239.tmp 19.06.2006 16:36 0 win238.tmp 19.06.2006 16:36 78.336 win234.tmp.exe 19.06.2006 16:36 20.992 h91746.exe 19.06.2006 16:36 0 win232.tmp 19.06.2006 16:36 183.880 win231.tmp.exe 19.06.2006 16:36 0 win230.tmp 19.06.2006 16:36 0 win22E.tmp 19.06.2006 16:36 13.312 win22C.tmp.exe 19.06.2006 16:36 0 win22A.tmp 19.06.2006 16:36 13.312 win228.tmp.exe 19.06.2006 16:36 11.776 win225.tmp.exe 19.06.2006 16:36 0 win226.tmp 19.06.2006 16:36 1.031 win224.tmp 19.06.2006 16:36 15.317 cli223.tmp 19.06.2006 13:52 0 lw6206.tmp 19.06.2006 13:11 16.384 ~DFD0C3.tmp 19.06.2006 13:11 16.384 ~DFABFE.tmp 19.06.2006 13:11 4.760 HPH1FA.tmp 19.06.2006 03:28 16.384 ~DF8EB5.tmp 19.06.2006 03:28 16.384 ~DF8763.tmp 19.06.2006 01:18 0 8i52C1.tmp 19.06.2006 01:18 0 ikc2C0.tmp 19.06.2006 01:17 0 2nu2BF.tmp 19.06.2006 01:16 0 q092BD.tmp 19.06.2006 01:16 0 x062BB.tmp 19.06.2006 01:15 0 bf92B9.tmp 19.06.2006 01:13 0 jub2B8.tmp 19.06.2006 01:11 0 1be2B7.tmp 19.06.2006 01:09 0 fy72B6.tmp 19.06.2006 01:08 0 8z92B4.tmp 19.06.2006 01:08 0 fmb2B2.tmp 19.06.2006 01:07 0 0682B0.tmp 19.06.2006 01:06 0 fv22AF.tmp 19.06.2006 01:05 0 xz02AD.tmp 19.06.2006 01:04 0 oll2AB.tmp 19.06.2006 01:03 0 d192AA.tmp 19.06.2006 01:03 0 pau2A9.tmp 19.06.2006 00:59 0 ku02A8.tmp 19.06.2006 00:58 0 bah2A7.tmp 19.06.2006 00:58 0 skw2A6.tmp 19.06.2006 00:53 0 3r62A5.tmp 19.06.2006 00:52 0 w992A4.tmp 19.06.2006 00:49 0 bt42A3.tmp 19.06.2006 00:46 0 ew02A2.tmp 19.06.2006 00:46 0 rs62A0.tmp 19.06.2006 00:45 0 rxp29E.tmp 19.06.2006 00:44 0 9w329C.tmp 19.06.2006 00:44 0 upn29B.tmp 19.06.2006 00:43 0 vqg299.tmp 19.06.2006 00:40 0 asq297.tmp 19.06.2006 00:39 0 wj1295.tmp 19.06.2006 00:39 0 vk9294.tmp 19.06.2006 00:37 0 00x293.tmp 19.06.2006 00:37 0 yw2292.tmp 19.06.2006 00:35 0 kln291.tmp 19.06.2006 00:34 0 rcy290.tmp 19.06.2006 00:34 0 imu28F.tmp 19.06.2006 00:32 0 lj028E.tmp 19.06.2006 00:31 0 xeu28C.tmp 19.06.2006 00:30 0 rl428A.tmp 19.06.2006 00:30 0 am0289.tmp 19.06.2006 00:24 0 qdo288.tmp 19.06.2006 00:24 0 ccy287.tmp 19.06.2006 00:22 0 9ls286.tmp 19.06.2006 00:22 0 qq4284.tmp 19.06.2006 00:20 0 hy6282.tmp 19.06.2006 00:20 0 0er280.tmp 19.06.2006 00:15 0 77r27F.tmp 19.06.2006 00:14 0 uc727E.tmp 19.06.2006 00:10 0 z0427D.tmp 19.06.2006 00:09 0 n2627C.tmp 19.06.2006 00:07 0 fon27A.tmp 19.06.2006 00:06 0 op0279.tmp 19.06.2006 00:04 0 m43278.tmp 19.06.2006 00:04 0 98v277.tmp 19.06.2006 00:03 0 s0f274.tmp 19.06.2006 00:03 0 299276.tmp 19.06.2006 00:03 0 wag275.tmp 19.06.2006 00:01 0 7c7272.tmp 19.06.2006 00:00 0 yo4271.tmp 18.06.2006 23:52 0 2xj270.tmp 18.06.2006 23:52 0 m2526F.tmp 18.06.2006 23:47 0 0gr26D.tmp 18.06.2006 23:44 0 v0q26C.tmp 18.06.2006 23:43 0 fnd26B.tmp 18.06.2006 23:42 0 pwt26A.tmp 18.06.2006 23:41 0 ndx268.tmp 18.06.2006 23:40 0 ksu266.tmp 18.06.2006 23:37 0 jqa265.tmp 18.06.2006 23:36 0 59c263.tmp 18.06.2006 23:36 0 8w1262.tmp 18.06.2006 23:36 0 n1m260.tmp 18.06.2006 23:35 0 h1m25F.tmp 18.06.2006 23:35 0 93e25E.tmp 18.06.2006 23:34 0 1y225B.tmp 18.06.2006 23:34 0 e7r25A.tmp 18.06.2006 23:33 0 59p259.tmp 18.06.2006 23:31 0 i98258.tmp 18.06.2006 23:31 0 it6257.tmp 18.06.2006 23:30 0 y6n256.tmp 18.06.2006 23:29 0 lv2255.tmp 18.06.2006 23:29 0 vz4254.tmp 18.06.2006 23:28 0 ges253.tmp 18.06.2006 23:26 0 jes251.tmp 18.06.2006 23:24 0 6kv250.tmp 18.06.2006 23:22 0 1ih24F.tmp 18.06.2006 23:21 0 zk224E.tmp 18.06.2006 23:20 0 pck24D.tmp 18.06.2006 23:18 0 bnl24C.tmp 18.06.2006 23:17 0 9nb24B.tmp 18.06.2006 23:16 0 srd24A.tmp 18.06.2006 23:16 0 o3h249.tmp 18.06.2006 23:15 0 yaq248.tmp 18.06.2006 23:14 0 97o247.tmp 18.06.2006 23:13 0 v8q246.tmp 18.06.2006 23:11 0 eng245.tmp 18.06.2006 23:10 0 hu2244.tmp 18.06.2006 23:09 0 4u5243.tmp 18.06.2006 23:07 0 wx8242.tmp 18.06.2006 23:07 0 szp241.tmp 18.06.2006 23:06 0 ia5240.tmp 18.06.2006 23:05 0 ovk23F.tmp 18.06.2006 23:05 0 np023E.tmp 18.06.2006 15:07 4.760 HPH1F8.tmp 18.06.2006 12:06 16.384 ~DF9EE7.tmp 18.06.2006 12:06 16.384 ~DF880B.tmp 18.06.2006 12:06 4.760 HPH1F9.tmp 17.06.2006 11:08 16.384 ~DF94EE.tmp 17.06.2006 11:08 16.384 ~DF7307.tmp 17.06.2006 11:08 4.760 HPH1F7.tmp 17.06.2006 00:38 16.384 ~DF71E6.tmp 17.06.2006 00:38 16.384 ~DF8D1F.tmp 17.06.2006 00:38 4.760 HPH1F6.tmp 16.06.2006 10:01 16.384 ~DFA734.tmp 16.06.2006 10:01 16.384 ~DF8FC4.tmp 16.06.2006 10:01 4.760 HPH1F5.tmp 16.06.2006 01:55 16.384 ~DF6F03.tmp Dieser Beitrag wurde am 19.06.2006 um 17:59 Uhr von KenyonMartin editiert.
|
|
|
||
19.06.2006, 18:11
Ehrenmitglied
Beiträge: 29434 |
#38
KenyonMartin
1. SCHRITT: smitfraud.fix anwenden http://virus-protect.org/artikel/tools/smitfrautfix.html 2. danach: poste noch mal die 4 Logs von datfindbat 3. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip ------------- dann beginnt die eigentliche Reinigung..purityscan...usw..... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.06.2006, 19:20
...neu hier
Beiträge: 2 |
#39
Danke hat nach dem 1ten Schritt geklappt war im abg. modus und habe die regestrie gelöscht. Systemwiederherstellung wie vor einem Tag (hab das virus heute eingefangen) und nun ist wieder alles ok. dANKE
|
|
|
||
1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
2.
avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
Zitat
Klicke die gruene Ampeldas Script wird nun ausgeführt, dann wird der PC automatisch neustarten
3.
poste das log vom avenger, was erscheint
4.
SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Anleitung: http://virus-protect.org/artikel/tools/smitfrautfix.html
entpacke es ( falls kein zip-Tool vorhanden ist: http://www.paehl.de/german.php -->SIMPLYZIP)auf dem Desktop
1. doppelklick smitfraudfix.cmd
2. schreibe: 1 (es wird ein Report von den infizierten Dateien erstellt)
3. doppelklick smitfraudfix.cmd
4. schreibe: 2
auf die Frage: "Voulez-vous nettoyer le registre ?" antworte mit: o [o/n] , falls festgestellt wird, dass die Datei wininet.dll infiziert ist, antworte auf die Frage: " Corriger le fichier infecté ?" mit o [o/n] die Taskleiste verschwindet + Bildschirm..alles wird blau werden...warte...
wenn der Scan beeendet ist, kopiere die Logfile ab [C:\rapport.txt]
-------------------------------------------------------------
5.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann nach der Reinigung wieder aktivieren)
__________
MfG Sabina
rund um die PC-Sicherheit