Home » Spyware & Browser Hijacker Support Forum » Spywarequake und "VirusAlert!" » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

Spywarequake und "VirusAlert!"

Thema ist geschlossen!

13.06.2006, 09:51

adilescent

Member

Beiträge: 22

#1 Spywarequake meldete sich auch bei mir.. :-(
bitte um Hilfe
Seit dame habe ich "VirusAlert!" in meinem Toolbar. Ausserdem kommen immer Pop ups. Es gibt keine weiteren Viren, die von einem AntiVirus-Programm nicht beseitigt werden können.

Danke im Voraus

Gruss,
Adi

Logfile of HijackThis v1.99.1
Scan saved at 9:33:43, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\adi\LOKALE~1\Temp\Rar$EX06.657\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.11.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.2.11.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.photofunxl.de/virtualgallery/lounge2004/ThumbnailFrame.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/printfun/2623/activex/ImageUploader3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E45BD7-8C25-4C64-9DCF-4E2DD48CD95E}: NameServer = 10.2.11.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

(davor hab ich den cleanup schon 2 mal ausgeführt)
CleanUp! started on 06/13/06 09:37:20.
...
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\eq\presetdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\background.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\close.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\closedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\compleft.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\compleftdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\compright.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\comprightdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\cross.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\crossdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\default-font.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\default-fontb.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\drawerhandle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\eject.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\ejectdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\eq.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\eqdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\mainmenu.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\mainmenudown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\minimize.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\minimizedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\ml.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\mldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\next.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\nextdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\numfont.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\pause.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\pausedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\pl.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\play.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\playdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\pldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\previous.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\previousdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\repeat.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\repeatdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\seekbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\seekbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\shuffle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\shuffledown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\stop.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\stopdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\visback.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\vislayer.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\volumebar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\player\volumebutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\scripts\drawer.m - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\scripts\drawer.maki - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\xml\eqdrawer.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE4D6.tmp\xml\player.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\Read-Me.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\screenshot.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\skin.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\autooff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\autoon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqinfo.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqoff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\eqon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\preset.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\eq\presetdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\background.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\close.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\closedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\compleft.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\compleftdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\compright.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\comprightdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\cross.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\crossdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\default-font.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\default-fontb.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\drawerhandle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\eject.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\ejectdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\eq.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\eqdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\mainmenu.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\mainmenudown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\minimize.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\minimizedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\ml.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\mldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\next.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\nextdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\numfont.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\pause.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\pausedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\pl.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\play.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\playdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\pldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\previous.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\previousdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\repeat.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\repeatdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\seekbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\seekbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\shuffle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\shuffledown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\stop.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\stopdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\visback.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\vislayer.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\volumebar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\player\volumebutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\scripts\drawer.m - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\scripts\drawer.maki - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\xml\eqdrawer.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASE853.tmp\xml\player.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\Read-Me.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\screenshot.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\skin.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\autooff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\autoon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqinfo.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqoff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\eqon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\preset.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\eq\presetdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\background.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\close.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\closedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\compleft.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\compleftdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\compright.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\comprightdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\cross.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\crossdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\default-font.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\default-fontb.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\drawerhandle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\eject.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\ejectdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\eq.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\eqdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\mainmenu.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\mainmenudown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\minimize.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\minimizedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\ml.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\mldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\next.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\nextdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\numfont.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\pause.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\pausedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\pl.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\play.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\playdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\pldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\previous.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\previousdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\repeat.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\repeatdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\seekbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\seekbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\shuffle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\shuffledown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\stop.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\stopdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\visback.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\vislayer.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\volumebar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\volumebutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\scripts\drawer.m - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\scripts\drawer.maki - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\xml\eqdrawer.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\xml\player.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER1.tmp.dir00\manifest.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER1.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER10.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER16.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER2.tmp.dir00\manifest.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER2.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\Word8.0\MSForms.exd - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\Yahoo!\shortcuts.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\_is84\_ISMSIDEL.INI - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\VALUE.SHL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\CP_XP.reg - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{11C6FE9B-21BB-4CAC-8EEA-863A8ABFA3D5}\{70E35822-0E6C-4680-98EA-A85F46E6C04E}\ISUSRT.ini - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{5809e7cf-4dcf-11d4-9875-00105ace7734}\Register on the Logitech website.url - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\4c.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\6c.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\Bbrd1.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\GetCSIDLPath.DLL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\GetDXver.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\HELPER.DLL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\isuser.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\License.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\reboot.exe - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\RPC2.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\setup.inx - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\sim.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\VALUE.SHL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\value_VRX.shl - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\~nsu.tmp\Au_.exe - deleted
C:\WINDOWS\002587_.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET62.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\WINDOWS\SET71.tmp - deleted
C:\WINDOWS\temp\0CF6E057.TMP - deleted
C:\WINDOWS\temp\IEC48.tmp - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\62388.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Corecomp.ini - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Ctl3d32.dll - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\IsUninst.Exe - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\license.txt - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\value.shl - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@a.tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@atwola[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@mediaplex[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[3].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@sea.search.msn[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@search.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@www.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@a.tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@atwola[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@mediaplex[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[3].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@sea.search.msn[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@search.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@www.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACROBAT.EXE-2F9C16DD.pf - deleted
C:\WINDOWS\Prefetch\ACROTRAY.EXE-20597A61.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-14ECF2D7.pf - deleted
C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1FD09C3A.pf - deleted
C:\WINDOWS\Prefetch\AGENT.EXE-027CAB18.pf - deleted
C:\WINDOWS\Prefetch\AGENT.EXE-241FAAD9.pf - deleted
C:\WINDOWS\Prefetch\ATIPTAXX.EXE-12B5048A.pf - deleted
C:\WINDOWS\Prefetch\ATMCLK.EXE-15A39E48.pf - deleted
C:\WINDOWS\Prefetch\AU_.EXE-28CDBC3F.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-0AF4BE4A.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-1153812B.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-11D84391.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-167DE0B7.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-1C3CF2C5.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-282392A3.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-2F0ABDDA.pf - deleted
C:\WINDOWS\Prefetch\BMRIPPER127.EXE-339D298A.pf - deleted
C:\WINDOWS\Prefetch\CAMTRAY.EXE-0C961BAB.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP451.EXE-024414B5.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\CTPCCAM.EXE-086786FF.pf - deleted
C:\WINDOWS\Prefetch\DATALAYER.EXE-08722F91.pf - deleted
C:\WINDOWS\Prefetch\DCOMCFG.EXE-1E780C99.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DVB-TPLAYER.EXE-2E1BC0E9.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\DXOLE32.EXE-1FB557AC.pf - deleted
C:\WINDOWS\Prefetch\ECODEC.EXE-36D5B3BF.pf - deleted
C:\WINDOWS\Prefetch\EM_EXEC.EXE-1D53AFF5.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-3281D776.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HTPATCH.EXE-32EC189E.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-092EF074.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\INVENT.EXE-0E9D116A.pf - deleted
C:\WINDOWS\Prefetch\ISSCH.EXE-13FD372D.pf - deleted
C:\WINDOWS\Prefetch\ISUSPM.EXE-01DE8D55.pf - deleted
C:\WINDOWS\Prefetch\ISUSPM.EXE-1D77C392.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-37A5852C.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2E5491BE.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LD1031.TMP-370CCB46.pf - deleted
C:\WINDOWS\Prefetch\LD10DD.TMP-01908ECF.pf - deleted
C:\WINDOWS\Prefetch\LD11E7.TMP-35EDB3E4.pf - deleted
C:\WINDOWS\Prefetch\LD12D1.TMP-2AE5699A.pf - deleted
C:\WINDOWS\Prefetch\LD14B5.TMP-07565EFF.pf - deleted
C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf - deleted
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-091111D0.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf - deleted
C:\WINDOWS\Prefetch\NOBLETRIAL_SETUP.EXE-07B3114F.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-0082CBE3.pf - deleted
C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-2E1C999E.pf - deleted
C:\WINDOWS\Prefetch\PHOTOSHOPALBUM.EXE-38BE36C0.pf - deleted
C:\WINDOWS\Prefetch\POWERDVD.EXE-35D9A3BA.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-019F2E3D.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf - deleted
C:\WINDOWS\Prefetch\RC.EXE-0F2AF3FE.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-176E3A6D.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted
C:\WINDOWS\Prefetch\REGPERF.EXE-037EE2A7.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13D3118B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-17CC4B45.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-20BD056F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AE6C217.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-30C3492B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-32ABE66A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C727DD5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F3FF612.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-45FB727F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A1D972C.pf - deleted
C:\WINDOWS\Prefetch\SA4B.EXE-126204A2.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\SERVIC~1.EXE-22757822.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf - deleted
C:\WINDOWS\Prefetch\SISUSBRG.EXE-1A6118D0.pf - deleted
C:\WINDOWS\Prefetch\SPYWARE-QUAKE.EXE-22847CDF.pf - deleted
C:\WINDOWS\Prefetch\SPYWAREQUAKEINSTALLER[1].EXE-273EEDC2.pf - deleted
C:\WINDOWS\Prefetch\SV-CODEC-V4_01A.EXE-2D08BE6E.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TRAYAP~1.EXE-2F9B04F8.pf - deleted
C:\WINDOWS\Prefetch\UNINST.EXE-16EEBEC7.pf - deleted
C:\WINDOWS\Prefetch\UNINST.EXE-251C47D3.pf - deleted
C:\WINDOWS\Prefetch\UNWISE.EXE-2711F311.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted
C:\WINDOWS\Prefetch\UPDATER.EXE-068581D9.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VIEWMGR.EXE-0962BAFC.pf - deleted
C:\WINDOWS\Prefetch\VLC.EXE-29851A71.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\WINDOWS\Prefetch\WINAMPA.EXE-2BDF6A16.pf - deleted
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969333.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-03863732.pf - deleted
C:\WINDOWS\Prefetch\YPAGER.EXE-1463065A.pf - deleted
C:\WINDOWS\Prefetch\YUPDATER.EXE-054783A4.pf - deleted
Emptied Recycle Bin on drive C:
Emptied Recycle Bin on drive F:
Emptied Recycle Bin on drive G:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 821.0 MB of disk space from 49401 files.
CleanUp! finished on 06/13/06 09:39:26.

die 4 Logs werden angehangt. (datbat.doc)

Anhang: datbat.doc

Dieser Beitrag wurde am 13.06.2006 um 10:08 Uhr von adilescent editiert.

13.06.2006, 12:19

raman

Moderator

Beiträge: 7805

#2 Nutze bitte die Datentraegerbereinigung: http://support.microsoft.com/default.aspx?scid=kb;de;315246
und danach smitfraudfix nach Anleitung. http://siri.urz.free.fr/Fix/SmitfraudFix_De.php (Auch den Part mit "Reinigung")

Danach noch ein Kontrollscan mit Cureit http://virus-protect.org/cureit.html

Ein neuer Hijachthis und der Cureit Report solltest du danach noch wieder posten.
__________
MfG Ralf
SEO-Spam Hunter

14.06.2006, 01:58

adilescent

Member

Themenstarter

Beiträge: 22

#3 Dankeschön für die Hilfe, Ralf...
hier sind die Ergebnisse

Scan statistics

Objects scanned: 131210
Infected objects found: 4
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 4
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 4
Objects renamed: 0
Objects moved: 0
Objects ignored: 14
Scan speed: 425 Kb/s
Scan time: 01:05:15

--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:57:33, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Clean Up\drweb-cureit.exe
C:\DOKUME~1\adi\LOKALE~1\Temp\RarSFX0\_start.exe
C:\DOKUME~1\adi\LOKALE~1\Temp\RarSFX0\cureit.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\adi\LOKALE~1\Temp\Rar$EX00.468\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.11.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.2.11.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.photofunxl.de/virtualgallery/lounge2004/ThumbnailFrame.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/printfun/2623/activex/ImageUploader3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E45BD7-8C25-4C64-9DCF-4E2DD48CD95E}: NameServer = 10.2.11.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

mfG,
Adi

14.06.2006, 02:48

Sabina

Ehrenmitglied

Beiträge: 29434

#4 adilescent

poste bitte dieses log, um zu sehen, wie es dem Swizzor-Trojan so geht

look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint
http://virus-protect.org/zip/look.zip

+

Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

15.06.2006, 00:45

adilescent

Member

Themenstarter

Beiträge: 22

#5 ja ok

look.bat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi\Anwendungsdaten

10/08/2005 17:28 <DIR> Adobe
10/08/2005 17:13 <DIR> AdobeAUM
28/04/2005 01:21 <DIR> AdobeUM
19/04/2004 23:16 <DIR> APPLEC~1 Apple Computer
22/05/2005 22:56 <DIR> Azureus
07/12/2003 15:32 <DIR> Creative
07/02/2005 16:33 <DIR> DATALA~1 Datalayer
23/04/2005 17:01 19.360 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
28/07/2005 20:28 <DIR> Google
21/05/2004 19:17 <DIR> Help
30/06/2004 10:02 <DIR> ICQLite
06/11/2003 22:24 <DIR> IDENTI~1 Identities
17/11/2003 22:29 <DIR> INTERT~1 InterTrust
01/10/2004 22:51 <DIR> LEADER~1 Leadertech
04/12/2003 23:18 <DIR> MACROM~1 Macromedia
27/12/2005 23:29 <DIR> Mozilla
02/10/2004 13:00 <DIR> Nokia
02/12/2004 09:35 <DIR> NOKIAM~1 Nokia Multimedia Player
30/09/2004 23:29 <DIR> PCSUIT~1 PC Suite
05/12/2004 18:29 <DIR> Real
03/12/2003 16:19 <DIR> Sun
14/04/2005 19:50 <DIR> VIEWPO~1 Viewpoint
24/03/2006 22:02 <DIR> vlc
07/01/2004 19:35 <DIR> YAHOO!~1 Yahoo! Messenger
1 Datei(en) 19.360 Bytes
23 Verzeichnis(se), 4.084.867.072 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

29/03/2006 21:12 305 ADDR_F~1.HTM addr_file.html
30/09/2004 20:37 <DIR> Adobe
14/06/2006 21:29 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
06/11/2003 22:36 <DIR> CYBERL~1 CyberLink
24/01/2006 11:23 <DIR> INSTAL~1 InstallShield
28/04/2005 01:02 <DIR> MSN6
24/11/2005 23:42 <DIR> MYPHOT~1 MyPhotoFun-Polyprint
20/04/2006 01:12 <DIR> PopCap
19/04/2004 23:17 <DIR> QUICKT~1 QuickTime
20/12/2005 23:39 <DIR> Trymedia
14/04/2005 19:53 <DIR> VIEWPO~1 Viewpoint
02/10/2005 09:49 <DIR> WINDOW~1 Windows Genuine Advantage
1 Datei(en) 305 Bytes
11 Verzeichnis(se), 4.084.867.072 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\tasks

18/08/2001 14:00 65 desktop.ini
14/06/2006 20:15 6 SA.DAT
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 4.084.867.072 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi\Anwendungsdaten

10/08/2005 17:28 <DIR> Adobe
10/08/2005 17:13 <DIR> AdobeAUM
28/04/2005 01:21 <DIR> AdobeUM
19/04/2004 23:16 <DIR> APPLEC~1 Apple Computer
22/05/2005 22:56 <DIR> Azureus
07/12/2003 15:32 <DIR> Creative
07/02/2005 16:33 <DIR> DATALA~1 Datalayer
23/04/2005 17:01 19.360 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
28/07/2005 20:28 <DIR> Google
21/05/2004 19:17 <DIR> Help
30/06/2004 10:02 <DIR> ICQLite
06/11/2003 22:24 <DIR> IDENTI~1 Identities
17/11/2003 22:29 <DIR> INTERT~1 InterTrust
01/10/2004 22:51 <DIR> LEADER~1 Leadertech
04/12/2003 23:18 <DIR> MACROM~1 Macromedia
27/12/2005 23:29 <DIR> Mozilla
02/10/2004 13:00 <DIR> Nokia
02/12/2004 09:35 <DIR> NOKIAM~1 Nokia Multimedia Player
30/09/2004 23:29 <DIR> PCSUIT~1 PC Suite
05/12/2004 18:29 <DIR> Real
03/12/2003 16:19 <DIR> Sun
14/04/2005 19:50 <DIR> VIEWPO~1 Viewpoint
24/03/2006 22:02 <DIR> vlc
07/01/2004 19:35 <DIR> YAHOO!~1 Yahoo! Messenger
1 Datei(en) 19.360 Bytes
23 Verzeichnis(se), 4.084.768.768 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

29/03/2006 21:12 305 ADDR_F~1.HTM addr_file.html
30/09/2004 20:37 <DIR> Adobe
14/06/2006 21:29 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
06/11/2003 22:36 <DIR> CYBERL~1 CyberLink
24/01/2006 11:23 <DIR> INSTAL~1 InstallShield
28/04/2005 01:02 <DIR> MSN6
24/11/2005 23:42 <DIR> MYPHOT~1 MyPhotoFun-Polyprint
20/04/2006 01:12 <DIR> PopCap
19/04/2004 23:17 <DIR> QUICKT~1 QuickTime
20/12/2005 23:39 <DIR> Trymedia
14/04/2005 19:53 <DIR> VIEWPO~1 Viewpoint
02/10/2005 09:49 <DIR> WINDOW~1 Windows Genuine Advantage
1 Datei(en) 305 Bytes
11 Verzeichnis(se), 4.084.768.768 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\tasks

18/08/2001 14:00 65 desktop.ini
14/06/2006 20:15 6 SA.DAT
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 4.084.768.768 Bytes frei

datfindbat
sieh Anhang

Danke sehr für Eure Hilfe !
Echt ein tolles Forum. !

LG,
Adi

Anhang: Datfindbat.doc

15.06.2006, 01:22

Sabina

Ehrenmitglied

Beiträge: 29434

#6 1.
echo.zip
entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip

2.
öffne das HijackThis -- Button "scan" -- vor die Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

15.06.2006, 01:24

adilescent

Member

Themenstarter

Beiträge: 22

#7 10)DPF????
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\Downloaded Program Files

21/04/2005 07:47 <DIR> CONFLICT.1
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
25/07/2002 19:13 24.576 dwusplay.dll
25/07/2002 19:13 196.608 dwusplay.exe
12/12/2003 17:03 429 EGAUTH_pack.inf
28/03/2002 17:05 1.268 erma.inf
09/10/2003 13:55 365 f3initialsetup1.0.0.6.inf
21/04/2002 11:46 396 hotbar.inf
25/11/2004 09:37 337 ImageUploader_3.inf
06/06/2005 11:37 1.701.504 ImageUploader_3.ocx
15/06/2004 15:15 315.392 Install.dll
23/11/2001 12:56 122 Install.inf
13/04/2004 07:04 307.200 isusweb.dll
19/08/2003 21:06 740 jinstall-1_4_2_01.inf
29/05/2003 16:00 160.864 messengerstatsclient.dll
06/04/2004 19:03 172.072 MessengerStatsPAClient.dll
22/08/2003 08:49 220 MetaStream3.inf
20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd
29/05/2003 16:00 84.064 minesweeper.dll
18/11/1999 14:49 992 msaudio.inf
29/05/2003 16:00 77.408 msgrchkr.dll
14/03/2005 13:39 227 MsnMessengerSetupDownloader.inf
17/03/2005 14:48 113.152 MsnMessengerSetupDownloader.ocx
14/10/2005 11:02 372.736 MsnPUpld.dll
14/10/2005 12:49 587 MSNPupld.inf
05/11/2003 07:04 228 odyssey_webmoo.inf
10/02/2004 19:20 234 Ole32ws.inf
19/12/2003 17:02 126.976 popcaploader.dll
19/12/2003 15:43 241 popcaploader.inf
31/05/2002 09:19 117.328 purde-de.dll
22/09/2004 15:59 110.592 PURen-us.dll
09/10/2003 11:32 144 QTPlugin.inf
29/05/2003 16:00 86.112 solitaireshowdown.dll
27/08/2005 14:30 5.065 swflash.inf
30/06/2003 23:41 1.689 WMV9VCM.inf
09/09/2003 18:39 323 yinst.inf
06/04/2004 19:03 85.032 ZIntro.ocx
36 Datei(en) 4.067.082 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1

21/04/2005 07:47 <DIR> .
21/04/2005 07:47 <DIR> ..
0 Datei(en) 0 Bytes

Anzahl der angezeigten Dateien:
36 Datei(en) 4.067.082 Bytes
3 Verzeichnis(se), 4.083.040.256 Bytes frei

Nr. 2 auch schon gemacht ! :-)

Dieser Beitrag wurde am 15.06.2006 um 01:30 Uhr von adilescent editiert.

15.06.2006, 01:34

Sabina

Ehrenmitglied

Beiträge: 29434

#8 KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: ............

C:\WINDOWS\Downloaded Program Files\EGAUTH_pack.inf
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
C:\WINDOWS\Downloaded Program Files\hotbar.inf
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf

PC neustarten

mache einen Onlinescan mit Panda und poste den Scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

15.06.2006, 20:03

adilescent

Member

Themenstarter

Beiträge: 22

#9 hab sie angehangt....

danke

Anhang: Activescan.txt

15.06.2006, 20:15

Sabina

Ehrenmitglied

Beiträge: 29434

#10 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
hkey_local_machine\software\FunWebProducts
hkey_local_machine\software\MyWay
hkey_local_machine\software\Altnet
hkey_local_machine\software\MyWebSearch

Files to delete:
C:\WINDOWS\hosts
c:\windows\downloaded program files\Ole32ws.inf
C:\WINDOWS\Downloaded Program Files\Install.dll
C:\WINDOWS\Downloaded Program Files\Install.inf
c:\windows\NDNuninstall5_48.exe
c:\windows\smdat32a.sys
c:\windows\tmlpcert2005

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom Avenger, was erscheint
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 13:43

adilescent

Member

Themenstarter

Beiträge: 22

#11 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\arttnebb

*******************

Script file located at: \??\C:\fdcuhyyr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\hosts not found!
Deletion of file C:\WINDOWS\hosts failed!

Could not process line:
C:\WINDOWS\hosts
Status: 0xc0000034

File c:\windows\downloaded program files\Ole32ws.inf deleted successfully.
File C:\WINDOWS\Downloaded Program Files\Install.dll deleted successfully.

File C:\WINDOWS\Downloaded Program Files\Install.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\Install.inf failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\Install.inf
Status: 0xc0000034

File c:\windows\NDNuninstall5_48.exe deleted successfully.
File c:\windows\smdat32a.sys deleted successfully.
File c:\windows\tmlpcert2005 deleted successfully.
Registry key hkey_local_machine\software\FunWebProducts deleted successfully.
Registry key hkey_local_machine\software\MyWay deleted successfully.
Registry key hkey_local_machine\software\Altnet deleted successfully.
Registry key hkey_local_machine\software\MyWebSearch deleted successfully.

Completed script processing.

mfG,
Adi
*******************

Finished! Terminate.

18.06.2006, 14:17

Sabina

Ehrenmitglied

Beiträge: 29434

#12 scanne mit: Trend Micro Anti-Spyware for the Web
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

19.06.2006, 17:12

adilescent

Member

Themenstarter

Beiträge: 22

#13 hab ich :-)

Summary of Privacy Thread:

20 item(s) classified as Adware
13 item(s) classified as Tracking Cookie
5 item(s) classified as Dialer
1 item(s) classified as Trojan
6 item(s) classified as Parasite
4 item(s) classified as Browser Helper
1 item(s) classified as Worm
2 item(s) classified as EULAware

und nun '?

19.06.2006, 18:24

Sabina

Ehrenmitglied

Beiträge: 29434

#14 nun ? weiter kommt nichts ? so ein mist !!! wurde es wenigstens geleoscht ?
oder nur a n g e z e i g t

gibt es keinen ausfuehrlichen Report mit Pfad und den anderen schoenen Infos ????
__________
MfG Sabina

rund um die PC-Sicherheit

20.06.2006, 10:09

adilescent

Member

Themenstarter

Beiträge: 22

#15 hmm..
ich glaube nicht..
hab noch mal versucht, dann kommt den gleichen Report.
Wo kann ich den Report mit ausführlichen Pfad finden ?
es gibt drunter Optionen: Scan Result, Start Scan, Restore Cleaned Items, Exit

mfG,
Adi

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3