Home » Viren, Trojaner & Malware Forum » Spywarequake aufgabe 1 schon gemacht » Themenansicht

Spywarequake aufgabe 1 schon gemacht
#0
20.08.2006, 02:17
Nellicue
...neu hier

Beiträge: 4
#1 Hallo, nett das ihr das hier alles schreibt. ich bin kein computerexperte und brauche Hilfe, bin am Verzewifeln. mein laptop spinnt jetzt auch noch, das hat er noch nie gemacht, der bildschirm ist plötzlich schwarz geworden und dann immer die nachrichten von spywarequake.
hier erstmal aufgabe 1:
Logfile of HijackThis v1.99.1
Scan saved at 02:18:05, on 20.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\IntCodec\isamonitor.exe
C:\Programme\IntCodec\pmsngr.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\IntCodec\pmmon.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\IntCodec\isamini.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Nelli\LOKALE~1\Temp\Rar$EX00.427\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.rrz.uni-hamburg.de:81
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\IntCodec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nellicue.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127688403137
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?2de704c7de34659d1426bdbf7305713b71f63c21a9362cd448d0394fa7e25770eb7c2f805dd491215862bf84e3cc4da159cef9c612b7dca9fb551573457330:22b32e0c79951ba72dbf4c44a0363a5c
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe












habe jetzt aufgabe 2 machen wollen aber clean up habe ich erst im demo laufen lassen. der will mir 815mb entfernen ist das normal?
CleanUp! started on 08/20/06 02:23:06.
...
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8398d02cafb71c6b7bb7406ae00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8837053098c21c69c7c6cb02a00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8837053098c21c69c7c6cb02a00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~897c04407bfb1c6c3c6d4563c00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~897c04407bfb1c6c3c6d4563c00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~897c04446e0f1c6c3c71e3f2200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~897c04446e0f1c6c3c71e3f2200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8a31bd001238a1c0dd5f14626c00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8a31bd001238a1c0dd5f14626c00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8c37053097821c69c7ca3864000.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8c37053097821c69c7ca3864000.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d0478a49b4a21c6becddfdccb00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d0478a49b4a21c6becddfdccb00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d7c0440848b1c6c3c6c7394d00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d7c0440848b1c6c3c6c7394d00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d7c0444653b1c6c3c7b2c5200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~8d7c0444653b1c6c3c7b2c5200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9198d003de7f1c6b7bb8bde3200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9198d003de7f1c6b7bb8bde3200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~97047891bccfd1c6becdea976000.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~97047891bccfd1c6becdea976000.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9768d1e6185e1c696c04d376100.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9768d1e6185e1c696c04d376100.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9b3601c0acdd1bf650779110c00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9b3601c0acdd1bf650779110c00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9bdca00e160a1c6b2932528b800.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9bdca00e160a1c6b2932528b800.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9f0478b8a4cec1c6becddb181700.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9f0478b8a4cec1c6becddb181700.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9f7c046b66b71c6c3c728f9b700.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~9f7c046b66b71c6c3c728f9b700.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~a70478b99ff9e1c6becdd6536300.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~a70478b99ff9e1c6becdd6536300.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~a770e382b0c0c1c6becde23f2500.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~a770e382b0c0c1c6becde23f2500.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~af59518a288971c2eda2dc853f00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~af59518a288971c2eda2dc853f00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b7047891bb70d1c6becdea976000.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b7047891bb70d1c6becdea976000.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b77c04446aa71c6c3c6ff409000.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b77c04446aa71c6c3c6ff409000.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b98807d462331c6b72c91d90200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~b98807d462331c6b72c91d90200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bb0478a5abb2b1c6becde3705200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bb0478a5abb2b1c6becde3705200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bb7c044553471c6c3c6e637df00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bb7c044553471c6c3c6e637df00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~be370535b3161c69c7cb8fb6a00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~be370535b3161c69c7cb8fb6a00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bf0478a5934ee1c6becde703d900.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~bf0478a5934ee1c6becde703d900.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c1047890b17361c6becdecf9ba00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c1047890b17361c6becdecf9ba00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c17c04454cfb1c6c3c6f485fb00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c17c04454cfb1c6c3c6f485fb00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c261783c4692e1bf6503cdb28800.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~c261783c4692e1bf6503cdb28800.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cb0478a49ea491c6becde703d900.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cb0478a49ea491c6becde703d900.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cb3f963a55a31c6b72a1c6c3200.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cb3f963a55a31c6b72a1c6c3200.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cd047891b43a51c6becde8350600.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~cd047891b43a51c6becde8350600.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~d0478b8acc7e1c6becdd6536300.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~d0478b8acc7e1c6becdd6536300.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~d70478a4a10091c6becde23f2500.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~d70478a4a10091c6becde23f2500.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~DF91C9.tmp - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~DF91DD.tmp - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~DF91EB.tmp - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~df98d002d9b31c6b7bb9698c700.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~df98d002d9b31c6b7bb9698c700.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~DFDD8B.tmp - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e17c04455a431c6c3c6ee901a00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e17c04455a431c6c3c6ee901a00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e768d1e77dc21c696c08b348500.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e768d1e77dc21c696c08b348500.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e7c332c33e9b21c078dba3580700.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~e7c332c33e9b21c078dba3580700.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f398d02d80631c6b7bb7ff27000.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f398d02d80631c6b7bb7ff27000.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f6dfdfba450ae1c6be0a1ea94d00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f6dfdfba450ae1c6be0a1ea94d00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f70478a4b914a1c6becde23f2500.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f70478a4b914a1c6becde23f2500.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f837053185e21c69c7c83568100.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f837053185e21c69c7c83568100.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f9170b241bf7ed1c14ea6a271f700.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f9170b241bf7ed1c14ea6a271f700.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f98d003ae7b1c6b7bbdcee2600.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~f98d003ae7b1c6b7bbdcee2600.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fb047890b59261c6becdecf9ba00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fb047890b59261c6becdecf9ba00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fd7c044158eb1c6c3c6cf918800.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fd7c044158eb1c6c3c6cf918800.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fd7c044564e31c6c3c718494100.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fd7c044564e31c6c3c718494100.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fe37053ab2061c69c78ec3bfa00.jpd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\~fe37053ab2061c69c78ec3bfa00.jpg - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\blobby\graph.pak - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\+0gIc46I6E4AseikEIXXvk4BeYM= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\0Oimbss3BLNfPgLOEXHLxB22KFo= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\0xIhWHQNRKWyUClL+3B0RGVv8gw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\1qNJ7HDwCEDe82F7trjhyhzj0AbQ= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2FCwj3COQrZ0qtiDcaY4Mz8HED08= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2FGeqf0NkqFMPUzY6lMMtwdAkdwU= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2FHTgc7IrLlvougAPiZM3I1MDKaY= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2FOpisnxWC2C8xBCk3f0pAX16iGk= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2KYbHAseTG3+n1V5xCgFqlUFYwA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\31QGsXxwc3IkrQbPy2B5TJDZc+A= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\3Ccachedsoap id=22-176493546022 2F3E - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\3Ccachedsoap id=2292788043122 2F3E - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\3LUXGby2F+U42F5SSiKvOUWuUGbDw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\5TiFMJtcZV65NzadgUf39GG5HOI= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\7HvqvwsoCwpgrWAYKXo6xDD3t60= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\8bnBr+lBUWODzft6YmSdgfA0C+Q= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\AEAIbL9huaPDx2F6uu+x+X88kzBs= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\aJXTc9410RQHir6hg8F4Q+oVT+E= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\B7Qm8UyOTSX4yAYrRN+aVvjQULc= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\BhaG0g83t1jI0YflkXqAmwAGB0Q= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ChLVohKGe6Y2Fg2Fz4pMBx4EWvOAY= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\CLNhWSJf6xoRRYZ2FMadJmJrvx+4= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\CZNRY3st+UyYscjArUhk7Zi42iA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\dBRc3sK+8A+PJW50EtbxoLAH5iE= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\dkrsDSiPvlu4oVb5w9x4wnAdtE8= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\dPwy2y3lB2FyuFUcs9yK4p8Z1xJc= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\DqC+qTed3eFXUBzyPYEIq1A15NA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\eyeUbBYjhC1cQYDvfriXlq8P2ZI= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\fKveza0wEOikKaciGZ96Ns1NbDM= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ft5GmXPYgedo2TM68Lz7xdYUcaA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\fyv70+dTOmwESmVQiRzWMHM2DAk= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\g21FijRqDxSTrct3wR9yJuRfebs= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\H+COBnYJysIIdv2FY3HrxWffCJoo= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\hGCM3OENYUzj3Ls9qwiCY2ux3TY= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\hla6T+mslpfq9A2z6kZmXjOKNQc= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ITaWmZnhF+e9dsfHL8kQibRIHLM= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\IV2FGElzYtjU2Fc2FhR4pVoR2FyxTHw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\IYqe6D0UTJ6v3Lqh86pU5uz2384= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\j7uQRfJfGhVSyMACWjeM8CepveQ= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ji0qUS4uEPRqIpFJO6lXoAmqcF4= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\JOU9fFgZKIF9GBfCEjX2FU8GwCMA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\jyGTrQxog81V27J9vXSF06zSNZs= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\khIvgpLDIUc19RzLSIfySwuISSM= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\kLw710GD7gymcDVcd2MiFXQ5T20= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\KnIXcHylXPrB+TSwW6aPStQFzig= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\KOib6Sxhq08IAu5WUs+VNuXLqyE= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\Ld6vchNEMvQFuFfd9Cxf4WnABQk= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\lemCmp9XfUDuTS1WNH2IumkoZmw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\lHU9NbxppYfVYdV2vPZOv4V4S9c= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\LU9e09HVMsArY6nIgkUK7RfyqQo= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\m+9kOth0fbCg5ju36GmMe3YCOh4= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\mcmBwPXgwPT9AzaYvW3WYmFooLc= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\N2J6UN6WrNhX2AhSPaALwfgWqTg= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\nT+YQDkLTAhJNGeNqqpdKah6v+c= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\oX+jwmGD7191rxmXNGdXhlkYOWo= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\oyrDt2sFdum52FsjPfjVTririIsA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\p2FHPnirk965avF9xPvcqx6UBVls= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\pBTo6Bk1ht2FMuOV2Ad6EpEwE3kk= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\Psf3tUCOxyOAW4VnMmTMY2F3T7NQ= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\q2fQvw2FwMaa+7CvLuUbPNCRx07U= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\QDUD5RhMh62FXZyUxL2F0yZv3DsA0= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\qGi6L++SfbyA47lxKxLDvBeMZz0= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\QHm3eCyUJg4+98GCDREqFDng4Rc= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\R6ltP0qdfolR8BTxJBY5VOvJ60Q= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\riV4MwuFw0R7Cb2FJ8ExCV2xOz4k= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ronsRH2F65al4rT7e+MwRlkL7O0E= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\RRyMNF42FOm7VeA9RAXzDd3pkMkA= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\U0iiYafGCpTlhTPx23eWPnoWZ4k= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\Ugz1BRx+ufxffFqsVhHDtg2Fb3pU= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\uQffTO3UdrfN8Yd34bDDmdZi3Fo= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\VAEbUnPA5RUGTKiP2FvfHh9zDGg0= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\vBxYU0lDW2FmufAQzIev0C2F78SH8= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\VegBLXSVUolgt6V82fD+DFP1Nio= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\VpRgfaXZLpvUnErKcvmvvWmQYAs= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\W0elKkRzybN0Ies7fOxgZsctAs8= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\w3Tltk5LGj9Y+mg4bBAY24ltNGs= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\W8DIS6N7g4ztZF2Y2Ft06b9gJzaw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\Y1deYDebdepOQf6r2FVSBTn7otI0= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\yemnoH7muhwg1q+BFYnGNEdbZGw= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\yV5WkdIq2RI+MsSfiMdnZjiyGO4= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\yzWkNl1ZbVZZqLSgfoYSN7N7O4k= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\MessengerCache\ZI1ZY4LrulgtILUCuB9CxpJV95g= - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\Rar$EX01.387\HijackThis.exe - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\TempFolder.aaa\Macromedia.lok - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\Word8.0\MSForms.exd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\VALUE.SHL - deleted
C:\DOKUME~1\Nelli\LOKALE~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\VALUE.SHL - deleted
C:\WINDOWS\001170_.tmp - deleted
C:\WINDOWS\003723_.tmp - deleted
C:\WINDOWS\temp\mdxredist.msi - deleted
C:\WINDOWS\temp\mpasbase.vdm - deleted
C:\WINDOWS\temp\mpasdlta.vdm - deleted
C:\WINDOWS\temp\MpCmdRun.log - deleted
C:\WINDOWS\temp\MpEngine.dll - deleted
C:\WINDOWS\temp\MpSigStub.log - deleted
C:\WINDOWS\temp\rnlog.txt - deleted
C:\WINDOWS\temp\scs43.tmp - deleted
C:\WINDOWS\temp\scs44.tmp - deleted
C:\WINDOWS\temp\SPL19.tmp - deleted
C:\WINDOWS\temp\SPL8F.tmp - deleted
C:\WINDOWS\temp\TMP000000318061772050FCD16B - deleted
C:\WINDOWS\temp\WER1.tmp - deleted
C:\WINDOWS\temp\BullGuard\bulldownload.exe - deleted
C:\WINDOWS\temp\CDM\PList\PList_0.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_1.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_10.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_11.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_12.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_13.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_14.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_15.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_16.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_17.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_18.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_19.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_2.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_20.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_21.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_22.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_23.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_24.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_25.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_26.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_3.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_4.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_5.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_6.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_7.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_8.inf - deleted
C:\WINDOWS\temp\CDM\PList\PList_9.inf - deleted
C:\WINDOWS\temp\Cookies\index.dat - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted
C:\WINDOWS\temp\WER1.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER1.tmp.dir00\manifest.txt - deleted
C:\WINDOWS\temp\WER1.tmp.dir00\_VWUPSRV.EXE.hdmp - deleted
C:\WINDOWS\temp\WER1.tmp.dir00\_VWUPSRV.EXE.mdmp - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\ - deleted
C:\Dokumente und Einstellungen\Nelli\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Nelli\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0BE2C5CE.pf - deleted
C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted
C:\WINDOWS\Prefetch\ATI2MDXX.EXE-00F23993.pf - deleted
C:\WINDOWS\Prefetch\ATIPTAXX.EXE-29301952.pf - deleted
C:\WINDOWS\Prefetch\AVIPREVIEW.EXE-13704A7F.pf - deleted
C:\WINDOWS\Prefetch\BCKGZM.EXE-38626306.pf - deleted
C:\WINDOWS\Prefetch\CABARC.EXE-26B36F76.pf - deleted
C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf - deleted
C:\WINDOWS\Prefetch\CLEAN.KMD-01688126.pf - deleted
C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf - deleted
C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DINER DASH.EXE-39534F10.pf - deleted
C:\WINDOWS\Prefetch\DINERDASHSETUP-DM.EXE-034E66C3.pf - deleted
C:\WINDOWS\Prefetch\DINERDASHSETUP.EXE-018016A7.pf - deleted
C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-0459E47A.pf - deleted
C:\WINDOWS\Prefetch\DREAMWEAVER.EXE-1FFDC856.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DW20.EXE-005BA42F.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\FOLDER.EXE-0F4D03E4.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2E5491BE.pf - deleted
C:\WINDOWS\Prefetch\KLRUN.EXE-350DFF5C.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LIVEUPDATE.EXE-2F24DAAB.pf - deleted
C:\WINDOWS\Prefetch\LOG VIEWER.EXE-2431072B.pf - deleted
C:\WINDOWS\Prefetch\MMC.EXE-06C90BC7.pf - deleted
C:\WINDOWS\Prefetch\MMCENTER.EXE-33D71D27.pf - deleted
C:\WINDOWS\Prefetch\MOVIEMK.EXE-26DF9BB8.pf - deleted
C:\WINDOWS\Prefetch\MPAS-D.EXE-2F969366.pf - deleted
C:\WINDOWS\Prefetch\MPAS-FE.EXE-03A19C8B.pf - deleted
C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1EF164E2.pf - deleted
C:\WINDOWS\Prefetch\MPHONETOOLS.EXE-04562653.pf - deleted
C:\WINDOWS\Prefetch\MPHONETOOLS.EXE-2A6E6AFC.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-0BEAC292.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-0C0F3F6B.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-12FDBE52.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-18FCCA86.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-272FE780.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-35845544.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-35DA6C0F.pf - deleted
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-37949242.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-091111D0.pf - deleted
C:\WINDOWS\Prefetch\MSWORKS.EXE-118DC2B4.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\PIP.EXE-2FC4D25B.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf - deleted
C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0A4B9E3A.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-39F79CBD.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted
C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\RPHELPERAPP.EXE-1A0D7CAC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-14206DDC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1496F33E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16232DC2.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16D592F1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-180177F1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-195AAF0C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-19B3AED6.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1AB920DC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-23145385.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-245FF1F3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-25C40596.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2D2DA9E6.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2DAA63AF.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2EA110D3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2EAB42DE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F8779FA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3259FB16.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-366BB5F5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-39F65437.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-40CE7878.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4918C3E1.pf - deleted
C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf - deleted
C:\WINDOWS\Prefetch\SET7D.TMP-37EFFEBF.pf - deleted
C:\WINDOWS\Prefetch\SET80.TMP-17D9F6E9.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-23405A97.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf - deleted
C:\WINDOWS\Prefetch\SHAREAZA.EXE-257261C0.pf - deleted
C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf - deleted
C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf - deleted
C:\WINDOWS\Prefetch\SSBEZIER.SCR-01465E32.pf - deleted
C:\WINDOWS\Prefetch\SSTEXT3D.SCR-17B3B9DD.pf - deleted
C:\WINDOWS\Prefetch\START.EXE-109D77D6.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SYNTPENH.EXE-3967AE36.pf - deleted
C:\WINDOWS\Prefetch\SYNTPLPR.EXE-0AB61C3B.pf - deleted
C:\WINDOWS\Prefetch\TALKBACK.EXE-285ECAB7.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-031A6371.pf - deleted
C:\WINDOWS\Prefetch\THUNDE~1.EXE-2874618F.pf - deleted
C:\WINDOWS\Prefetch\UNINSTALL.EXE-22673618.pf - deleted
C:\WINDOWS\Prefetch\UNINSTALL.EXE-290AF202.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\UTORRENT.EXE-393CAE21.pf - deleted
C:\WINDOWS\Prefetch\WINMINE.EXE-0A3838A4.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\WKSSB.EXE-1DF9EA50.pf - deleted
C:\WINDOWS\Prefetch\WKUFIND.EXE-18C07230.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969335.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969337.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969338.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933A.pf - deleted
C:\WINDOWS\Prefetch\WORKSINT.EXE-1512573F.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\ZCLIENTM.EXE-1B874BF9.pf - deleted
C:\temp\ARCHIVE.Z - deleted
C:\temp\file_id.diz - deleted
C:\temp\firesite.nfo - deleted
C:\temp\gilmore bikeatnite english.jpg - deleted
C:\temp\gilmore deutsch bikeatnite.jpg - deleted
C:\temp\ISDBGN.DLL - deleted
C:\temp\mfd.nfo - deleted
C:\temp\README.WRI - deleted
C:\temp\SETUP.EXE - deleted
C:\temp\SETUP.INI - deleted
C:\temp\SETUP.INS - deleted
C:\temp\SETUP.PKG - deleted
C:\temp\Thumbs.db - deleted
C:\temp\_INST32I.EX_ - deleted
C:\temp\_ISDEL.EXE - deleted
C:\temp\_SETUP.DLL - deleted
C:\temp\_SETUP.LIB - deleted
C:\temp\Cleaner\cleaner.exe - deleted
C:\temp\DXMedia\bda.cab - deleted
C:\temp\DXMedia\bdant.cab - deleted
C:\temp\DXMedia\cfgmgr32.dll - deleted
C:\temp\DXMedia\directx.cab - deleted
C:\temp\DXMedia\dsetup.dll - deleted
C:\temp\DXMedia\dsetup32.dll - deleted
C:\temp\DXMedia\dxnt.cab - deleted
C:\temp\DXMedia\dxsetup.exe - deleted
C:\temp\DXMedia\setupapi.dll - deleted
C:\temp\Real\installreal.exe - deleted
C:\temp\Serial Number MBF500B7205104-998\ - deleted
C:\temp\User Documentation\Quick Reference Guide.pdf - deleted
C:\temp\User Documentation\User Guide.pdf - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 816.4 MB of disk space from 4666 files.
CleanUp! finished on 08/20/06 02:23:27.
Dieser Beitrag wurde am 20.08.2006 um 02:24 Uhr von Nellicue editiert.
Seitenanfang Seitenende
20.08.2006, 11:33
raman
Moderator

Beiträge: 7805
#2 Diese Anleitung sollte reichen, um dein System von Smitfraud zu befreien:
http://siri.geekstogo.com/SmitfraudFix_De.php


Funktioniert dein Antivir und defender noch? Es fehlen die wichtigen Dienste, oder ist das Log einfach nicht komplett?

MfG Ralf
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
20.08.2006, 12:20
Nellicue
...neu hier

Themenstarter

Beiträge: 4
#3 tausend dank für die schnelle antwort!

mein antivir ist kaputt gegenagen und ließ sich auch nicht neuinsatllieren bei einem anderen spyware problem (hatte nur die beiden in 4 jahren) aber des defender müsste gehen.
meint ihr ich kann den clean up in echt durchführen. die über 800mb erscheinen mir so gefährlich viel?
naja ich mach erstmal weiter mit der nächsten aufgabe.
Seitenanfang Seitenende
20.08.2006, 12:30
raman
Moderator

Beiträge: 7805
#4 Wenn du noch nie deine Temp Ordner reinigen lassen hast, kann das durchaus vorkommen. Es reicht ja schon ein absturz beim CD brennen und es kann eine Tempdatei von XXX MB uebrig bleiben...

Das du antivir nicht erneut installieren kannst ist uebel. Versuch, ob du mit dieser Hilfe es kannst:
http://www.avira.com/de/support/av7_upgrade_tools.html

Wenn nein, denke ueber ein neu Aufsetzen nach!
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
20.08.2006, 12:46
Nellicue
...neu hier

Themenstarter

Beiträge: 4
#5 ok vielleicht lösch ich einfach mal die 800, ich bereinige meinen computer eigentlich ständig weil ich immer am limit der 20gb bin aber was kann schon passieren, meine hausarbeit druck ich vorher noch aus;)

habe jetzt SmitFraudFix laufen lassen aber er hat mich nur gefragt ob ich das registry searchen will nicht ob ich die wininet.dll löschen möchte. nur mein desctop bild ist wie gewarnt weg.

der report sieht so aus:

SmitFraudFix v2.81

Scan done at 12:37:51,48, 20.08.2006
Run from C:\Dokumente und Einstellungen\Nelli\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\viruxz.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c
C:\WINDOWS\system32\viruxz.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Programme\IntCodec\ Deleted
C:\Programme\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


endlich ist diese Schei... weg (sorry) ich lass jetzt noch die anderen programme laufen, ihr seit super!
Seitenanfang Seitenende
20.08.2006, 12:51
raman
Moderator

Beiträge: 7805
#6 Du kannst als kontrolle noch Cureit laufen lassen: http://www.drweb-online.com/de/cure_it.asp?rpid=


Wichtig ist ein Cleanup, das du dein Antivir zum Laufen bekommst und wie immer www.windowsupdate.com ;)
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
20.08.2006, 12:57
Nellicue
...neu hier

Themenstarter

Beiträge: 4
#7 das windowsupdate ist echt super hat mich mit dem defender letztes mal bei meinem spywareproblem geretten.
habe eben noch vundofix.exe laufen lassen.
hat nichts mehr gefunden.
Roguescanfix hat mich gewart das:
is a tool made by Beamerke, the tool is able to delete the latest variants of Smitfraud.

soll ich das überhaupt laufen lassen? ich lass lieber cureit laufen was du mir empfohlen hast und dann mal wieder antivir versuchen.
man du rettest meinen tag!

dr.web hat diese gefunden/gelöscht

WkUFind.exe
realsched.exe
qttask.exe
IDriverT.exe
mdm.exe
Dieser Beitrag wurde am 20.08.2006 um 13:05 Uhr von Nellicue editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1