System Alert von Virusburst

#1 Hallo...

BITTE UM HILFE

Ich habe leider wieder Spywareprogramm bekommen. Bei mir blinken wieder ein paar Icons unten rechts von meinem Monitor.
Dann bekam ich ständig Pop Up von Virus Burst :-(

die Hijackthis, CleanUp, Combofix und Datfindbat sind angehangt

Danke Euch mehrmals...

mfG,

ADi


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Media-Codec\isamonitor.exe
C:\Programme\Media-Codec\pmsngr.exe
C:\Programme\Media-Codec\isamini.exe
C:\Programme\Media-Codec\pmmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\VirusBurst\VirusBurst.exe
C:\Programme\Protecus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.11.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.2.11.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\Media-Codec\isaddon.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Programme\Media-Codec\iesplugin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\NOKIAP~1\NOKIAP~1\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [VirusBurst] C:\Programme\VirusBurst\VirusBurst.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.photofunxl.de/virtualgallery/lounge2004/ThumbnailFrame.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/printfun/2623/activex/ImageUploader3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E45BD7-8C25-4C64-9DCF-4E2DD48CD95E}: NameServer = 10.2.11.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: gorgonian - {e944d14a-03aa-43e3-9d0e-4f50c4d1b005} - C:\WINDOWS\system32\eowygj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
II Clean Up

CleanUp! started on 09/02/06 12:56:51.
...
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\stopdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\visback.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\vislayer.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\volumebar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\player\volumebutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\scripts\drawer.m - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\scripts\drawer.maki - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\xml\eqdrawer.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASEDB8.tmp\xml\player.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\Read-Me.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\screenshot.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\skin.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\autooff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\autoon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqinfo.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqoff.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\eqon.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\preset.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\eq\presetdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\background.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\close.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\closedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\compleft.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\compleftdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\compright.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\comprightdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\cross.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\crossdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\default-font.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\default-fontb.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\drawerhandle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\eject.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\ejectdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\eq.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\eqbackground.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\eqdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\mainmenu.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\mainmenudown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\minimize.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\minimizedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\ml.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\mldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\next.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\nextdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\numfont.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\pause.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\pausedown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\pl.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\play.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\playdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\pldown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\previous.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\previousdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\repeat.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\repeatdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\seekbar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\seekbutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\shuffle.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\shuffledown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\stop.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\stopdown.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\visback.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\vislayer.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\volumebar.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\player\volumebutton.png - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\scripts\drawer.m - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\scripts\drawer.maki - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\xml\eqdrawer.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WASFE87.tmp\xml\player.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER1.tmp.dir00\manifest.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER1.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER10.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER16.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER2.tmp.dir00\manifest.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\WER2.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\Word8.0\MSForms.exd - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\Yahoo!\shortcuts.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\_is84\_ISMSIDEL.INI - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\VALUE.SHL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\CP_XP.reg - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{11C6FE9B-21BB-4CAC-8EEA-863A8ABFA3D5}\{70E35822-0E6C-4680-98EA-A85F46E6C04E}\ISUSRT.ini - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{5809e7cf-4dcf-11d4-9875-00105ace7734}\Register on the Logitech website.url - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\4c.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\6c.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\Bbrd1.bmp - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\GetCSIDLPath.DLL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\GetDXver.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\HELPER.DLL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\isuser.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\License.txt - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\reboot.exe - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\RPC2.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\setup.inx - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\sim.dll - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\VALUE.SHL - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\value_VRX.shl - deleted
C:\DOKUME~1\adi\LOKALE~1\Temp\{9CD51848-178F-43BC-B9D2-F4BA9AA71993}\{70E35822-0E6C-4680-98EA-A85F46E6C04E}\ISUSRT.ini - deleted
C:\WINDOWS\002587_.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET62.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\WINDOWS\SET71.tmp - deleted
C:\WINDOWS\temp\0CF6E057.TMP - deleted
C:\WINDOWS\temp\IEC48.tmp - deleted
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\62388.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Corecomp.ini - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Ctl3d32.dll - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\IsUninst.Exe - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\license.txt - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\value.shl - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@a.tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@atwola[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@mediaplex[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[3].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@sea.search.msn[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@search.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@www.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@a.tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@atwola[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@mediaplex[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@msn[3].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@sea.search.msn[1].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@search.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@tfag[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@www.msn[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\gast@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\Gast\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@212.91.228[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@2o7[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@adbrite[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@adilescent.spaces.live[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ads.addynamix[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@advertising[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@amazon[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@atdmt[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@a[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@belboon[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@casalemedia[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@dc[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@dc[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ebayobjects[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ehg-friendster.hitbox[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@fastclick[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@friendster[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@gaychat[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hitbox[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hotmail.msn[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hypertracker[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@komtrack[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@login.live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@mail.yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@mb[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@messenger.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@metrics.adobe[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msnbc.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msnportal.112.2o7[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msn[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@pleasejoinme129[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@rad.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@salememail[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@spaces.live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@tracking[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@updates.installshield[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.adobe[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.friendster[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.gfa[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.homoactive-affiliates[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.tchibo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.virusburst[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[4].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@youtube[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@z1.adserver[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@212.91.228[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@2o7[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@adbrite[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@adilescent.spaces.live[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ads.addynamix[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@advertising[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@amazon[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@as1.falkag[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@atdmt[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@a[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@belboon[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@casalemedia[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@dc[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@dc[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@doubleclick[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ebayobjects[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ebay[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ehg-friendster.hitbox[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@fastclick[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@friendster[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@gaychat[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hitbox[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hotmail.msn[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@hypertracker[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@ivwbox[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@komtrack[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@login.live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@mail.yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@mb[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@messenger.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@metrics.adobe[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msnbc.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msnportal.112.2o7[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@msn[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@pleasejoinme129[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@rad.msn[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@rtm[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@salememail[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@spaces.live[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@tracking[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@updates.installshield[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.adobe[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.friendster[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.gfa[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.homoactive-affiliates[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.tchibo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@www.virusburst[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[2].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[3].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@yahoo[4].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@youtube[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\adi@z1.adserver[1].txt - deleted
C:\Dokumente und Einstellungen\adi\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACROBAT.EXE-2F9C16DD.pf - deleted
C:\WINDOWS\Prefetch\ACROTRAY.EXE-20597A61.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE.EXE-14ECF2D7.pf - deleted
C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1FD09C3A.pf - deleted
C:\WINDOWS\Prefetch\AGENT.EXE-241FAAD9.pf - deleted
C:\WINDOWS\Prefetch\ATIPTAXX.EXE-12B5048A.pf - deleted
C:\WINDOWS\Prefetch\AU_.EXE-28CDBC3F.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\CAMTRAY.EXE-0C961BAB.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-21B56F2B.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-24437EA8.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\CTPCCAM.EXE-086786FF.pf - deleted
C:\WINDOWS\Prefetch\DATALAYER.EXE-08722F91.pf - deleted
C:\WINDOWS\Prefetch\DATALA~1.EXE-1A4F4FF6.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DVB-TPLAYER.EXE-2E1BC0E9.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EAC.EXE-0424250C.pf - deleted
C:\WINDOWS\Prefetch\EM_EXEC.EXE-1D53AFF5.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-3281D776.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-32D336C9.pf - deleted
C:\WINDOWS\Prefetch\HTPATCH.EXE-32EC189E.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\ISAMINI.EXE-1235AF1A.pf - deleted
C:\WINDOWS\Prefetch\ISAMONITOR.EXE-227FE208.pf - deleted
C:\WINDOWS\Prefetch\ISSCH.EXE-13FD372D.pf - deleted
C:\WINDOWS\Prefetch\ISUSPM.EXE-01DE8D55.pf - deleted
C:\WINDOWS\Prefetch\ISUSPM.EXE-1D77C392.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-37A5852C.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2E5491BE.pf - deleted
C:\WINDOWS\Prefetch\LAME.EXE-2A8BBF71.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHAPPLICATION.EXE-04C33655.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf - deleted
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-091111D0.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf - deleted
C:\WINDOWS\Prefetch\NOKIAV~1.EXE-10D02267.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-0082CBE3.pf - deleted
C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-2E1C999E.pf - deleted
C:\WINDOWS\Prefetch\PICASA2.EXE-2FD72D61.pf - deleted
C:\WINDOWS\Prefetch\PICASAUPDATE.EXE-0267BB81.pf - deleted
C:\WINDOWS\Prefetch\PMMON.EXE-134B07B4.pf - deleted
C:\WINDOWS\Prefetch\PMSNGR.EXE-0F3B91EB.pf - deleted
C:\WINDOWS\Prefetch\POWERDVD.EXE-35D9A3BA.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-019F2E3D.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf - deleted
C:\WINDOWS\Prefetch\RC.EXE-0F2AF3FE.pf - deleted
C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0A4B9E3A.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-176E3A6D.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RPHELPERAPP.EXE-2D9C7783.pf - deleted
C:\WINDOWS\Prefetch\RSVP.EXE-04E70CF3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A3E2360.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BE5B31F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AE6C217.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-36BD5CB0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-377B1BD2.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BB51001.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\SERVIC~1.EXE-22757822.pf - deleted
C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf - deleted
C:\WINDOWS\Prefetch\SISUSBRG.EXE-1A6118D0.pf - deleted
C:\WINDOWS\Prefetch\SPUPDSVC.EXE-21B36524.pf - deleted
C:\WINDOWS\Prefetch\SV-CODEC-V4_01A.EXE-2D08BE6E.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TMP13.TMP-2A1886B6.pf - deleted
C:\WINDOWS\Prefetch\TMP14.TMP-24E656FC.pf - deleted
C:\WINDOWS\Prefetch\TMP15.TMP-14E53744.pf - deleted
C:\WINDOWS\Prefetch\TMP16.TMP-3A19A66E.pf - deleted
C:\WINDOWS\Prefetch\TRAYAP~1.EXE-2F9B04F8.pf - deleted
C:\WINDOWS\Prefetch\UNINST.EXE-251C47D3.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-12CAEADC.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1EA52A4E.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1ED78311.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-23EDECE2.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-265B2F9E.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2B791B82.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2D8EC1DC.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2EEF90D4.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-30DCF060.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-390A8EAB.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VB17.EXE-1ECE9C0A.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VIEWMGR.EXE-0962BAFC.pf - deleted
C:\WINDOWS\Prefetch\VIRUSBURST.EXE-1C6969C5.pf - deleted
C:\WINDOWS\Prefetch\VLC.EXE-29851A71.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\WINDOWS\Prefetch\WINAMPA.EXE-2BDF6A16.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969335.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\YAHOOM~1.EXE-1AE97F84.pf - deleted
C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-000AD1DB.pf - deleted
C:\WINDOWS\Prefetch\YUPDATER.EXE-054783A4.pf - deleted
C:\WINDOWS\Prefetch\YUPDATER.EXE-278A4587.pf - deleted
Emptied Recycle Bin on drive C:
Emptied Recycle Bin on drive G:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 621.4 MB of disk space from 39797 files.
CleanUp! finished on 09/02/06 12:58:29.

III COMBOFIX

adi - 06-09-02 13:02:51,15
ComboFix 06.08.30BT - Running from: C:\Programme\Protecus

((((((((((((((((((((((((((((((( Files Created from 2006-08-02 to 2006-09-02 ))))))))))))))))))))))))))))))))))


2006-09-02 11:10 176,128 --a------ C:\WINDOWS\system32\eowygj.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-02 13:02 -------- d-------- C:\Programme\Protecus
2006-09-02 11:43 -------- d-------- C:\Programme\Mozilla Firefox
2006-09-02 11:27 -------- d-------- C:\Programme\CleanUp!
2006-09-02 11:11 -------- d-------- C:\Programme\Windows Media Player
2006-09-02 11:11 -------- d-------- C:\Programme\VirusBurst
2006-09-02 11:10 -------- d-------- C:\Programme\Media-Codec
2006-08-12 18:29 -------- d-------- C:\Programme\Internet Explorer
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 22:06 -------- d-------- C:\Programme\Picasa2 Foto Album
2006-07-11 19:25 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-07-11 19:25 -------- d-------- C:\Programme\Franzis
2006-07-11 07:06 -------- d-------- C:\Programme\MSN Messenger
2006-07-02 00:06 -------- dr-h----- C:\Dokumente und Einstellungen\adi\Anwendungsdaten\yahoo!
2006-06-18 04:44 57384 --a------ C:\WINDOWS\system32\avsda.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"zBrowser Launcher"="C:\\Programme\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"Creative WebCam Tray"="C:\\Programme\\Creative\\Shared Files\\CAMTRAY.EXE"
"Ad-aware"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-aware.exe\" +c"
"DataLayer"="C:\\PROGRA~1\\GEMEIN~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="G:\\NOKIAP~1\\NOKIAP~1\\NOKIAP~1\\TRAYAP~1.EXE"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ViewMgr"="C:\\Programme\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"VirusBurst"="C:\\Programme\\VirusBurst\\VirusBurst.exe /h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicedata]
"smss32"="C:\\WINDOWS\\System32\\disc32diag.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Programme\\Media-Codec\\pmsngr.exe"
"homepage.monitor.exe"="C:\\Programme\\Media-Codec\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: 02/09/2006 13:04:06.85
ComboFix.txt
IV Datfindbat

1. System32
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\system32

02/09/2006 11:33 2.206 wpa.dbl
02/09/2006 11:10 176.128 eowygj.dll
03/08/2006 03:22 8.255.912 MRT.exe
28/07/2006 13:28 3.075.072 mshtml.dll
27/07/2006 15:25 679.424 inetcomm.dll
25/07/2006 22:33 615.936 urlmon.dll
25/07/2006 15:14 119.744 FNTCACHE.DAT
21/07/2006 10:29 72.704 hlink.dll
14/07/2006 17:38 332.288 netapi32.dll
14/07/2006 17:25 546.304 hhctrl.ocx
13/07/2006 15:34 8.494.592 shell32.dll
05/07/2006 12:55 1.057.792 kernel32.dll
26/06/2006 19:40 148.480 dnsapi.dll
26/06/2006 19:40 8.192 rasadhlp.dll
23/06/2006 13:10 664.576 wininet.dll
23/06/2006 13:10 39.424 pngfilt.dll
23/06/2006 13:10 474.624 shlwapi.dll
23/06/2006 13:10 146.432 msrating.dll
23/06/2006 13:10 1.494.016 shdocvw.dll
23/06/2006 13:10 448.512 mshtmled.dll
23/06/2006 13:10 532.480 mstime.dll
23/06/2006 13:10 205.312 dxtrans.dll
23/06/2006 13:10 251.392 iepeers.dll
23/06/2006 13:10 152.064 cdfview.dll
23/06/2006 13:10 357.888 dxtmsft.dll
23/06/2006 13:10 1.056.256 danim.dll
23/06/2006 13:10 96.768 inseng.dll
23/06/2006 13:10 16.384 jsproxy.dll
23/06/2006 13:10 1.022.976 browseui.dll
23/06/2006 13:10 55.808 extmgr.dll
23/06/2006 10:53 27.136 xpsp3res.dll
22/06/2006 12:47 181.248 rasmans.dll
21/06/2006 11:00 2.550 Uninstall.ico
21/06/2006 11:00 1.406 Help.ico
21/06/2006 11:00 30.590 pavas.ico
20/06/2006 22:00 2.154 tmmute.ini
19/06/2006 16:20 702.768 WgaLogon.dll
19/06/2006 16:19 571.184 LegitCheckControl.dll
19/06/2006 16:19 304.944 WgaTray.exe
18/06/2006 04:44 57.384 avsda.dll
15/06/2006 19:18 0 asfiles.txt
01/06/2006 20:47 163.840 jgdw400.dll
01/06/2006 20:47 27.648 jgpl400.dll

2. Temp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\DOKUME~1\adi\LOKALE~1\Temp

02/09/2006 13:20 81.920 ~DF57C4.tmp
02/09/2006 13:20 240 datFind-4.zip
02/09/2006 13:20 240 datFind-3.zip
02/09/2006 13:20 512 ~DF127B.tmp
02/09/2006 13:19 240 datFind-2.zip
02/09/2006 13:19 240 datFind-1.zip
02/09/2006 13:17 240 datFind.zip
02/09/2006 13:01 512 ~DF74E5.tmp
02/09/2006 13:01 512 ~DF74C8.tmp
02/09/2006 12:59 81.920 ~DF2B35.tmp
02/09/2006 12:59 149.504 ~WRS0000.tmp
02/09/2006 12:59 512 ~DF1B2.tmp
02/09/2006 12:56 81.920 ~DF8B0.tmp
02/09/2006 11:33 16.384 ~DFFB34.tmp
14 Datei(en) 414.896 Bytes
0 Verzeichnis(se), 3.918.983.168 Bytes frei

3. Windows

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS

02/09/2006 13:22 0 sys.txt
02/09/2006 13:20 13.898 system.txt
02/09/2006 13:20 934 systemtemp.txt
02/09/2006 13:20 102.126 system32.txt
02/09/2006 13:08 5.527 ComboFix.txt
02/09/2006 13:04 5.512 ComboFix2.txt
02/09/2006 11:33 589 sti.log
02/09/2006 11:32 267.964.416 hiberfil.sys
02/09/2006 11:32 402.653.184 pagefile.sys
02/09/2006 11:21 9.110 hijackthis.log
30/08/2006 22:49 13.824 dvb.GRF
30/08/2006 22:48 8.192 dvb4.GRF
30/06/2006 09:17 146 YServer.txt
15/06/2006 00:35 6.104 look.txt
14/06/2006 01:57 8.754 hijackthis
14/06/2006 00:31 1.077 rapport.txt
10/06/2006 02:30 180 WINDOWSinv_pro.txt
27/12/2005 23:27 5.185.880 Firefox Setup 1.5.exe
27/12/2005 23:21 496.888 ie6setup.exe
08/10/2004 10:38 211 boot.ini
08/10/2004 10:27 47.564 NTDETECT.COM
08/10/2004 10:27 251.184 ntldr
22/04/2004 08:28 0 AdobeWeb.log
06/11/2003 22:15 0 MSDOS.SYS
06/11/2003 22:15 0 AUTOEXEC.BAT
06/11/2003 22:15 0 IO.SYS
06/11/2003 22:15 0 CONFIG.SYS
18/08/2001 14:00 4.952 bootfont.bin
24/05/2001 13:59 162.304 UNWISE.EXE
29 Datei(en) 676.942.556 Bytes
0 Verzeichnis(se), 3.918.983.168 Bytes frei

4. C.txt
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\

02/09/2006 13:23 0 sys.txt
02/09/2006 13:23 13.898 system.txt
02/09/2006 13:23 934 systemtemp.txt
02/09/2006 13:23 102.126 system32.txt
02/09/2006 13:08 5.527 ComboFix.txt
02/09/2006 13:04 5.512 ComboFix2.txt
02/09/2006 11:33 589 sti.log
02/09/2006 11:32 267.964.416 hiberfil.sys
02/09/2006 11:32 402.653.184 pagefile.sys
02/09/2006 11:21 9.110 hijackthis.log
30/08/2006 22:49 13.824 dvb.GRF
30/08/2006 22:48 8.192 dvb4.GRF
30/06/2006 09:17 146 YServer.txt
15/06/2006 00:35 6.104 look.txt
14/06/2006 01:57 8.754 hijackthis
14/06/2006 00:31 1.077 rapport.txt
10/06/2006 02:30 180 WINDOWSinv_pro.txt
27/12/2005 23:27 5.185.880 Firefox Setup 1.5.exe
27/12/2005 23:21 496.888 ie6setup.exe
08/10/2004 10:38 211 boot.ini
08/10/2004 10:27 47.564 NTDETECT.COM
08/10/2004 10:27 251.184 ntldr
22/04/2004 08:28 0 AdobeWeb.log
06/11/2003 22:15 0 MSDOS.SYS
06/11/2003 22:15 0 AUTOEXEC.BAT
06/11/2003 22:15 0 IO.SYS
06/11/2003 22:15 0 CONFIG.SYS
18/08/2001 14:00 4.952 bootfont.bin
24/05/2001 13:59 162.304 UNWISE.EXE
29 Datei(en) 676.942.556 Bytes

#2 adilescent

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\Media-Codec" >>files.txt
dir "C:\Programme\VirusBurst" >>files.txt
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#3 habe's gemacht, Sabina

hier:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\Media-Codec

02/09/2006 11:10 <DIR> .
02/09/2006 11:10 <DIR> ..
02/09/2006 11:10 27.136 iesplugin.dll
02/09/2006 11:10 8.192 iesuninst.exe
02/09/2006 11:33 12.800 isaddon.dll
02/09/2006 11:33 4.608 isamini.exe
02/09/2006 11:10 27.648 isamonitor.exe
02/09/2006 11:10 8.704 isauninst.exe
02/09/2006 11:10 4.286 ot.ico
02/09/2006 11:33 2.472 pmmon.exe
02/09/2006 11:10 10.996 pmsngr.exe
02/09/2006 11:10 9.216 pmuninst.exe
02/09/2006 11:10 4.286 ts.ico
02/09/2006 11:10 27.722 uninst.exe
12 Datei(en) 148.066 Bytes
2 Verzeichnis(se), 3.916.115.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
14/03/2006 12:44 50.527 blacklist.txt
02/09/2006 11:11 <DIR> Lang
02/09/2006 11:11 <DIR> Logs
26/01/2006 11:56 499.712 msvcp71.dll
26/01/2006 11:56 348.160 msvcr71.dll
02/09/2006 11:11 <DIR> Quarantine
29/08/2006 13:02 1.152.768 ref.dat
02/09/2006 11:11 41.436 uninst.exe
29/08/2006 12:20 1.507.328 VirusBurst.exe
02/09/2006 11:11 51 VirusBurst.url
7 Datei(en) 3.599.982 Bytes
5 Verzeichnis(se), 3.916.115.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Windows\System32\Com

16/10/2005 00:02 <DIR> .
16/10/2005 00:02 <DIR> ..
26/07/2005 06:39 195.072 comadmin.dll
18/08/2001 14:00 61.440 comempty.dat
18/08/2001 14:00 77.348 comexp.msc
04/08/2004 09:57 9.728 comrepl.exe
18/08/2001 14:00 5.120 comrereg.exe
18/08/2001 14:00 19.456 mtsadmin.tlb
6 Datei(en) 368.164 Bytes
2 Verzeichnis(se), 3.916.115.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\system32

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11/04/2006 17:10 135.168 asinst.dll
03/04/2006 11:00 537 asinst.inf
21/04/2005 07:47 <DIR> CONFLICT.1
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
25/07/2002 19:13 24.576 dwusplay.dll
25/07/2002 19:13 196.608 dwusplay.exe
28/03/2002 17:05 1.268 erma.inf
25/11/2004 09:37 337 ImageUploader_3.inf
06/06/2005 11:37 1.701.504 ImageUploader_3.ocx
13/04/2004 07:04 307.200 isusweb.dll
19/08/2003 21:06 740 jinstall-1_4_2_01.inf
29/05/2003 16:00 160.864 messengerstatsclient.dll
06/04/2004 19:03 172.072 MessengerStatsPAClient.dll
22/08/2003 08:49 220 MetaStream3.inf
20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd
29/05/2003 16:00 84.064 minesweeper.dll
18/11/1999 14:49 992 msaudio.inf
29/05/2003 16:00 77.408 msgrchkr.dll
14/03/2005 13:39 227 MsnMessengerSetupDownloader.inf
17/03/2005 14:48 113.152 MsnMessengerSetupDownloader.ocx
14/10/2005 11:02 372.736 MsnPUpld.dll
14/10/2005 12:49 587 MSNPupld.inf
05/11/2003 07:04 228 odyssey_webmoo.inf
31/05/2002 09:19 117.328 purde-de.dll
22/09/2004 15:59 110.592 PURen-us.dll
09/10/2003 11:32 144 QTPlugin.inf
29/05/2003 16:00 86.112 solitaireshowdown.dll
20/04/2006 09:24 313 SpyMD.inf
27/08/2005 14:30 5.065 swflash.inf
30/06/2003 23:41 1.689 WMV9VCM.inf
09/09/2003 18:39 323 yinst.inf
06/04/2004 19:03 85.032 ZIntro.ocx
31 Datei(en) 3.758.945 Bytes
1 Verzeichnis(se), 3.916.111.872 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\Common Files

05/03/2004 17:56 <DIR> .
05/03/2004 17:56 <DIR> ..
31/07/2004 21:08 <DIR> System
16/11/2004 23:23 <DIR> Teleca Shared
0 Datei(en) 0 Bytes
4 Verzeichnis(se), 3.916.111.872 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi

02/09/2006 11:32 <DIR> .
02/09/2006 11:32 <DIR> ..
17/12/2003 02:34 0 AdobeWeb.log
13/01/2004 10:50 <DIR> Application Data
02/09/2006 15:40 <DIR> Desktop
14/06/2006 00:38 <DIR> DoctorWeb
14/08/2006 21:32 <DIR> Eigene Dateien
02/09/2006 11:10 <DIR> Favoriten
29/11/2004 12:09 <DIR> Nokia
07/02/2005 16:33 <DIR> Phone Browser
17/08/2005 09:52 15.428 RefEdit.exd
02/09/2006 11:11 <DIR> Startmen�
17/11/2003 21:15 13.391 Startmen�.rar
06/11/2003 22:26 <DIR> WINDOWS
3 Datei(en) 28.819 Bytes
11 Verzeichnis(se), 3.916.111.872 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Program Files

26/06/2006 23:50 <DIR> .
26/06/2006 23:50 <DIR> ..
26/06/2006 23:50 52 gcxshgle.txt
16/05/2004 14:11 <DIR> Neuer Ordner
01/08/2004 23:17 <DIR> Spyware Stormer
1 Datei(en) 52 Bytes
4 Verzeichnis(se), 3.916.111.872 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi\Lokale Einstellungen\Temp

02/09/2006 15:24 <DIR> .
02/09/2006 15:24 <DIR> ..
02/09/2006 15:24 41.095 1257925.s10840809.6cc60f5ac845.jpg
02/09/2006 13:47 21.176 carlsjrburger.bmp
06/12/2003 15:27 <DIR> Cddb
02/09/2006 13:19 240 datFind-1.zip
02/09/2006 13:19 240 datFind-2.zip
02/09/2006 13:20 240 datFind-3.zip
02/09/2006 13:20 240 datFind-4.zip
02/09/2006 13:17 240 datFind.zip
02/09/2006 13:04 <DIR> Default
02/09/2006 13:47 21.176 everyoneshero.bmp
27/12/2005 23:28 <DIR> ff_temp
02/09/2006 13:47 21.176 gmcsoccer.bmp
02/09/2006 13:04 <DIR> ICD1.tmp
02/09/2006 13:04 <DIR> ICD2.tmp
02/09/2006 13:04 <DIR> nsk6A.tmp
02/09/2006 13:04 <DIR> nsm65.tmp
02/09/2006 13:04 <DIR> nsq5D.tmp
02/09/2006 14:40 16.384 Perflib_Perfdata_9c8.dat
02/09/2006 13:04 <DIR> plugtmp-6
02/09/2006 13:47 21.176 ptchocolate.bmp
13/06/2006 23:05 <DIR> SmitfraudFix-1
02/09/2006 13:04 <DIR> VBE
02/09/2006 13:47 21.176 walmart.bmp
02/09/2006 13:04 <DIR> WAS19D2.tmp
02/09/2006 13:04 <DIR> WAS2317.tmp
02/09/2006 13:04 <DIR> WAS32F1.tmp
02/09/2006 13:04 <DIR> WAS34AB.tmp
02/09/2006 13:04 <DIR> WAS34B4.tmp
02/09/2006 13:04 <DIR> WAS35BD.tmp
02/09/2006 13:04 <DIR> WAS4C40.tmp
02/09/2006 13:04 <DIR> WAS4FF9.tmp
02/09/2006 13:04 <DIR> WAS50C.tmp
02/09/2006 13:04 <DIR> WAS5301.tmp
02/09/2006 13:04 <DIR> WAS5A38.tmp
02/09/2006 13:04 <DIR> WAS6ACE.tmp
02/09/2006 13:04 <DIR> WAS7059.tmp
02/09/2006 13:04 <DIR> WAS70F3.tmp
02/09/2006 13:04 <DIR> WAS7611.tmp
02/09/2006 13:04 <DIR> WAS77FC.tmp
02/09/2006 13:04 <DIR> WAS80A7.tmp
02/09/2006 13:04 <DIR> WAS8CCA.tmp
02/09/2006 13:04 <DIR> WAS8EEA.tmp
02/09/2006 13:04 <DIR> WASA19F.tmp
02/09/2006 13:04 <DIR> WASA2F0.tmp
02/09/2006 13:04 <DIR> WASA4FB.tmp
02/09/2006 13:04 <DIR> WASA558.tmp
02/09/2006 13:04 <DIR> WASAD13.tmp
02/09/2006 13:04 <DIR> WASB0EA.tmp
02/09/2006 13:04 <DIR> WASB5E.tmp
02/09/2006 13:04 <DIR> WASB656.tmp
02/09/2006 13:04 <DIR> WASB72F.tmp
02/09/2006 13:04 <DIR> WASB73D.tmp
02/09/2006 13:04 <DIR> WASC6BA.tmp
02/09/2006 13:04 <DIR> WASD1AC.tmp
02/09/2006 13:04 <DIR> WASD1C5.tmp
02/09/2006 13:04 <DIR> WASD57F.tmp
02/09/2006 13:04 <DIR> WASD629.tmp
02/09/2006 13:04 <DIR> WASDE3E.tmp
02/09/2006 13:04 <DIR> WASDF76.tmp
02/09/2006 13:04 <DIR> WASE4D6.tmp
02/09/2006 13:04 <DIR> WASE853.tmp
02/09/2006 13:04 <DIR> WASEDB8.tmp
02/09/2006 13:04 <DIR> WASFE87.tmp
02/09/2006 13:04 <DIR> WER1.tmp.dir00
02/09/2006 13:04 <DIR> WER10.tmp.dir00
02/09/2006 13:04 <DIR> WER16.tmp.dir00
02/09/2006 13:04 <DIR> WER2.tmp.dir00
02/09/2006 13:04 <DIR> Word8.0
02/09/2006 13:04 <DIR> Yahoo!
02/09/2006 13:04 <DIR> _is84
11/11/2003 20:39 <DIR> _ISTMP1.DIR
02/09/2006 13:04 <DIR> {0bedbd4e-2d34-47b5-9973-57e62b29307c}
24/01/2006 11:24 <DIR> {11C6FE9B-21BB-4CAC-8EEA-863A8ABFA3D5}
02/09/2006 13:04 <DIR> {5809e7cf-4dcf-11d4-9875-00105ace7734}
02/09/2006 13:04 <DIR> {6811caa0-bf12-11d4-9ea1-0050bae317e1}
02/07/2006 20:57 <DIR> {9CD51848-178F-43BC-B9D2-F4BA9AA71993}
02/09/2006 14:40 16.384 ~DF163B.tmp
02/09/2006 12:56 81.920 ~DF8B0.tmp
02/09/2006 11:33 16.384 ~DFFB34.tmp
15 Datei(en) 279.247 Bytes
66 Verzeichnis(se), 3.916.107.776 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\Temp

02/09/2006 13:04 <DIR> .
02/09/2006 13:04 <DIR> ..
02/09/2006 13:04 <DIR> _ISTMP0.DIR
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 3.916.107.776 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Temp

24/07/2006 22:51 <DIR> .
24/07/2006 22:51 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.916.107.776 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme

02/09/2006 11:29 <DIR> .
02/09/2006 11:29 <DIR> ..
01/08/2004 23:26 <DIR> Adaware ( Spyaware )
10/08/2005 17:34 <DIR> Adobe
06/11/2003 22:39 <DIR> Ahead
21/06/2006 11:01 <DIR> AntiVir PersonalEdition Classic
06/11/2003 22:33 <DIR> ATI Technologies
23/05/2005 22:29 <DIR> BitComet
12/11/2003 21:47 <DIR> C-Media 3D Audio
02/09/2006 11:27 <DIR> CleanUp!
24/01/2006 11:19 <DIR> Club-3D
05/03/2004 17:56 <DIR> Common Files
06/11/2003 22:12 <DIR> ComPlus Applications
12/06/2004 12:20 <DIR> Creative
06/11/2003 22:36 <DIR> CyberLink
05/12/2004 17:26 <DIR> Desktop
11/12/2003 20:02 <DIR> DivX
17/11/2003 22:33 <DIR> EAC095PB3
19/01/2006 22:21 <DIR> Flash player
11/07/2006 19:25 <DIR> Franzis
24/02/2004 16:38 <DIR> GameHouse
05/12/2004 18:28 <DIR> Gemeinsame Dateien
18/06/2006 13:30 <DIR> ICQLite
12/08/2006 18:29 <DIR> Internet Explorer
06/06/2006 17:19 <DIR> Invent
13/12/2005 23:56 <DIR> Java
01/08/2004 23:26 <DIR> Lavasoft
28/01/2004 21:20 <DIR> Logitech
02/09/2006 11:10 <DIR> Media-Codec
06/11/2003 22:16 <DIR> microsoft frontpage
17/11/2003 21:09 <DIR> Microsoft Office
08/10/2004 10:36 <DIR> Movie Maker
02/09/2006 11:43 <DIR> Mozilla Firefox
06/11/2003 22:12 <DIR> MSN Gaming Zone
11/07/2006 07:06 <DIR> MSN Messenger
03/12/2003 14:40 4.952.816 MSN Messenger.exe
08/10/2004 10:31 <DIR> NetMeeting
28/04/2004 16:32 <DIR> Neuer Ordner
06/11/2003 22:14 <DIR> Online-Dienste
13/04/2006 09:57 <DIR> Outlook Express
11/07/2006 22:06 <DIR> Picasa2 Foto Album
02/09/2006 13:28 <DIR> Protecus
21/06/2006 11:01 <DIR> QuickTime
05/12/2005 22:34 <DIR> RealPlayer
28/07/2004 21:00 <DIR> shizmoo
11/11/2003 20:33 <DIR> SiSLan
20/06/2006 21:59 <DIR> Trend Micro
24/03/2006 20:17 <DIR> VideoLAN
14/04/2005 19:53 <DIR> Viewpoint
02/09/2006 11:11 <DIR> VirusBurst
24/03/2006 20:15 <DIR> VLC-PLayer
25/06/2006 11:31 <DIR> Winamp
02/09/2006 11:11 <DIR> Windows Media Player
27/12/2005 23:09 <DIR> Windows NT
20/06/2006 23:28 <DIR> WinRAR
06/11/2003 22:16 <DIR> xerox
30/06/2006 09:25 <DIR> Yahoo!
1 Datei(en) 4.952.816 Bytes
56 Verzeichnis(se), 3.916.103.680 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi\Lokale Einstellungen\Anwendungsdaten

10/08/2005 17:02 <DIR> Adobe
19/04/2004 23:16 <DIR> Apple Computer
20/12/2005 00:53 <DIR> ApplicationHistory
07/08/2006 23:46 239.616 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
08/11/2005 00:34 136 fusioncache.dat
25/08/2006 20:37 19.920 GDIPFONTCACHEV1.DAT
11/07/2006 22:04 <DIR> Google
16/08/2004 11:27 <DIR> Help
17/11/2003 21:11 <DIR> Identities
08/11/2005 00:34 <DIR> IsolatedStorage
29/06/2006 19:18 <DIR> Microsoft
27/12/2005 23:29 <DIR> Mozilla
05/12/2004 18:11 <DIR> WMTools Downloaded Files
3 Datei(en) 259.672 Bytes
10 Verzeichnis(se), 3.916.103.680 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\adi\Anwendungsdaten

10/08/2005 17:28 <DIR> Adobe
10/08/2005 17:13 <DIR> AdobeAUM
28/04/2005 01:21 <DIR> AdobeUM
19/04/2004 23:16 <DIR> Apple Computer
22/05/2005 22:56 <DIR> Azureus
07/12/2003 15:32 <DIR> Creative
07/02/2005 16:33 <DIR> Datalayer
28/07/2005 20:28 <DIR> Google
21/05/2004 19:17 <DIR> Help
30/06/2004 10:02 <DIR> ICQLite
06/11/2003 22:24 <DIR> Identities
17/11/2003 22:29 <DIR> InterTrust
01/10/2004 22:51 <DIR> Leadertech
04/12/2003 23:18 <DIR> Macromedia
27/12/2005 23:29 <DIR> Mozilla
02/10/2004 13:00 <DIR> Nokia
02/12/2004 09:35 <DIR> Nokia Multimedia Player
30/09/2004 23:29 <DIR> PC Suite
05/12/2004 18:29 <DIR> Real
03/12/2003 16:19 <DIR> Sun
14/04/2005 19:50 <DIR> Viewpoint
24/03/2006 22:02 <DIR> vlc
07/01/2004 19:35 <DIR> Yahoo! Messenger
0 Datei(en) 0 Bytes
23 Verzeichnis(se), 3.916.099.584 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

29/03/2006 21:12 305 addr_file.html
30/09/2004 20:37 <DIR> Adobe
30/08/2006 12:17 <DIR> AntiVir PersonalEdition Classic
06/11/2003 22:36 <DIR> CyberLink
24/01/2006 11:23 <DIR> InstallShield
28/04/2005 01:02 <DIR> MSN6
05/07/2006 10:08 <DIR> MyPhotoFun-Polyprint
19/04/2004 23:17 <DIR> QuickTime
20/12/2005 23:39 <DIR> Trymedia
14/04/2005 19:53 <DIR> Viewpoint
02/10/2005 09:49 <DIR> Windows Genuine Advantage
30/06/2006 09:17 <DIR> Yahoo! Companion
1 Datei(en) 305 Bytes
11 Verzeichnis(se), 3.916.099.584 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\Gemeinsame Dateien

05/12/2004 18:28 <DIR> .
05/12/2004 18:28 <DIR> ..
10/08/2005 17:34 <DIR> Adobe
17/11/2003 21:09 <DIR> Designer
06/11/2003 22:13 <DIR> Dienste
24/01/2006 11:19 <DIR> InstallShield
03/12/2003 16:14 <DIR> Java
28/01/2004 21:20 <DIR> Logitech
31/07/2004 21:08 <DIR> Microsoft Shared
06/11/2003 22:13 <DIR> MSSoap
29/11/2004 11:59 <DIR> Nokia
06/11/2003 05:11 <DIR> ODBC
29/11/2004 11:59 <DIR> PCSuite
05/12/2004 18:27 <DIR> Real
06/11/2003 05:11 <DIR> SpeechEngines
13/04/2006 09:57 <DIR> System
16/11/2004 23:23 <DIR> Teleca Shared
05/12/2004 18:28 <DIR> xing shared
0 Datei(en) 0 Bytes
18 Verzeichnis(se), 3.916.099.584 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Windows\tasks

#4 1.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren)

VirusBurst
Media-Codec

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

2.
erstelle eine neu.bat - poste den text ..alles bisher gepostete wird wieder erscheinen - poste nur diesen Teil

Zitat

cd\
dir "C:\Program Files\Spyware Stormer" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" >>files.txt
dir "C:\Programme\VirusBurst\Lang" >>files.txt
dir "C:\Programme\VirusBurst\Logs" >>files.txt
dir "C:\Programme\VirusBurst\Quarantine" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#5 REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 02/09/2006 16:07:00 for strings:
; 'virusburst'
; 'media-codec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}\InprocServer32]
@="C:\\Programme\\Media-Codec\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}\InprocServer32]
@="C:\\Programme\\Media-Codec\\iesplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9}\1.0\0\win32]
@="C:\\Programme\\VirusBurst\\VirusBurst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9}\1.0\HELPDIR]
@="C:\\Programme\\VirusBurst\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusBurst.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusBurst.exe]
@="C:\\Programme\\VirusBurst\\VirusBurst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"homepage.monitor.exe"="C:\\Programme\\Media-Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Media-Codec\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusBurst"="C:\\Programme\\VirusBurst\\VirusBurst.exe /h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\Media-Codec\\iesuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On]
"UninstallString"="\"C:\\Programme\\Media-Codec\\isauninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec]
"DisplayName"="Media-Codec 4.0"
"UninstallString"="C:\\Programme\\Media-Codec\\uninst.exe"
"DisplayIcon"="C:\\Programme\\Media-Codec\\uninst.exe"
"URLInfoAbout"="www.media-codec.com"
"Publisher"="Media-Codec Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\Media-Codec\\pmuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst]
"DisplayName"="VirusBurst 6.1"
"UninstallString"="C:\\Programme\\VirusBurst\\uninst.exe"
"DisplayIcon"="C:\\Programme\\VirusBurst\\VirusBurst.exe"
"NSIS:StartMenuDir"="VirusBurst"
"URLInfoAbout"="http://www.VirusBurst.com"
"Publisher"="VirusBurst.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst]

[HKEY_USERS\S-1-5-21-2000478354-1343024091-839522115-1003\Software\Internet Security]
"Path"="C:\\Programme\\Media-Codec"

[HKEY_USERS\S-1-5-21-2000478354-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusBurst]

[HKEY_USERS\S-1-5-21-2000478354-1343024091-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOKUME~1\\adi\\LOKALE~1\\Temp\\vb17.exe"="VirusBurst Install"
"C:\\Programme\\VirusBurst\\VirusBurst.exe"="Anti- spyware and adware"
"C:\\Programme\\Media-Codec\\isamonitor.exe"="isamonitor"
"C:\\Programme\\Media-Codec\\pmsngr.exe"="pmsngr"

; End Of The Log...




NEU.BAT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\Media-Codec

02/09/2006 11:10 <DIR> .
02/09/2006 11:10 <DIR> ..
02/09/2006 11:10 27.136 iesplugin.dll
02/09/2006 11:10 8.192 iesuninst.exe
02/09/2006 11:33 12.800 isaddon.dll
02/09/2006 11:33 4.608 isamini.exe
02/09/2006 11:10 27.648 isamonitor.exe
02/09/2006 11:10 8.704 isauninst.exe
02/09/2006 11:10 4.286 ot.ico
02/09/2006 11:33 2.472 pmmon.exe
02/09/2006 11:10 10.996 pmsngr.exe
02/09/2006 11:10 9.216 pmuninst.exe
02/09/2006 11:10 4.286 ts.ico
02/09/2006 11:10 27.722 uninst.exe
12 Datei(en) 148.066 Bytes
2 Verzeichnis(se), 3.916.115.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
14/03/2006 12:44 50.527 blacklist.txt
02/09/2006 11:11 <DIR> Lang
02/09/2006 11:11 <DIR> Logs
26/01/2006 11:56 499.712 msvcp71.dll
26/01/2006 11:56 348.160 msvcr71.dll
02/09/2006 11:11 <DIR> Quarantine
29/08/2006 13:02 1.152.768 ref.dat
02/09/2006 11:11 41.436 uninst.exe
29/08/2006 12:20 1.507.328 VirusBurst.exe
02/09/2006 11:11 51 VirusBurst.url
7 Datei(en) 3.599.982 Bytes
5 Verzeichnis(se), 3.916.115.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

#6 erstelle eine num.bat - poste den text (alles)

Zitat

cd\
dir "C:\Program Files\Spyware Stormer" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" >>files.txt
dir "C:\Programme\VirusBurst\Lang" >>files.txt
dir "C:\Programme\VirusBurst\Logs" >>files.txt
dir "C:\Programme\VirusBurst\Quarantine" >>files.txt
notepad files.txt

dann beginnt die reinigung
__________
MfG Sabina

rund um die PC-Sicherheit

#7 hmm...
womit soll ich reinigen ?



Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1

21/04/2005 07:47 <DIR> .
21/04/2005 07:47 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.909.779.456 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Lang

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
29/08/2006 13:03 32.739 English.ini
1 Datei(en) 32.739 Bytes
2 Verzeichnis(se), 3.909.779.456 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Logs

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.909.779.456 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Quarantine

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.909.779.456 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Program Files\Spyware Stormer

01/08/2004 23:17 <DIR> .
01/08/2004 23:17 <DIR> ..
01/08/2004 23:17 1.010.052 Setup.exe
1 Datei(en) 1.010.052 Bytes
2 Verzeichnis(se), 3.924.889.600 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1

21/04/2005 07:47 <DIR> .
21/04/2005 07:47 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.924.889.600 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Lang

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
29/08/2006 13:03 32.739 English.ini
1 Datei(en) 32.739 Bytes
2 Verzeichnis(se), 3.924.889.600 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Logs

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.924.889.600 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 04D1-3975

Verzeichnis von C:\Programme\VirusBurst\Quarantine

02/09/2006 11:11 <DIR> .
02/09/2006 11:11 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.924.889.600 Bytes frei

#8 adilescent

1.
mediacodec.zip laden -> http://virus-protect.org/zip/mediacodec.zip entpacken auf dem Desktop -> mediacodec.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst

Files to delete:
C:\WINDOWS\system32\eowygj.dll
C:\Programme\VirusBurst\blacklist.txt
C:\Programme\VirusBurst\msvcp71.dll
C:\Programme\VirusBurst\msvcr71.dll
C:\Programme\VirusBurst\ref.dat
C:\Programme\VirusBurst\uninst.exe
C:\Programme\VirusBurst\VirusBurst.exe
C:\Programme\VirusBurst\VirusBurst.url
C:\Programme\VirusBurst\Lang\English.ini
C:\Programme\Media-Codec\iesplugin.dll
C:\Programme\Media-Codec\iesuninst.exe
C:\Programme\Media-Codec\isaddon.dll
C:\Programme\Media-Codec\isamini.exe
C:\Programme\Media-Codec\isamonitor.exe
C:\Programme\Media-Codec\isauninst.exe
C:\Programme\Media-Codec\ot.ico
C:\Programme\Media-Codec\pmmon.exe
C:\Programme\Media-Codec\pmsngr.exe
C:\Programme\Media-Codec\pmuninst.exe
C:\Programme\Media-Codec\ts.ico
C:\Programme\Media-Codec\uninst.exe
C:\Program Files\Spyware Stormer\Setup.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

*
poste den report vom avenger, der nach neustart erscheinen wird

**
scanne mit smitfraudfix (option 1 und 2 )
poste beide reporte
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\Media-Codec\isaddon.dll

O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Programme\Media-Codec\iesplugin.dll

O4 - HKLM\..\Run: [VirusBurst] C:\Programme\VirusBurst\VirusBurst.exe /h

O21 - SSODL: gorgonian - {e944d14a-03aa-43e3-9d0e-4f50c4d1b005} - C:\WINDOWS\system32\eowygj.dll

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hi Sabina...

hier sind die Berichte...

bei dem Schritt mit dem HijackThis konnte ich leider nichts machen, denn die vier Einträge nicht gefunden werden konnten.

lg,

Adilescent

Script file located at: \??\C:\WINDOWS\dltwudty.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\eowygj.dll deleted successfully.
File C:\Programme\VirusBurst\blacklist.txt deleted successfully.
File C:\Programme\VirusBurst\msvcp71.dll deleted successfully.
File C:\Programme\VirusBurst\msvcr71.dll deleted successfully.
File C:\Programme\VirusBurst\ref.dat deleted successfully.
File C:\Programme\VirusBurst\uninst.exe deleted successfully.
File C:\Programme\VirusBurst\VirusBurst.exe deleted successfully.
File C:\Programme\VirusBurst\VirusBurst.url deleted successfully.
File C:\Programme\VirusBurst\Lang\English.ini deleted successfully.
File C:\Programme\Media-Codec\iesplugin.dll deleted successfully.
File C:\Programme\Media-Codec\iesuninst.exe deleted successfully.
File C:\Programme\Media-Codec\isaddon.dll deleted successfully.
File C:\Programme\Media-Codec\isamini.exe deleted successfully.
File C:\Programme\Media-Codec\isamonitor.exe deleted successfully.
File C:\Programme\Media-Codec\isauninst.exe deleted successfully.
File C:\Programme\Media-Codec\ot.ico deleted successfully.
File C:\Programme\Media-Codec\pmmon.exe deleted successfully.
File C:\Programme\Media-Codec\pmsngr.exe deleted successfully.
File C:\Programme\Media-Codec\pmuninst.exe deleted successfully.
File C:\Programme\Media-Codec\ts.ico deleted successfully.
File C:\Programme\Media-Codec\uninst.exe deleted successfully.
File C:\Program Files\Spyware Stormer\Setup.exe deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



SmitFraudFix Rapport 1

SmitFraudFix v2.83

Scan done at 13:29:46,73, 03/09/2006
Run from C:\Programme\Protecus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\adi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOKUME~1\adi\STARTM~1\VirusBurst 6.1.lnk FOUND !
C:\DOKUME~1\adi\STARTM~1\PROGRA~1\VirusBurst FOUND !
C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\adi\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOKUME~1\adi\Desktop\VirusBurst.lnk FOUND !
C:\DOKUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOKUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

C:\Programme\Media-Codec\ FOUND !
C:\Programme\VirusBurst\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



SmitFraudFix Rapport 2

SmitFraudFix v2.83

Scan done at 13:35:48,75, 03/09/2006
Run from C:\Programme\Protecus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\eowygj.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\adi\Desktop\VirusBurst.lnk Deleted
C:\DOKUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOKUME~1\adi\STARTM~1\VirusBurst 6.1.lnk Deleted
C:\DOKUME~1\adi\STARTM~1\PROGRA~1\VirusBurst Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Programme\Media-Codec\ Deleted
C:\Programme\VirusBurst\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#10 es muesste wieder alles in Ordnung sein pass besser auf, wenn du Codecs anwendest, oder wie ist das auf deinen Rechner gelangt ????
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Da war irgendwie ne Nachricht, die sagte, dass mein WindowsMediaPlayer einen neuen Codec braucht bzw. nicht neu genug ist.
Ich dachte, die Nachricht war ok... doch eine Falle

Was ist denn mit dem Blauen Stern von Windows (sieh Anhang ganz rechts). Da steht:" Möglicherweise sind Sie das Opfer einer Softwarefälschung". Kann man das Problem beheben?

#12 das kannst du hier mal nachlesen:

Zitat

Du bist Opfer der automatischen Windows-updates geworden, die dir eine entsprechende Datei unterjubelt
http://www.nickles.de/static_cache/538104338.html

__________
MfG Sabina

rund um die PC-Sicherheit

#13 Oh danke...
werd gleich mal lesen :-)