Crypted' [HEUR-DBLEXT/Crypted] gefunden |
||
|---|---|---|
| #0
| ||
|
16.02.2007, 00:20
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
16.02.2007, 11:35
Ehrenmitglied
 Beiträge: 29434 |
#2
Der_Mo
es sollte mit loeschen der temporaeren Dateien und nach scannen mit Antivirus das Problem behoben sein... du kannst es noch mit Onlinescans ueberpruefen: http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
16.02.2007, 14:34
...neu hier
Themenstarter Beiträge: 2 |
#3
Hi,
danke erst mal für dei Antowrt, habe das nun gemacht, der AntiVir findet nichts mehr, aber die Online Scanner funktionieren alle nicht, sagen zu alter Inet Explorer, habe aber den Inet Explorer 7.. nur der Mozilla ist als primärer Browser eingestellt, kann es daran liegen? also habe nun doch einen scan geschafft, das ist der report: Scanning Report Friday, February 16, 2007 14:47:12 - 15:23:59 Computer name: DAY Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ F:\ Result: 2 malware found Possible Browser Hijack attempt (spyware) * System (Disinfected) Tracking Cookie (spyware) * System (Disinfected) Statistics Scanned: * Files: 33292 * System: 4598 * Not scanned: 3 Actions: * Disinfected: 2 * Renamed: 0 * Deleted: 0 * None: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Options Scanning engines: * F-Secure Libra: 2.4.2, 2007-02-14 * F-Secure AVP: 7.0.171, 2007-02-16 * F-Secure Orion: 1.2.37, 2007-02-16 * F-Secure Blacklight: 1.0.53, 0000-00-00 * F-Secure Draco: 1.0.35, 0260-02-44 * F-Secure Pegasus: 1.19.0, 2007-01-13 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX * Use Advanced heuristics der hat halt 2mal spyware gefudnen... Dieser Beitrag wurde am 16.02.2007 um 15:22 Uhr von Der_Mo editiert.
|
|
|
|
|
|
|
16.02.2007, 15:44
Ehrenmitglied
Beiträge: 29434 |
#4
scanne und poste hier den scanreport
http://virus-protect.org/a2.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe es auch geschafft mir folgende zwei Viren über das Anklicken eines Icq-Linkes zu ergattern:
____________________________________________________________________
In der Datei 'C:\Dokumente und Einstellungen\Day4p\Lokale Einstellungen\Temp\oizymit1.pif'
wurde ein Virus oder unerwünschtes Programm 'HEUR-DBLEXT/Crypted' [HEUR-DBLEXT/Crypted] gefunden.
In der Datei 'C:\Dokumente und Einstellungen\Day4p\Anwendungsdaten\Mozilla\Firefox\Profiles\of3z0qm7.default\cache\b6552bfad01'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XDR.Gen' [TR/Crypt.XDR.Gen] gefunden.
____________________________________________________________________
Diese Meldungen finde ich unter *Ereignisse* in meinem AntiVir.
Habe den Scanner danach noch mehrmals laufen lassen, aber ohne irgendwelche Fünde.
Nur mein Freund, der schon einen Post mit ähnlchem Titel erstellt hat, informierte mich darüber, dass der Schein trügen könnte..
Ich würde nun gerne wissen, ob ich die Viren noch habe, oder nicht.
Dafür werde ich gleich versuchen, alle 5 Schritte in der Anleitung durchzuführen, die er mir geschickt hat, und die Ergebnisse hier in weiteren Post vortragen.
MfG -Mo
________________________________________________________________
Das ist der 1. Schritt:
Logfile of HijackThis v1.99.1
Scan saved at 00:45:26, on 16.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOKUME~1\Day4p\LOKALE~1\Temp\Rar$EX24.563\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lachkatze.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
____________________________________________________________________
Schritt 2, der Clean Up:
CleanUp! started on 02/16/07 01:05:11.
...
C:\WINDOWS\temp\javapi\v1.0\file\sitemap.class-439876c6-6d8d5edb.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\SitemapDebug.class-23e3ad73-78dfa63c.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\SitemapDebug.class-23e3ad73-78dfa63c.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\sm_10.gif-5510d632-36011851.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\sm_10.gif-5510d632-36011851.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\sm_12.gif-552d0534-4671900c.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\sm_12.gif-552d0534-4671900c.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\splash.gif-1181d1ac-59deeb8a.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\splash.gif-1181d1ac-59deeb8a.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\StartBildC.jpg-a0eb36e-497aba7e.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\StartBildC.jpg-a0eb36e-497aba7e.jpg - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Stop.class-270bb789-3b72f95a.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Stop.class-270bb789-3b72f95a.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\stop.gif-482133c7-26d0b346.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\stop.gif-482133c7-26d0b346.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Super9.jpg-12dcb81c-6121cc1a.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Super9.jpg-12dcb81c-6121cc1a.jpg - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_0.gif-3caa847b-5ad0bb8d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_0.gif-3caa847b-5ad0bb8d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_0.gif-5f87be6e-119fa9e9.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_0.gif-5f87be6e-119fa9e9.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-2f079842-22ecd43b.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-2f079842-22ecd43b.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-486b3487-37688d1d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-486b3487-37688d1d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-52bcaa1a-38e377df.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-52bcaa1a-38e377df.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-67f4ab54-27f9a4f8.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-67f4ab54-27f9a4f8.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-6d7823ae-2d14f89d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-6d7823ae-2d14f89d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-7bc1fd01-564f0439.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_1029.gif-7bc1fd01-564f0439.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2010.gif-2befa9f2-3af8305c.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2010.gif-2befa9f2-3af8305c.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2010.gif-45251803-41475816.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2010.gif-45251803-41475816.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2011.gif-38784252-40982409.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2011.gif-38784252-40982409.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2011.gif-6860b42b-7bf6e823.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2011.gif-6860b42b-7bf6e823.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-22a25376-1b5e5ffa.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-22a25376-1b5e5ffa.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-32ba641b-7cc96b3e.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-32ba641b-7cc96b3e.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-39dce46f-39963393.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-39dce46f-39963393.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-3c05efbb-4d16cf35.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-3c05efbb-4d16cf35.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-5b8f6688-3689dbd3.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-5b8f6688-3689dbd3.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-6112dee2-35ea7d15.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-6112dee2-35ea7d15.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-6f5cb835-1c14d81d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symMap24_2095.gif-6f5cb835-1c14d81d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND100.gif-537a5802-71b7e0e9.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND100.gif-537a5802-71b7e0e9.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND11.gif-52fb3362-3f845d10.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND11.gif-52fb3362-3f845d10.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND11.gif-61083095-585391f5.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND11.gif-61083095-585391f5.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND111.gif-553d4822-39eeceee.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND111.gif-553d4822-39eeceee.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND120.gif-22d448e5-3e8808d3.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND120.gif-22d448e5-3e8808d3.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND120.gif-56e40940-2fabcdf4.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND120.gif-56e40940-2fabcdf4.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-320b1752-6848784e.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-320b1752-6848784e.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-53176264-57b258b6.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-53176264-57b258b6.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-61245f97-3038cc09.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-61245f97-3038cc09.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-74731ee4-791208cb.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND13.gif-74731ee4-791208cb.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND130.gif-24892184-2dad84af.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND130.gif-24892184-2dad84af.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND130.gif-5898e1df-7264d9d3.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND130.gif-5898e1df-7264d9d3.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-1e4ef3bb-473fe4b7.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-1e4ef3bb-473fe4b7.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-32192ed3-7c9ddbe9.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-32192ed3-7c9ddbe9.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-532579e5-16b2f593.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-532579e5-16b2f593.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-61327718-5b6f60de.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-61327718-5b6f60de.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-74813665-7dcca72c.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND14.gif-74813665-7dcca72c.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-263dfa23-53fddfdc.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-263dfa23-53fddfdc.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-26bb1151-39fc040f.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-26bb1151-39fc040f.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-30d6e4d1-58acb206.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-30d6e4d1-58acb206.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-40c0d23b-39933782.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-40c0d23b-39933782.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-5a4dba7e-74022469.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND140.gif-5a4dba7e-74022469.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND17.gif-534fc068-7c51fc8d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND17.gif-534fc068-7c51fc8d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-2b47d074-7deee434.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-2b47d074-7deee434.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-5ee47a6d-4468f358.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-5ee47a6d-4468f358.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-ed4223b-429e7669.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND170.gif-ed4223b-429e7669.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND18.gif-535dd7e9-3f111555.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND18.gif-535dd7e9-3f111555.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND18.gif-616ad51c-56e3631d.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND18.gif-616ad51c-56e3631d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND210.gif-609e9635-3a91e70b.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND210.gif-609e9635-3a91e70b.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND210.gif-7088839f-43d5cc99.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND210.gif-7088839f-43d5cc99.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND211.gif-a238363-299cc77e.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND211.gif-a238363-299cc77e.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND213.gif-562ff20a-2bbc3add.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND213.gif-562ff20a-2bbc3add.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND214.gif-60d6f439-376a8844.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND214.gif-60d6f439-376a8844.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND215.gif-60e50bba-31452c58.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND215.gif-60e50bba-31452c58.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND236.gif-59c3e9cb-5a73cf87.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND236.gif-59c3e9cb-5a73cf87.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND236.gif-dd3aa26-3a1c1d13.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND236.gif-dd3aa26-3a1c1d13.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND_EUROPE170.gif-7914b5c4-1f215e00.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\symTAAND_EUROPE170.gif-7914b5c4-1f215e00.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TellFrame.class-37049d71-3c187129.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TellFrame.class-37049d71-3c187129.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TextRectangle.class-47ec902e-5d32fe2a.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TextRectangle.class-47ec902e-5d32fe2a.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TilesComponent.class-4deed30a-5758cbcb.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\TilesComponent.class-4deed30a-5758cbcb.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\timelow.au-4b6a3aeb-232cafb5.au - deleted
C:\WINDOWS\temp\javapi\v1.0\file\timelow.au-4b6a3aeb-232cafb5.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\tisch.gif-2925b305-4ec521ff.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\tisch.gif-2925b305-4ec521ff.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\tischend.gif-627f6bdc-30d766c3.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\tischend.gif-627f6bdc-30d766c3.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\ToolCanvas.class-aae33fd-29e391b9.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\ToolCanvas.class-aae33fd-29e391b9.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\ToolFrame.class-217f3a76-6f3cf83b.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\ToolFrame.class-217f3a76-6f3cf83b.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Tools.class-2e77061c-3bc5b71f.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Tools.class-2e77061c-3bc5b71f.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\top.gif-1d24be8a-4c999490.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\top.gif-1d24be8a-4c999490.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\top_blue.gif-500f1955-46e84537.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\top_blue.gif-500f1955-46e84537.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\triste.gif-34db7b90-45b73386.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\triste.gif-34db7b90-45b73386.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\up.gif-39808fe0-7b65bd53.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\up.gif-39808fe0-7b65bd53.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51.class-5ecefeab-20e26a76.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51.class-5ecefeab-20e26a76.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51.class-66fadd81-63d340f5.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51.class-66fadd81-63d340f5.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51Sleep.class-766ef87c-773cc967.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51Sleep.class-766ef87c-773cc967.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51Sleep.class-7e9ad752-1ddd2a0b.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\v51Sleep.class-7e9ad752-1ddd2a0b.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Vect.class-3a4d91f0-7417bcd8.class - deleted
C:\WINDOWS\temp\javapi\v1.0\file\Vect.class-3a4d91f0-7417bcd8.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\vision1.jpg-2cc595b-3c7c5c6d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\vision1.jpg-2cc595b-3c7c5c6d.jpg - deleted
C:\WINDOWS\temp\javapi\v1.0\file\vision2.jpg-2da70dc-1a5a753f.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\vision2.jpg-2da70dc-1a5a753f.jpg - deleted
C:\WINDOWS\temp\javapi\v1.0\file\who_bgr.gif-690e6c4f-148f8501.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\who_bgr.gif-690e6c4f-148f8501.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\who_br.gif-2ca02d34-40cd7a57.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\who_br.gif-2ca02d34-40cd7a57.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\xciting.jpg-7d0a992a-480f9791.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\xciting.jpg-7d0a992a-480f9791.jpg - deleted
C:\WINDOWS\temp\javapi\v1.0\file\zoom_act.gif-483b3606-3ad24cca.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\zoom_act.gif-483b3606-3ad24cca.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\zoom_pas.gif-5e40e616-2385f1d5.gif - deleted
C:\WINDOWS\temp\javapi\v1.0\file\zoom_pas.gif-5e40e616-2385f1d5.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\file\ - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ACannons.jar-3b02f842-71c65151.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ACannons.jar-3b02f842-71c65151.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ar.jar-6a28554b-403b3280.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\BigText.jar-6c5dd354-1e938c89.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\BigText.jar-6c5dd354-1e938c89.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Client.jar-2379b5a8-130736fb.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Client.jar-2379b5a8-130736fb.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ColorGUI.jar-724e7f75-38337375.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ColorGUI.jar-724e7f75-38337375.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\game1397.jar-4353d49c-40bb45ec.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\game1397.jar-4353d49c-40bb45ec.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\irc.jar-3f64ed84-605f5093.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\irc.jar-3f64ed84-605f5093.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\jreal.jar-45817948-5171b28d.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\jreal.jar-45817948-5171b28d.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\knuddelsk88p.jar-134f93aa-5b6a5e71.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\knuddelsk88p.jar-134f93aa-5b6a5e71.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\knuddelsk89a.jar-14310bba-2d933c94.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\knuddelsk89a.jar-14310bba-2d933c94.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\loadgfx.jar-67c06940-6a2aeec8.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\loadgfx.jar-67c06940-6a2aeec8.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-10d7eefa-37c96558.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-10d7eefa-37c96558.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-13cb7a03-1b7423be.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-13cb7a03-1b7423be.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-22a4203b-570e3cce.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-22a4203b-570e3cce.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-388a1613-4669e128.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-388a1613-4669e128.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-39807c81-735a00a8.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-39807c81-735a00a8.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-3f136eed-2e3b8b95.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-3f136eed-2e3b8b95.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-f656706-5421d77f.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_c_e_TAAND_EUROPE_de-DE.zip-f656706-5421d77f.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_TAAND_EUROPE_de-DE.zip-5073bb70-49d794eb.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_2006_TAAND_EUROPE_de-DE.zip-5073bb70-49d794eb.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_de_eur_ld2.zip-49b6830a-55ac2349.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_de_eur_ld2.zip-49b6830a-55ac2349.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_TAAND_EUROPE_de-DE.zip-1c3ab5e1-6214e1ca.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_TAAND_EUROPE_de-DE.zip-1c3ab5e1-6214e1ca.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_TAAND_EUROPE_de-DE.zip-bd3b3db-58940592.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\map24portal_TAAND_EUROPE_de-DE.zip-bd3b3db-58940592.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\MultiUser.jar-6ceb2ceb-55c3778f.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\MultiUser.jar-6ceb2ceb-55c3778f.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\pixx.jar-38733f3b-75f96d90.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\pixx.jar-38733f3b-75f96d90.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\playingzone.zip-714ae403-1c53f0ef.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\playingzone.zip-714ae403-1c53f0ef.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ptviewer.jar-14c58939-729d1d32.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ptviewer.jar-14c58939-729d1d32.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\sparda_TAAND_EUROPE_de.zip-77394437-1096b1ff.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\sparda_TAAND_EUROPE_de.zip-77394437-1096b1ff.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\startup6.jar-491960be-39513a17.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\startup6.jar-491960be-39513a17.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Tilt.jar-7d42765a-6e449038.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Tilt.jar-7d42765a-6e449038.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Tools.jar-21749d22-3b263d78.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\Tools.jar-21749d22-3b263d78.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\TyperA-2.0.12.jar-3c446b89-11cc31c0.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\TyperA-2.0.12.jar-3c446b89-11cc31c0.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\TyperA-2.0.12.jar-4a41bbf2-72e90fc4.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\TyperA-2.0.12.jar-4a41bbf2-72e90fc4.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\xengine.jar-b4e9669-15a46284.idx - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\xengine.jar-b4e9669-15a46284.zip - deleted
C:\WINDOWS\temp\javapi\v1.0\jar\ - deleted
C:\WINDOWS\temp\javapi\v1.0\tmp\ - deleted
C:\WINDOWS\temp\javapi\v1.0\ - deleted
C:\WINDOWS\temp\javapi\ - deleted
C:\WINDOWS\temp\r1ptemp0\ - deleted
C:\WINDOWS\temp\r1ptemp14\ - deleted
C:\WINDOWS\temp\r1ptemp18\ - deleted
C:\WINDOWS\temp\r1ptemp2\ - deleted
C:\WINDOWS\temp\r1ptemp23\ - deleted
C:\WINDOWS\temp\r1ptemp8\ - deleted
C:\WINDOWS\temp\r1ptemp87\ - deleted
C:\WINDOWS\temp\r1ptemp9\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\temp\tmp\ - deleted
C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\571cc.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\CORECOMP.INI - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\HOWTO95.BMP - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Itinst.dll - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\Lang.ini - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\lic_en.txt - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\lic_fr.txt - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\lic_jp.txt - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\LOGO.BMP - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\PARSE.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\UNINST.EXE - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\_SETUP32.LIB - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\CORECOMP.INI - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\daac7.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\HOWTO95.BMP - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\Itinst.dll - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\Lang.ini - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\lic_en.txt - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\lic_fr.txt - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\lic_jp.txt - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\LOGO.BMP - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\PARSE.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\UNINST.EXE - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\_SETUP32.LIB - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\_ISTMP0.DIR\value.shl - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\_ISTMP0.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\ - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Day4p\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Day4p\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\ABSOLUTEPOKER7_0_5.EXE-39185469.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\APHH.EXE-058437FB.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVCONFIG.EXE-3B8B9C26.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\BROWSER.EXE-139113D6.pf - deleted
C:\WINDOWS\Prefetch\CASINOUNINSTALL.EXE-17C47FF5.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-352F6883.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\ELFO2005.EXE-1702D21D.pf - deleted
C:\WINDOWS\Prefetch\ELSTERFORMULAR2005-SETUP.EXE-0EE6AEFC.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-11A8A2D1.pf - deleted
C:\WINDOWS\Prefetch\HPRBLOG.EXE-20CD9551.pf - deleted
C:\WINDOWS\Prefetch\HPZENG12.EXE-07E42CEC.pf - deleted
C:\WINDOWS\Prefetch\HPZIPM12.EXE-145E7369.pf - deleted
C:\WINDOWS\Prefetch\HPZSTC12.EXE-2A807C2C.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MAGIC.EXE-06A64ED8.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1411.EXE-2E1660D7.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1421.EXE-222D8321.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1441.EXE-0739102F.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1481.EXE-04BE4300.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1491.EXE-18BF729A.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1581.EXE-39F8A1C2.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1641.EXE-25E25FE4.pf - deleted
C:\WINDOWS\Prefetch\MAGIC1981.EXE-0015AD1E.pf - deleted
C:\WINDOWS\Prefetch\MAINCLIENT.EXE-31F71FDE.pf - deleted
C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf - deleted
C:\WINDOWS\Prefetch\MRTSTUB.EXE-07D4D40D.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\PARTYGAMING.EXE-1E3ECB10.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A4A7DB6.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\SET1BE.TMP-0A70C9E5.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-1163E816.pf - deleted
C:\WINDOWS\Prefetch\TZCHANGE.EXE-095D4BC4.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-00F10F77.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-01335D04.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-0EEA2959.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1258FAFC.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-18B4BB99.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1A51DA7A.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1C122A3D.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1C48F2CB.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1DC1E04C.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2364EFDF.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-25C27830.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-29EEC6A2.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2CCC0CD1.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2CE5C44B.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2FA3F770.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-33509310.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-3651B0B2.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-3965E6F8.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-39F8940C.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.26-DELTA.-09B2BDCA.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\WKDSTORE.EXE-31475208.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969338.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933A.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933B.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 1.29 GB of disk space from 35769 files. Wow! You really needed that.
CleanUp! finished on 02/16/07 01:08:27.
____________________________________________________________________________________
Bei Schritt 3 funktioniert das Combofix nicht, da steht der Autor hat das Programm zu rZuet zurückgezogen...
Schritt 4 sprengt mein hirn ein bisl... ziga das Geklicke, ich versuch es nochmal..
Ok, er überfordert mein Hirn doch nicht, hier kommen die Logs:
1.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\WINDOWS\system32
16.02.2007 01:15 2.206 wpa.dbl
14.02.2007 13:49 122.142 TZLog.log
13.02.2007 22:48 248 systemdrv32.aso
07.02.2007 23:01 12.293.536 MRT.exe
29.01.2007 09:58 60.416 tzchange.exe
23.01.2007 20:30 546.304 hhctrl.ocx
12.01.2007 12:42 139.264 hpzjrd01.dll
12.01.2007 09:27 232.960 webcheck.dll
12.01.2007 09:27 477.696 mshtmled.dll
12.01.2007 09:27 822.784 wininet.dll
12.01.2007 09:27 6.054.400 ieframe.dll
12.01.2007 09:27 3.580.416 mshtml.dll
12.01.2007 09:27 51.712 msfeedsbs.dll
12.01.2007 09:27 458.752 msfeeds.dll
12.01.2007 09:27 132.608 extmgr.dll
12.01.2007 09:27 670.720 mstime.dll
12.01.2007 09:27 27.136 jsproxy.dll
12.01.2007 09:27 1.149.952 urlmon.dll
11.01.2007 01:12 274.168 FNTCACHE.DAT
10.01.2007 17:42 1.040.384 ieframe.dll.mui
08.01.2007 19:04 105.984 url.dll
08.01.2007 19:04 102.400 occache.dll
08.01.2007 19:03 193.024 msrating.dll
08.01.2007 19:02 1.823.744 inetcpl.cpl
08.01.2007 19:02 44.544 iernonce.dll
08.01.2007 19:02 266.752 iertutil.dll
08.01.2007 19:02 230.400 ieaksie.dll
08.01.2007 19:02 153.088 ieakeng.dll
08.01.2007 19:02 161.792 ieakui.dll
08.01.2007 19:02 384.000 iedkcs32.dll
08.01.2007 19:02 383.488 ieapfltr.dll
08.01.2007 19:01 17.408 corpol.dll
08.01.2007 19:00 124.928 advpack.dll
08.01.2007 18:08 56.832 ie4uinit.exe
08.01.2007 18:08 13.824 ieudinit.exe
19.12.2006 22:49 135.168 shsvcs.dll
19.12.2006 22:49 8.494.592 shell32.dll
19.12.2006 19:17 334.336 wiaservc.dll
07.12.2006 07:40 2.362.184 wmvcore.dll
2.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\DOKUME~1\Day4p\LOKALE~1\Temp
16.02.2007 01:24 512 ~DF1B07.tmp
16.02.2007 01:24 16.384 ~DF1AF5.tmp
16.02.2007 01:24 512 ~DF1AE0.tmp
16.02.2007 01:24 512 ~DF1AB9.tmp
16.02.2007 01:24 16.384 ~DF1AA7.tmp
16.02.2007 01:24 16.384 ~DF1ACE.tmp
16.02.2007 01:24 16.384 ~DF1A80.tmp
16.02.2007 01:24 512 ~DF1A92.tmp
16.02.2007 01:21 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}8084.html
16.02.2007 01:18 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}6551.html
16.02.2007 01:18 16.384 ~DF9724.tmp
16.02.2007 01:18 512 ~DF8E49.tmp
16.02.2007 01:18 16.384 ~DF8E37.tmp
16.02.2007 01:15 107 STS4.tmp
16.02.2007 01:15 16.384 ~DF7054.tmp
16.02.2007 01:15 2.989 hpodvd09.log
16.02.2007 01:15 1.285 MAR2.tmp
16.02.2007 01:15 1.342 MAR1.tmp
18 Datei(en) 124.932 Bytes
0 Verzeichnis(se), 58.592.903.168 Bytes frei
3. Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\WINDOWS
16.02.2007 01:15 6.104 ModemLog_Bluetooth DUN Modem.txt
16.02.2007 01:15 0 0.log
16.02.2007 01:15 4.244 ModemLog_Agere Systems PCI Soft Modem.txt
16.02.2007 01:15 2.020 ModemLog_Bluetooth Fax Modem.txt
16.02.2007 01:14 1.381.337 WindowsUpdate.log
16.02.2007 01:14 50 wiaservc.log
16.02.2007 01:14 159 wiadebug.log
16.02.2007 01:14 2.048 bootstat.dat
16.02.2007 01:13 32.622 SchedLgU.Txt
15.02.2007 17:59 253 tm.ini
15.02.2007 17:52 35 tdf.dii
14.02.2007 13:49 103.768 iis6.log
14.02.2007 13:49 202.009 comsetup.log
14.02.2007 13:49 125.207 ntdtcsetup.log
14.02.2007 13:49 34.818 ocmsn.log
14.02.2007 13:49 248.601 tsoc.log
14.02.2007 13:49 1.374 imsins.log
14.02.2007 13:49 19.982 KB927779.log
14.02.2007 13:49 31.282 msgsocm.log
14.02.2007 13:49 303.213 ocgen.log
14.02.2007 13:49 621.604 FaxSetup.log
14.02.2007 13:49 323.644 setupapi.log
14.02.2007 13:49 79.036 updspapi.log
14.02.2007 13:49 1.374 imsins.BAK
14.02.2007 13:49 16.977 KB927802.log
14.02.2007 13:49 16.649 KB928255.log
14.02.2007 13:49 8.683 KB923723.log
14.02.2007 13:49 13.159 KB924667.log
14.02.2007 13:49 25.602 KB931836.log
14.02.2007 13:49 15.103 KB926436.log
14.02.2007 13:49 10.929 KB928090-IE7.log
14.02.2007 13:49 11.829 KB918118.log
14.02.2007 13:48 10.571 KB928843.log
11.02.2007 01:43 432 BRWMARK.INI
11.02.2007 01:36 116 NeroDigital.ini
01.02.2007 22:16 20.186 wmsetup.log
12.01.2007 12:43 217 HP_IZClosingDiscErrorPatch.ini
12.01.2007 12:42 221 HP_RedboxHprblog_HPSU.ini
10.01.2007 22:11 113.117 hpoins07.dat
10.01.2007 22:10 532 win.ini
10.01.2007 16:34 3.611 KB929969.log
13.12.2006 14:37 10.693 KB925398.log
13.12.2006 14:36 12.427 KB923689.log
13.12.2006 14:36 11.107 KB926255.log
13.12.2006 14:36 10.938 KB923694.log
4.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\WINDOWS\Temp
16.02.2007 01:15 409 WGANotify.settings
16.02.2007 01:15 0 T30DebugLogFile.txt
16.02.2007 01:14 255 WGAErrLog.txt
3 Datei(en) 664 Bytes
0 Verzeichnis(se), 58.592.890.880 Bytes frei
5. down.txt
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\WINDOWS\Downloaded Program Files
26.01.2005 21:10 65 desktop.ini
08.09.2004 22:38 1.271 erma.inf
03.08.2004 14:51 293 wuweb.inf
08.12.2003 13:58 3.759 swflash.inf
22.08.2003 21:10 226 opuc.inf
5 Datei(en) 5.614 Bytes
0 Verzeichnis(se), 58.592.890.880 Bytes frei
6. sys.txt
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: F0ED-29D3
Verzeichnis von C:\
16.02.2007 01:26 0 sys.txt
16.02.2007 01:26 475 down.txt
16.02.2007 01:25 382 tmp.txt
16.02.2007 01:25 11.915 system.txt
16.02.2007 01:24 1.204 systemtemp.txt
16.02.2007 01:23 100.617 system32.txt
16.02.2007 01:14 1.073.270.784 hiberfil.sys
16.02.2007 01:14 1.610.612.736 pagefile.sys
20.10.2006 19:31 162 TO_InstallLog.txt
01.04.2005 10:53 211 boot.ini
12.02.2005 19:54 50 AUTOEXEC.BAT
26.01.2005 21:11 0 MSDOS.SYS
26.01.2005 21:11 0 IO.SYS
26.01.2005 21:11 0 CONFIG.SYS
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 47.564 NTDETECT.COM
04.08.2004 13:00 251.184 ntldr
17 Datei(en) 2.684.302.236 Bytes
0 Verzeichnis(se), 58.592.886.784 Bytes frei