Tr/spy.vundo.afThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
02.03.2007, 01:24
...neu hier
Beiträge: 10 |
||
 
|
|
|
|
03.03.2007, 16:49
Ehrenmitglied
 Beiträge: 29434 |
#2
««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked Zitat O2 - BHO: (no name) - {2EAA2C6A-2FBB-4EA9-BCBE-D7995711513A} - C:\WINDOWS\System32\mljjk.dll1. wende vundofix an http://virus-protect.org/artikel/tools/vundofixx.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« http://virus-protect.org/artikel/tools/sdfix.html SDFix.zip entpacken es erscheint folgende Meldung: "The SDFix Folder has been extracted to %systemdrive% - Please run from that location. (%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )" unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken schreibe: Y folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.03.2007, 17:41
...neu hier
Themenstarter Beiträge: 10 |
#3
SDFix: Version 1.69
Run by Hans - 03.03.2007 @ 17:22:31,50 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: mside Process Task Manager Path: "C:\WINDOWS\system\mside.exe" "C:\WINDOWS\system32\svhost.exe" mside Deleted Process Task Manager Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Microsoft\Word\~WRL2683.tmp Add/Remove Programs List: Avira AntiVir PersonalEdition Classic CleanUp! EU FIBU HijackThis 1.99.1 Cobra 11 - Nitro Mozilla Firefox (2.0.0.2) Nero 6 Ultra Edition NVIDIA Drivers Shockwave Spybot - Search & Destroy 1.4 Winamp (remove only) WinRAR archiver Cobra 11 - Nitro J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 Macromedia Flash MX DAEMON Tools FIFA 07 VSAdd-in for Internet Explorer Microsoft Office Professional Edition 2003 REALTEK Gigabit and Fast Ethernet NIC Driver TuneUp Utilities 2003 FIFA 07 Demo NFS Underground Adobe Reader 7.0.9 Realtek AC'97 Audio Finished |
|
|
|
|
|
|
03.03.2007, 17:51
Ehrenmitglied
Beiträge: 29434 |
#4
versuche im abgesicherten Modus zu loeschen oder zu deinstallieren:
VSAdd-in for Internet Explorer eigentlich muesste es nach anwendung vom avenger schon geloescht sein....) ------------ scanne und poste den scanreport http://virus-protect.org/ewido.html ---------- poste noch mal die 6 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.03.2007, 19:17
...neu hier
Themenstarter Beiträge: 10 |
#5
das löschen von VSAdd-in for Internet Explorer hat nicht funktioniert !!!
--------------------------------------------------------- AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 19:09:12 03.03.2007 + Scan-Ergebnis: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoriert. C:\System Volume Information\_restore{26778E00-6B1E-41BB-BD08-D844B225D156}\RP30\A0007138.exe -> Backdoor.SdBot.aad : Ignoriert. C:\WINDOWS\system32\__delete_on_reboot__s_p_o_o_l_v_c_._e_x_e_ -> Backdoor.SdBot.aad : Ignoriert. C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Ignoriert. :mozilla.17:C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Mozilla\Firefox\Profiles\36o8d66z.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoriert. :mozilla.16:C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Mozilla\Firefox\Profiles\36o8d66z.default\cookies.txt -> TrackingCookie.Ivwbox : Ignoriert. :mozilla.20:C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Mozilla\Firefox\Profiles\36o8d66z.default\cookies.txt -> TrackingCookie.Oewabox : Ignoriert. :mozilla.23:C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Mozilla\Firefox\Profiles\36o8d66z.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoriert. ::Berichtende Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\system32 03.03.2007 18:32 21.961 nvapps.xml 03.03.2007 18:24 41.804 __delete_on_reboot__s_p_o_o_l_v_c_._e_x_e_ 03.03.2007 18:24 70 i 03.03.2007 18:12 0 TFTP3732 03.03.2007 17:57 0 TFTP2704 03.03.2007 17:45 0 TFTP3872 03.03.2007 17:38 0 TFTP4084 03.03.2007 17:36 0 TFTP3928 03.03.2007 17:34 0 TFTP300 03.03.2007 17:30 20.480 zrjrf.exe 03.03.2007 17:27 0 TFTP200 03.03.2007 15:39 2.184 wpa.dbl 15.01.2007 20:17 241.536 FNTCACHE.DAT 20.12.2006 15:02 9.132 jupdate-1.5.0_10-b03.log 12.12.2006 20:19 49.174 perfc007.dat 12.12.2006 20:19 314.508 perfh009.dat 12.12.2006 20:19 40.836 perfc009.dat 12.12.2006 20:19 320.094 perfh007.dat 12.12.2006 20:19 724.842 PerfStringBackup.INI 12.12.2006 16:48 8.891 jupdate-1.5.0_09-b03.log 12.12.2006 15:35 25.065 wmpscheme.xml 12.12.2006 15:33 261 $winnt$.inf 12.12.2006 15:31 2.951 CONFIG.NT 12.12.2006 15:31 16.832 amcompat.tlb 12.12.2006 15:31 23.392 nscompat.tlb 12.12.2006 15:30 488 WindowsLogon.manifest 12.12.2006 15:30 488 logonui.exe.manifest 12.12.2006 15:30 749 ncpa.cpl.manifest 12.12.2006 15:30 749 nwc.cpl.manifest 12.12.2006 15:30 749 wuaucpl.cpl.manifest 12.12.2006 15:30 749 sapi.cpl.manifest 12.12.2006 15:30 749 cdplayer.exe.manifest 12.12.2006 15:29 21.740 emptyregdb.dat 12.12.2006 15:27 0 h323log.txt Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\DOKUME~1\Hans\LOKALE~1\Temp 03.03.2007 19:14 289 datFind.zip 03.03.2007 18:42 16.384 Perflib_Perfdata_70c.dat 03.03.2007 18:37 1.211 jusched.log 03.03.2007 18:16 54.272 ginstall.dll 03.03.2007 17:38 16.384 ~DFCAA.tmp 03.03.2007 17:17 729.141 SDFix.zip 03.03.2007 17:11 127.378 avenger-1.zip 03.03.2007 17:09 127.378 avenger.zip 03.03.2007 17:02 32.768 ~DF2A21.tmp 03.03.2007 16:59 16.384 ~DF4BCB.tmp 03.09.2006 00:42 344.064 eauninstall.exe 11 Datei(en) 1.465.653 Bytes 0 Verzeichnis(se), 16.141.910.016 Bytes frei Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS 03.03.2007 18:32 0 0.log 03.03.2007 18:32 1.874.903 WindowsUpdate.log 03.03.2007 18:31 2.048 bootstat.dat 03.03.2007 18:31 32.610 SchedLgU.Txt 03.03.2007 18:07 219.494 ntbtlog.txt 03.03.2007 18:06 20.040 comsetup.log 03.03.2007 18:06 10.543 ntdtcsetup.log 03.03.2007 18:06 63.931 iis6.log 03.03.2007 18:06 1.616 ocmsn.log 03.03.2007 18:06 20.348 ocgen.log 03.03.2007 18:06 1.556 msgsocm.log 03.03.2007 18:06 1.891 imsins.log 03.03.2007 18:06 17.563 tsoc.log 03.03.2007 18:06 24.511 FaxSetup.log 03.03.2007 18:06 13.822 msmqinst.log 01.03.2007 23:57 1.355 imsins.BAK 01.03.2007 23:57 9.238 MSI30-KB884016.log 01.03.2007 23:57 571.684 setupapi.log Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\Temp Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\Downloaded Program Files 12.12.2006 15:30 65 desktop.ini 1 Datei(en) 65 Bytes 0 Verzeichnis(se), 16.141.910.016 Bytes frei Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\ 03.03.2007 19:15 0 sys.txt 03.03.2007 19:15 290 down.txt 03.03.2007 19:15 111 tmp.txt 03.03.2007 19:15 4.799 system.txt 03.03.2007 19:15 792 systemtemp.txt 03.03.2007 19:14 93.044 system32.txt 03.03.2007 19:13 2.618 VundoFix.txt 03.03.2007 18:31 805.306.368 pagefile.sys 03.03.2007 17:13 10.486 avenger.txt 12.12.2006 15:56 1.056 ALCSetup.log 12.12.2006 15:31 0 MSDOS.SYS 12.12.2006 15:31 0 IO.SYS 12.12.2006 15:31 0 CONFIG.SYS 12.12.2006 15:31 0 AUTOEXEC.BAT 12.12.2006 15:27 194 boot.ini |
|
|
|
|
|
|
04.03.2007, 12:53
Ehrenmitglied
Beiträge: 29434 |
#6
Avenger
http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« http://virus-protect.org/artikel/tools/sdfix.html im Normalmodus RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen - waehle 6 - scanne + poste den scanreport + noch mal die 6 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2007, 15:05
...neu hier
Themenstarter Beiträge: 10 |
#7
Sophos Anti-Virus
Version 4.15.0 [Win32/Intel] Virus data version 4.15, March 2007 Includes detection for 224181 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 14:34:34, System date 04 March 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{26778E00-6B1E-41BB-BD08-D844B225D156}\RP30\A0007151.exe Removal successful Password protected file F:\Hans\BUCH98.XLS 2 boot sectors swept. 21879 files swept in 14 minutes and 24 seconds. 4 errors were encountered. 1 virus was discovered. 1 file out of 21879 was infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 4 encrypted files were not checked. Ending Sophos Anti-Virus. SDFix: Version 1.69 Run by Hans - 04.03.2007 @ 14:54:34,78 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Remote Process Manager Path: "C:\WINDOWS\system32\spoolvc.exe" Remote Process Manager Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Microsoft\Word\~WRL2683.tmp Add/Remove Programs List: Avira AntiVir PersonalEdition Classic AVG Anti-Spyware 7.5 CleanUp! EU FIBU HijackThis 1.99.1 Cobra 11 - Nitro Mozilla Firefox (2.0.0.2) Nero 6 Ultra Edition NVIDIA Drivers Shockwave Spybot - Search & Destroy 1.4 Winamp (remove only) WinRAR archiver Cobra 11 - Nitro J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 Macromedia Flash MX DAEMON Tools FIFA 07 Microsoft Office Professional Edition 2003 REALTEK Gigabit and Fast Ethernet NIC Driver TuneUp Utilities 2003 NFS Underground Adobe Reader 7.0.9 Realtek AC'97 Audio Finished hi bekomme seit diesen scan die ganze zeit vom AVG Anti-Spyware verschiedenste Backdoors gemeldet! und vom antiVir in verschiedenen system32 dateien den Worm/SpyBot.118272.5 Dieser Beitrag wurde am 04.03.2007 um 15:27 Uhr von even editiert.
|
|
|
|
|
|
|
04.03.2007, 16:05
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
04.03.2007, 16:42
...neu hier
Themenstarter Beiträge: 10 |
#9
hi
Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\system32 04.03.2007 16:38 0 TFTP3348 04.03.2007 16:36 0 TFTP2880 04.03.2007 16:33 21.961 nvapps.xml 03.03.2007 15:39 2.184 wpa.dbl 15.01.2007 20:17 241.536 FNTCACHE.DAT 20.12.2006 15:02 9.132 jupdate-1.5.0_10-b03.log 12.12.2006 20:19 320.094 perfh007.dat 12.12.2006 20:19 49.174 perfc007.dat 12.12.2006 20:19 314.508 perfh009.dat 12.12.2006 20:19 40.836 perfc009.dat 12.12.2006 20:19 724.842 PerfStringBackup.INI 12.12.2006 16:48 8.891 jupdate-1.5.0_09-b03.log 12.12.2006 15:35 25.065 wmpscheme.xml 12.12.2006 15:33 261 $winnt$.inf 12.12.2006 15:31 2.951 CONFIG.NT 12.12.2006 15:31 16.832 amcompat.tlb 12.12.2006 15:31 23.392 nscompat.tlb 12.12.2006 15:30 488 logonui.exe.manifest 12.12.2006 15:30 488 WindowsLogon.manifest 12.12.2006 15:30 749 ncpa.cpl.manifest 12.12.2006 15:30 749 sapi.cpl.manifest 12.12.2006 15:30 749 cdplayer.exe.manifest 12.12.2006 15:30 749 wuaucpl.cpl.manifest 12.12.2006 15:30 749 nwc.cpl.manifest 12.12.2006 15:29 21.740 emptyregdb.dat 12.12.2006 15:27 0 h323log.txt Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS 04.03.2007 16:32 0 0.log 04.03.2007 16:32 1.885.907 WindowsUpdate.log 04.03.2007 16:32 2.048 bootstat.dat 04.03.2007 16:30 391.940 ntbtlog.txt 04.03.2007 16:27 32.610 SchedLgU.Txt 03.03.2007 18:06 20.040 comsetup.log 03.03.2007 18:06 10.543 ntdtcsetup.log 03.03.2007 18:06 63.931 iis6.log 03.03.2007 18:06 1.616 ocmsn.log 03.03.2007 18:06 20.348 ocgen.log 03.03.2007 18:06 1.556 msgsocm.log 03.03.2007 18:06 1.891 imsins.log 03.03.2007 18:06 17.563 tsoc.log 03.03.2007 18:06 24.511 FaxSetup.log 03.03.2007 18:06 13.822 msmqinst.log 01.03.2007 23:57 1.355 imsins.BAK 01.03.2007 23:57 9.238 MSI30-KB884016.log 01.03.2007 23:57 571.684 setupapi.log 26.02.2007 12:12 3.113 MKDEMSG.LOG 26.02.2007 12:12 3.072 MKDEWE.TRN 26.02.2007 12:12 5.982 EFIBU.INI 24.02.2007 20:00 32 OFCK.INI 31.01.2007 12:22 353.867 DirectX.log 24.01.2007 21:36 155 winamp.ini 22.01.2007 13:40 616 EventSystem.log 15.01.2007 18:23 1.012 Active Setup Log.txt 15.01.2007 18:20 42 wininit.ini 15.01.2007 15:21 1.010 Active Setup Log.BAK 12.01.2007 18:41 2.106 discwriter.log 12.01.2007 18:41 0 OrangeBurn.log Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\DOKUME~1\Hans\LOKALE~1\Temp 04.03.2007 16:38 289 datFind.zip 04.03.2007 16:38 2.249 jusched.log 04.03.2007 15:13 0 WER1.tmp 03.03.2007 18:16 54.272 ginstall.dll 03.03.2007 17:38 16.384 ~DFCAA.tmp 03.03.2007 17:17 729.141 SDFix.zip 03.03.2007 17:11 127.378 avenger-1.zip 03.03.2007 17:09 127.378 avenger.zip 03.03.2007 17:02 32.768 ~DF2A21.tmp 03.03.2007 16:59 16.384 ~DF4BCB.tmp Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\Temp Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\WINDOWS\Downloaded Program Files 12.12.2006 15:30 65 desktop.ini 1 Datei(en) 65 Bytes 0 Verzeichnis(se), 16.111.251.456 Bytes frei Datentr„ger in Laufwerk C: ist Windoof Volumeseriennummer: 70B6-4535 Verzeichnis von C:\ 04.03.2007 16:39 0 sys.txt 04.03.2007 16:39 290 down.txt 04.03.2007 16:39 111 tmp.txt 04.03.2007 16:39 4.799 system.txt 04.03.2007 16:39 776 systemtemp.txt 04.03.2007 16:38 92.553 system32.txt 04.03.2007 16:32 805.306.368 pagefile.sys |
|
|
|
|
|
|
04.03.2007, 17:19
Ehrenmitglied
Beiträge: 29434 |
#10
««
Avenger Zitat Files to delete:«« http://virus-protect.org/artikel/tools/sdfix.html im Normalmodus RunThis.bat doppelt klicken reinschreiben: 1 3. full scan (heuristic/riskware scanning enabled) - scanne 4. save quarantine list - poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2007, 20:52
...neu hier
Themenstarter Beiträge: 10 |
#11
HI
das protokoll a-squared Command Line Scanner v. 2.0.0.103 (c) 2006 Emsi Software GmbH - www.emsisoft.com ID Object 0 C:\WINDOWS\smss.exe detected: Trace.File.ConfigSys jetzt hab ich mir noch einen TR/Dialer.FN.5 eingefangen der sobald ich mit dem internet verbunden bin vom antivir gemeldet wird nach dieser Meldung fährt der rechner nach einer minuter runter Dieser Beitrag wurde am 04.03.2007 um 21:05 Uhr von even editiert.
|
|
|
|
|
|
|
05.03.2007, 02:17
Ehrenmitglied
Beiträge: 29434 |
#12
ich denke, du wirst formatieren muessen, das System ist nicht mehr sauber zu bekommen
 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2007, 09:14
...neu hier
Themenstarter Beiträge: 10 |
#13
wie kann man das beim nächstenmal verhindern?
|
|
|
|
|
|
|
05.03.2007, 09:17
Ehrenmitglied
Beiträge: 29434 |
#14
ich nehme an, dass du auf seiten gesurft bist , die du besser meiden solltest.
dann hat dein rechner noch nie ein windowsupdates gesehen - keine Ahnung, wie du dich so ins net traust. Massnahmen nach Neuinstallation von Windows http://virus-protect.org/nachneuinst.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2007, 09:19
...neu hier
Themenstarter Beiträge: 10 |
#15
wär es möglich die festplatte mittles anderen pc zu reinigen?
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hab ein problem mit dem antivir er liefert mir die ganze zeit eine virusmeldung :
In der Datei 'C:\WINDOWS\System32\mljjk.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Vundo.AF' [TR/Spy.Vundo.AF] gefunden.
hab keine ahnung wie ich diesen virus wegbekomme
BITTE UM HILFE
So da ich gelesen habe, dass ihr mit diesen Sachen etwas anfangen könnt habe ich sie mal reingegeben
Hoffe auf eine Antwort
LG
Logfile of HijackThis v1.99.1
Scan saved at 15:53:07, on 03.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX01.032\HijackThis.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX14.828\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EAA2C6A-2FBB-4EA9-BCBE-D7995711513A} - C:\WINDOWS\System32\mljjk.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - C:\WINDOWS\System32\jkkjige.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\tgadgetp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programme\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\icyilcyv.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C776C0-4506-4840-A765-AD4FD157FC58}: NameServer = 195.3.96.67 195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD5362B-8369-417F-9181-D1A2A2A7E091}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C776C0-4506-4840-A765-AD4FD157FC58}: NameServer = 195.3.96.67 195.3.96.68
O20 - Winlogon Notify: jkkjige - C:\WINDOWS\SYSTEM32\jkkjige.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\System32\mljjk.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Process Task Manager - Unknown owner - C:\WINDOWS\system32\svhost.exe (file missing)
CleanUp! started on 03/03/07 15:57:52.
...
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\HUN\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\ITA\CHIPITA.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\ITA\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\ITA\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\JPN\CHIPJPN.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\JPN\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\JPN\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\KOR\CHIPKOR.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\KOR\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\KOR\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NLD\CHIPNLD.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NLD\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NLD\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NOR\CHIPNOR.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NOR\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\NOR\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PLK\CHIPPLK.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PLK\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PLK\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTB\CHIPPTB.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTB\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTB\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTG\CHIPPTG.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTG\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\PTG\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\RUS\CHIPRUS.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\RUS\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\RUS\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\SVE\CHIPSVE.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\SVE\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\SVE\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\THA\CHIPTHA.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\THA\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\THA\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\TRK\CHIPTRK.dll - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\TRK\license.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\TRK\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\Lang\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\865.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\865.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\915.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\915.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\915M.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\915M.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\945.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\945.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\945gm.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\945GM.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\dmi_pci.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\dmi_pci.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E7220.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E7220.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\e7230.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E7230.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E7520.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E7520.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E8500.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\E8500.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich5usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich6usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ich7usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ichxdev.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ichXdev.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\infanswr.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich5id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich5id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich6id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich6id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich7id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ich7id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\SP\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2000\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\865.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\865.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\915.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\915.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\915M.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\915M.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\945.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\945.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\945gm.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\945GM.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\dmi_pci.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\dmi_pci.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E7220.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E7220.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\e7230.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E7230.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E7520.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E7520.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E8500.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\E8500.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich5usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich6usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ich7usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ichxdev.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ichXdev.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\infanswr.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich5id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich5id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich6id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich6id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich7id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ich7id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\SP\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\win2003\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\865.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\865.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\915.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\915.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\915M.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\915M.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\945.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\945.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\945gm.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\945GM.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\dmi_pci.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\dmi_pci.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E7220.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E7220.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\e7230.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E7230.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E7520.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E7520.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E8500.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\E8500.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich5usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich6usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7core.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7core.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7ide.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7ide.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7usb.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ich7usb.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ichxdev.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ichXdev.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\INFAnswr.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich5id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich5id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich6id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich6id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich7id2.cat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ich7id2.inf - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\SP\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\XP\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\pft8C~tmp\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\plugtmp\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX01.032\HijackThis.exe currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX09.657\HijackThis.exe - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX09.657\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX14.828\HijackThis.exe currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\spf.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\spf.log - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\quarantine\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\dbevents.log - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\syscatalogs.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\syscolumns.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysindexes.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysinstances.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysprocdql.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysprocedures.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysredo.log - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\systables.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\systemp.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysundo.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\sysxact.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\userredo.log - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\spf\spdir_19.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\spf\spfile_21.dat - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\spf\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\scimoredb\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\signatures\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\spfdata\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\VBE\MSForms.exd - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\VBE\RefEdit.exd - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\VBE\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\WERF.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\WERF.tmp.dir00\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0406.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0407.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0408.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0409.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x040a.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x040c.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0413.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x041d.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\0x0804.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\Setup.INI - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\_ISMSIDEL.INI - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is1\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0406.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0407.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0408.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0409.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x040a.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x040c.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0413.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x041d.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\0x0804.ini - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\Setup.INI - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\_ISMSIDEL.INI - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\_is16\ - deleted
C:\DOKUME~1\Hans\LOKALE~1\Temp\~DF71C5.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Hans\LOKALE~1\Temp\~DFD93F.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX01.032\HijackThis.exe currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\Hans\LOKALE~1\Temp\Rar$EX14.828\HijackThis.exe currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\WINDOWS\IE4 Error Log.txt - deleted
C:\WINDOWS\temp\alcrmv.exe - deleted
C:\WINDOWS\temp\alcupd.exe - deleted
C:\WINDOWS\temp\Alcxau0.inf - deleted
C:\WINDOWS\temp\alcxwdm.cat - deleted
C:\WINDOWS\temp\alcxwdm.sys - deleted
C:\WINDOWS\temp\Alcxwdm0.cat - deleted
C:\WINDOWS\temp\alsndmgr.cpl - deleted
C:\WINDOWS\temp\alsndmgr.wav - deleted
C:\WINDOWS\temp\ChCfg.exe - deleted
C:\WINDOWS\temp\newdev.dll - deleted
C:\WINDOWS\temp\OLD14.tmp - deleted
C:\WINDOWS\temp\OLD17.tmp - deleted
C:\WINDOWS\temp\OLD1A.tmp - deleted
C:\WINDOWS\temp\OLD6.tmp - deleted
C:\WINDOWS\temp\OLDA.tmp - deleted
C:\WINDOWS\temp\OLDE.tmp - deleted
C:\WINDOWS\temp\Perflib_Perfdata_770.dat - deleted
C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat - deleted
C:\WINDOWS\temp\removalfile.bat - deleted
C:\WINDOWS\temp\RtlCPAPI.dll - deleted
C:\WINDOWS\temp\RTLCPL.exe - deleted
C:\WINDOWS\temp\soundman.exe - deleted
C:\WINDOWS\temp\IntelChip\Chipins.log - deleted
C:\WINDOWS\temp\IntelChip\ - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\hans@survey[1].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\hans@www.avira[2].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\system@google[1].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\system@google[2].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\system@toolsinc[1].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\system@toolssystem[1].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Hans\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Hans\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\3DSETUP.EXE-1F69A5B4.pf - deleted
C:\WINDOWS\Prefetch\ACROAUM.EXE-20EEC18B.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\ADBERDR709_EN_US.EXE-1EBB92E2.pf - deleted
C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-2BB88D51.pf - deleted
C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf - deleted
C:\WINDOWS\Prefetch\AUTORUN.EXE-3B89B378.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\E.EXE-23692252.pf - deleted
C:\WINDOWS\Prefetch\EASOINSTALLER.EXE-30FA1B54.pf - deleted
C:\WINDOWS\Prefetch\EFIBU.EXE-0395D33A.pf - deleted
C:\WINDOWS\Prefetch\EKORE.EXE-2D487F78.pf - deleted
C:\WINDOWS\Prefetch\ERASEME_26701.EXE-11965FA1.pf - deleted
C:\WINDOWS\Prefetch\ERASEME_28538.EXE-154560D3.pf - deleted
C:\WINDOWS\Prefetch\EREG.EXE-0BA7E826.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-0DC93B7A.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIFA 07_CODE.EXE-12A03BDF.pf - deleted
C:\WINDOWS\Prefetch\FIFA 07_UNINST.EXE-024BB362.pf - deleted
C:\WINDOWS\Prefetch\FIFA07 DEMO.EXE-1B6D90AB.pf - deleted
C:\WINDOWS\Prefetch\FIFA07.EXE-00DE1532.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\FREECELL.EXE-0CC25C3B.pf - deleted
C:\WINDOWS\Prefetch\FTP.EXE-0FFFB5A3.pf - deleted
C:\WINDOWS\Prefetch\GAME.EXE-007D5DCC.pf - deleted
C:\WINDOWS\Prefetch\GAME.EXE-02E7265E.pf - deleted
C:\WINDOWS\Prefetch\GAME.EXE-0BC0006A.pf - deleted
C:\WINDOWS\Prefetch\GLB2.TMP-2881C9C8.pf - deleted
C:\WINDOWS\Prefetch\GLBF.TMP-18E5E54D.pf - deleted
C:\WINDOWS\Prefetch\GLJ11.TMP-31FAADB0.pf - deleted
C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf - deleted
C:\WINDOWS\Prefetch\GSW32.EXE-1938E879.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
C:\WINDOWS\Prefetch\HELPHOST.EXE-247D2792.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-092EF074.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-2B93D17C.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\INSTAL~1.EXE-24962434.pf - deleted
C:\WINDOWS\Prefetch\INSTAL~2.EXE-15356A0C.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1AA95189.pf - deleted
C:\WINDOWS\Prefetch\JAVACPL.EXE-07AFEEFA.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-376854F9.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-3078CD3C.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSETSS.EXE-065368B4.pf - deleted
C:\WINDOWS\Prefetch\MSHEARTS.EXE-0D7FE295.pf - deleted
C:\WINDOWS\Prefetch\MSIDE.EXE-1856C67F.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\MSOHELP.EXE-1569BB06.pf - deleted
C:\WINDOWS\Prefetch\MSTORDB.EXE-04640A9A.pf - deleted
C:\WINDOWS\Prefetch\NEED FOR SPEED UNDERGROUND 2_-1F9C770C.pf - deleted
C:\WINDOWS\Prefetch\NEED FOR SPEED UNDERGROUND 2_-34BA55D7.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-32314E31.pf - deleted
C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-280EC446.pf - deleted
C:\WINDOWS\Prefetch\NFS UNDERGROUND_CODE.EXE-26971B79.pf - deleted
C:\WINDOWS\Prefetch\NFS UNDERGROUND_UNINST.EXE-261F5506.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\ORF-SKICHALLENGE07-ORF.EXE-0F0F2220.pf - deleted
C:\WINDOWS\Prefetch\ORF-SKICHALLENGE07-ORF.EXE-390278F6.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-14C4968A.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-21C6162B.pf - deleted
C:\WINDOWS\Prefetch\PCCHK.EXE-1DE239BB.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-28A8DBA4.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted
C:\WINDOWS\Prefetch\QUITRE~1.EXE-2BC020E6.pf - deleted
C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RLD-F07K.EXE-0402BBE0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B0A2B17.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B29F75A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2152FF31.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2324820E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AD791B1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-32240B45.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-43F265A3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-46B111D7.pf - deleted
C:\WINDOWS\Prefetch\RUNGAME.EXE-1C5AADE1.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\SET3.TMP-03581290.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-0B82E00D.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-1A2B5A93.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
C:\WINDOWS\Prefetch\SETUP_54527.EXE-1BF92C86.pf - deleted
C:\WINDOWS\Prefetch\SHELEXEC.EXE-0060EB74.pf - deleted
C:\WINDOWS\Prefetch\SHOCKWAVE_INSTALLER_FULL.EXE-27B690B9.pf - deleted
C:\WINDOWS\Prefetch\SHOCKW~1.EXE-009FEAA8.pf - deleted
C:\WINDOWS\Prefetch\SPEED.EXE-08D60F02.pf - deleted
C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf - deleted
C:\WINDOWS\Prefetch\SPOOLCS.EXE-014A0317.pf - deleted
C:\WINDOWS\Prefetch\SSTEXT3D.SCR-17B3B9DD.pf - deleted
C:\WINDOWS\Prefetch\STRONGHOLD.EXE-0AD6ED27.pf - deleted
C:\WINDOWS\Prefetch\SVHOST.EXE-02C570A7.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TFTP.EXE-2FB50BCA.pf - deleted
C:\WINDOWS\Prefetch\TOURSTART.EXE-0D0140ED.pf - deleted
C:\WINDOWS\Prefetch\UEFA EURO 2004_CODE.EXE-02AA48D4.pf - deleted
C:\WINDOWS\Prefetch\UEFA EURO 2004_UNINST.EXE-2B4526C4.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-306C4BBD.pf - deleted
C:\WINDOWS\Prefetch\UPDATER.EXE-316A7697.pf - deleted
C:\WINDOWS\Prefetch\UPDATER.EXE-34B91CB0.pf - deleted
C:\WINDOWS\Prefetch\W32MKDE.EXE-280DF5C1.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf - deleted
C:\WINDOWS\Prefetch\WINMINE.EXE-0A3838A4.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969333.pf - deleted
C:\WINDOWS\Prefetch\WORDPAD.EXE-1EFCC5C1.pf - deleted
C:\WINDOWS\Prefetch\WRITE.EXE-0CF1EFEF.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\~EF7194.TMP-307E89F0.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 250.2 MB of disk space from 4022 files.
CleanUp! finished on 03/03/07 15:58:06.
ComboScan v20070226.18 run by Hans on 2007-03-03 at 16:03:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as Hans.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:05:04, on 03.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Hans\Desktop\comboscan.exe
C:\PROGRA~1\HIJACK~1\Hans.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE4C964-F320-4F4D-8D2E-0584C48196EB} - C:\WINDOWS\System32\mljjk.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - C:\WINDOWS\System32\jkkjige.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\tgadgetp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programme\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\icyilcyv.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C776C0-4506-4840-A765-AD4FD157FC58}: NameServer = 195.3.96.67 195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD5362B-8369-417F-9181-D1A2A2A7E091}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C776C0-4506-4840-A765-AD4FD157FC58}: NameServer = 195.3.96.67 195.3.96.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{11C776C0-4506-4840-A765-AD4FD157FC58}: NameServer = 195.3.96.67 195.3.96.68
O20 - Winlogon Notify: jkkjige - C:\WINDOWS\SYSTEM32\jkkjige.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\System32\mljjk.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Process Task Manager - Unknown owner - C:\WINDOWS\system32\svhost.exe (file missing)
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
2R ACEDRV07 - C:\WINDOWS\system32\drivers\ACEDRV07.sys
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
1R avgntdd - C:\WINDOWS\system32\drivers\avgntdd.sys
0R avgntmgr - C:\WINDOWS\system32\drivers\avgntmgr.sys
0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtnicxp.sys
3S rtl8139 (NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernetadapter) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
2R AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
2R AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
2S mside (Microsoft Sata emulation) - "C:\WINDOWS\system\mside.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
3S ose (Office Source Engine) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
2S Process Task Manager - "C:\WINDOWS\system32\svhost.exe"
3S SCardDrv (Smartcard-Hilfsprogramm) - C:\WINDOWS\System32\SCardSvr.exe
2R uploadmgr (Upload-Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WmdmPmSp (Seriennummer der tragbaren Medien) - C:\WINDOWS\System32\svchost.exe -k netsvcs
-- Files created between 2007-02-03 and 2007-03-03 ------------------------------
2007-03-03 16:04:53 0 d-------- C:\Programme\HijackThis<HIJACK~1>
2007-03-02 00:40:22 0 d---s---- C:\Dokumente und Einstellungen\Hans\UserData
2007-03-02 00:10:47 0 d-------- C:\WINDOWS\System32\appmgmt
2007-03-01 23:57:23 0 d--h---c- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$<$MSI30~1>
2007-02-17 18:39:23 0 d-------- C:\Programme\VSAdd-in
2007-02-17 18:38:55 88340 --a------ C:\WINDOWS\System32\jmvkduto.exe
2007-02-17 18:38:54 487358 ---hs---- C:\WINDOWS\System32\kjjlm.bak2<KJJLM~2.BAK>
2007-02-16 13:06:43 496874 ---hs---- C:\WINDOWS\System32\kjjlm.bak1<KJJLM~1.BAK>
2007-02-16 13:06:30 281652 -----n--- C:\WINDOWS\System32\mljjk.dll
2007-02-14 17:05:29 0 d-------- C:\Programme\Gemeinsame Dateien\DirectX
2007-02-12 17:08:04 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
-- Find3M Report ----------------------------------------------------------------
2007-03-02 01:04:20 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-03-02 00:39:18 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2007-03-02 00:11:43 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-03-02 00:10:46 0 d---s---- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Microsoft<MICROS~1>
2007-02-28 21:23:27 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-02-17 18:39:26 0 d-------- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\SearchToolbarCorp<SEARCH~1>
2007-02-12 17:03:52 0 d-------- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\AdobeUM
2007-02-12 17:03:52 0 d-------- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Adobe
2007-02-02 14:04:35 22029 ---hs---- C:\WINDOWS\System32\urqnkij.dll
2007-02-01 23:51:54 22029 ---hs---- C:\WINDOWS\System32\khfdaay.dll
2007-02-01 23:11:01 22029 ---hs---- C:\WINDOWS\System32\tuvsspp.dll
2007-02-01 20:14:55 22029 ---hs---- C:\WINDOWS\System32\tuvvvtq.dll
2007-01-31 21:31:02 22029 ---hs---- C:\WINDOWS\System32\jkkjkkk.dll
2007-01-31 12:22:59 0 d-------- C:\Programme\EA SPORTS<EASPOR~1>
2007-01-31 10:32:22 22029 ---hs---- C:\WINDOWS\System32\yayxyay.dll
2007-01-30 21:39:03 22029 ---hs---- C:\WINDOWS\System32\khfggef.dll
2007-01-30 18:14:26 22029 ---hs---- C:\WINDOWS\System32\iifghee.dll
2007-01-29 21:56:26 22029 ---hs---- C:\WINDOWS\System32\rqrpnnn.dll
2007-01-29 21:30:39 22029 ---hs---- C:\WINDOWS\System32\qommllj.dll
2007-01-29 21:17:08 22029 ---hs---- C:\WINDOWS\System32\jkkjige.dll
2007-01-20 18:01:36 0 d-------- C:\Programme\Winamp
2007-01-15 15:22:09 0 d-------- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Help
2006-12-22 17:31:23 1152 --a------ C:\WINDOWS\mozver.dat
2006-12-12 20:24:12 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-12 20:19:14 320094 --a------ C:\WINDOWS\System32\perfh007.dat
2006-12-12 20:19:14 49174 --a------ C:\WINDOWS\System32\perfc007.dat
2006-12-12 16:03:45 94636 --a------ C:\WINDOWS\dropcpyr.dll
2006-12-12 16:03:45 73728 --a------ C:\WINDOWS\copyfstq.exe
2006-12-12 15:31:54 0 -rahs---- C:\MSDOS.SYS
2006-12-12 15:31:54 0 -rahs---- C:\IO.SYS
2006-12-12 15:31:54 0 --a------ C:\CONFIG.SYS
2006-12-12 15:31:54 0 --a------ C:\AUTOEXEC.BAT
2006-12-12 15:29:21 21740 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-12 15:21:49 62 --ahs---- C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\desktop.ini
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"Resume copy"="copyfstq.exe /startup"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\System32\\icyilcyv.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{481E7983-1F2B-4250-951A-44E0902DF978}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjige
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-03-03 at 16:05:21 -------------------------
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\WINDOWS\system32
03.03.2007 16:07 498.009 kjjlm.ini
03.03.2007 16:01 21.961 nvapps.xml
03.03.2007 15:39 2.184 wpa.dbl
01.03.2007 19:00 487.358 kjjlm.bak2
01.03.2007 19:00 1.261.488 vycliyci.ini
17.02.2007 18:39 88.340 jmvkduto.exe
16.02.2007 13:06 496.874 kjjlm.bak1
16.02.2007 13:06 281.652 mljjk.dll
02.02.2007 14:04 22.029 urqnkij.dll
01.02.2007 23:51 22.029 khfdaay.dll
01.02.2007 23:11 22.029 tuvsspp.dll
01.02.2007 20:14 22.029 tuvvvtq.dll
31.01.2007 21:31 22.029 jkkjkkk.dll
31.01.2007 10:32 22.029 yayxyay.dll
30.01.2007 21:39 22.029 khfggef.dll
30.01.2007 18:14 22.029 iifghee.dll
29.01.2007 21:56 22.029 rqrpnnn.dll
29.01.2007 21:30 22.029 qommllj.dll
29.01.2007 21:24 58 i
29.01.2007 21:24 0 TFTP3200
29.01.2007 21:17 0 TFTP4016
29.01.2007 21:17 22.029 jkkjige.dll
29.01.2007 21:11 0 TFTP3264
29.01.2007 21:09 0 TFTP2488
29.01.2007 20:18 0 TFTP1892
15.01.2007 20:17 241.536 FNTCACHE.DAT
20.12.2006 15:02 9.132 jupdate-1.5.0_10-b03.log
12.12.2006 20:19 49.174 perfc007.dat
12.12.2006 20:19 40.836 perfc009.dat
12.12.2006 20:19 320.094 perfh007.dat
12.12.2006 20:19 314.508 perfh009.dat
12.12.2006 20:19 724.842 PerfStringBackup.INI
12.12.2006 16:48 8.891 jupdate-1.5.0_09-b03.log
12.12.2006 15:35 25.065 wmpscheme.xml
12.12.2006 15:33 261 $winnt$.inf
12.12.2006 15:31 2.951 CONFIG.NT
12.12.2006 15:31 16.832 amcompat.tlb
12.12.2006 15:31 23.392 nscompat.tlb
12.12.2006 15:30 488 logonui.exe.manifest
12.12.2006 15:30 488 WindowsLogon.manifest
12.12.2006 15:30 749 ncpa.cpl.manifest
12.12.2006 15:30 749 nwc.cpl.manifest
12.12.2006 15:30 749 wuaucpl.cpl.manifest
12.12.2006 15:30 749 sapi.cpl.manifest
12.12.2006 15:30 749 cdplayer.exe.manifest
12.12.2006 15:29 21.740 emptyregdb.dat
12.12.2006 15:27 0 h323log.txt
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\DOKUME~1\Hans\LOKALE~1\Temp
03.03.2007 16:07 289 datFind.zip
03.03.2007 16:06 173 jusched.log
2 Datei(en) 462 Bytes
0 Verzeichnis(se), 15.307.337.728 Bytes frei
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\WINDOWS
03.03.2007 16:01 0 0.log
03.03.2007 16:01 1.864.101 WindowsUpdate.log
03.03.2007 16:01 2.048 bootstat.dat
03.03.2007 16:00 32.610 SchedLgU.Txt
01.03.2007 23:57 56.199 iis6.log
01.03.2007 23:57 17.796 comsetup.log
01.03.2007 23:57 8.985 ntdtcsetup.log
01.03.2007 23:57 12.984 tsoc.log
01.03.2007 23:57 1.355 imsins.log
01.03.2007 23:57 9.238 MSI30-KB884016.log
01.03.2007 23:57 1.128 msgsocm.log
01.03.2007 23:57 15.297 ocgen.log
01.03.2007 23:57 1.277 ocmsn.log
01.03.2007 23:57 17.721 FaxSetup.log
01.03.2007 23:57 571.684 setupapi.log
01.03.2007 23:57 12.028 msmqinst.log
26.02.2007 12:12 3.113 MKDEMSG.LOG
26.02.2007 12:12 3.072 MKDEWE.TRN
26.02.2007 12:12 5.982 EFIBU.INI
24.02.2007 20:00 32 OFCK.INI
31.01.2007 12:22 353.867 DirectX.log
24.01.2007 21:36 155 winamp.ini
22.01.2007 13:40 616 EventSystem.log
15.01.2007 18:23 1.012 Active Setup Log.txt
15.01.2007 18:20 42 wininit.ini
15.01.2007 15:21 1.010 Active Setup Log.BAK
12.01.2007 18:41 2.106 discwriter.log
12.01.2007 18:41 0 OrangeBurn.log
31.12.2006 10:32 69 NeroDigital.ini
26.12.2006 19:58 216 wiadebug.log
26.12.2006 19:48 47 wiaservc.log
22.12.2006 17:31 1.152 mozver.dat
18.12.2006 21:09 2.135 KB842773.log
12.12.2006 20:24 0 nsreg.dat
12.12.2006 16:05 716 Windows Update.log
12.12.2006 16:03 94.636 dropcpyr.dll
12.12.2006 16:03 73.728 copyfstq.exe
12.12.2006 15:47 400 ODBC.INI
12.12.2006 15:47 600 win.ini
12.12.2006 15:35 820 OEWABLog.txt
12.12.2006 15:35 734.617 setuplog.txt
12.12.2006 15:34 8.192 REGLOCS.OLD
12.12.2006 15:34 4.438 imsins.BAK
12.12.2006 15:34 180.213 setupact.log
12.12.2006 15:33 622 setuperr.log
12.12.2006 15:31 0 control.ini
12.12.2006 15:31 299.552 WMSysPrx.prx
12.12.2006 15:31 4.161 ODBCINST.INI
12.12.2006 15:30 749 WindowsShell.Manifest
12.12.2006 15:29 1.060 sessmgr.setup.log
12.12.2006 15:29 36 vb.ini
12.12.2006 15:29 37 vbaddin.ini
12.12.2006 15:29 128 DtcInstall.log
12.12.2006 15:25 231 system.ini
12.12.2006 15:24 2.014 regopt.log
12.12.2006 15:24 0 Sti_Trace.log
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\WINDOWS\Temp
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\WINDOWS\Downloaded Program Files
12.12.2006 15:30 65 desktop.ini
1 Datei(en) 65 Bytes
0 Verzeichnis(se), 15.307.395.072 Bytes frei
Datentr„ger in Laufwerk C: ist Windoof
Volumeseriennummer: 70B6-4535
Verzeichnis von C:\
03.03.2007 16:07 0 sys.txt
03.03.2007 16:07 290 down.txt
03.03.2007 16:07 111 tmp.txt
03.03.2007 16:07 4.750 system.txt
03.03.2007 16:07 334 systemtemp.txt
03.03.2007 16:07 93.609 system32.txt
03.03.2007 16:01 805.306.368 pagefile.sys
SDFix: Version 1.69
Run by Hans - 03.03.2007 @ 17:22:31,50
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
mside
Process Task Manager
Path:
"C:\WINDOWS\system\mside.exe"
"C:\WINDOWS\system32\svhost.exe"
mside Deleted
Process Task Manager Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\Dokumente und Einstellungen\Hans\Anwendungsdaten\Microsoft\Word\~WRL2683.tmp
Add/Remove Programs List:
Avira AntiVir PersonalEdition Classic
CleanUp!
EU FIBU
HijackThis 1.99.1
Cobra 11 - Nitro
Mozilla Firefox (2.0.0.2)
Nero 6 Ultra Edition
NVIDIA Drivers
Shockwave
Spybot - Search & Destroy 1.4
Winamp (remove only)
WinRAR archiver
Cobra 11 - Nitro
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Macromedia Flash MX
DAEMON Tools
FIFA 07
VSAdd-in for Internet Explorer
Microsoft Office Professional Edition 2003
REALTEK Gigabit and Fast Ethernet NIC Driver
TuneUp Utilities 2003
FIFA 07 Demo
NFS Underground
Adobe Reader 7.0.9
Realtek AC'97 Audio
Finished