Wie entfernt man SDBot-RT?

#0
28.03.2007, 00:37
...neu hier

Beiträge: 7
#1 Hallo,
ich habe über diverse Virenscanner herausgefunden, dass ich SDBot-RT auf meinem Computer habe, aber leider kann ich ihn nicht entfernen. Ich muss wohl irgendwie c:\windows\system32\starter.exe entfernen. Das Problem ist, dass ich die starter.exe nicht finden kann, auch nicht, wenn ich mir die versteckten Dateien anzeigen lasse... Es laufen auch nicht alle Virenprogramme, da der Wurm die wohl beeinfluss.

Ich weiß nicht, ob es weiterhilft, aber ich hänge mal mein Logfile an:

Logfile of HijackThis v1.99.1
Scan saved at 22:18:14, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Rar$EX08.203\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpac.cf.ac.uk/resicache.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [starter] c:\windows\system32\starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareBot] C:\Programme\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Das Hauptproblem ist, dass ich diese starter.exe einfach nicht finde, obwohl sie mir bei Virenscans angezeigt wird...

Vielen Dank für eure Hilfe schon mal im Voraus!
Seitenanfang Seitenende
28.03.2007, 09:28
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 D Bidell

1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.03.2007, 16:01
...neu hier

Themenstarter

Beiträge: 7
#3 Danke für die schnelle Antwort!

Bei Combofix kam folgende Fehlermeldung:

1 Datei(en) kopiert.
1 Datei(en) kopiert.

Error: Key: software\microsoft\windows\currentversion\policies\system does not exist!

C:\DOKUME~1\NETWOR~1\ANWEND~1
Aktive Codepage: 437.

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

Error: Key: software\microsoft\windows\currentversion\uninstall\webnexus does not exist!

FINDSTR: Zeile 3647 ist zu lang.
FINDSTR: Zeile 7066 ist zu lang.

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

Error: Key: software\winpcap does not exist!

Das System kann die angegebene Datei nicht finden.
Das System kann die angegebene Datei nicht finden.
C:\Dokumente und Einstellungen\-83f1~1.url konnte nicht gefunden werden
1 Datei(en) kopiert.


Hier das erstellte log (leider stimmt das Datum nicht, auch wenn ich es an meinem Computer richtig eingestellt habe. 3.01.08 ist dann 27.03.07...):

"Daniela" - 08-01-04 13:11:22 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Dokumente und Einstellungen\Daniela\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))


2008-01-03 22:48 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-03 21:32 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Bitdefender
2008-01-03 21:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\BitDefender
2008-01-03 19:35 <DIR> d-------- C:\Autoruns
2008-01-03 19:27 1,048,576 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT
2008-01-03 19:27 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen
2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten
2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien
2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen
2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung
2008-01-03 19:27 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Symantec
2008-01-03 18:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 18:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2008-01-03 17:54 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\SpywareBot
2008-01-02 22:46 <DIR> d-------- C:\DOKUME~1\Daniela\DoctorWeb
2008-01-02 18:21 <DIR> d-------- C:\WINDOWS\Sun
2008-01-02 18:21 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Sun
2007-12-31 18:43 <DIR> d-------- C:\Programme\Real
2007-12-31 18:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-12-31 18:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-12-31 18:41 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Real
2007-12-31 18:30 <DIR> d-------- C:\Meine Downloads
2007-12-30 15:56 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
2007-12-29 13:29 <DIR> d-------- C:\Programme\Google
2007-12-29 13:29 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Google


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-01-04 13:08 48552 --a------ C:\WINDOWS\system32\perfc007.dat
2008-01-04 13:08 317168 --a------ C:\WINDOWS\system32\perfh007.dat
2007-12-29 13:28 -------- d-------- C:\Programme\java


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"starter"="c:\\windows\\system32\\starter.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"farstone"=""
"RestoreIT!"="\"C:\\Programme\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"
"MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
"AVStation Premium 3.75"="C:\\Programme\\Samsung\\AVStation Premium 3.75\\AVSAgent.exe"
"DisplayManager"="C:\\Programme\\Samsung\\DisplayManager\\DMLoader.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ReslanSelfReg"=""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot"
"BDMCon"="\"C:\\Programme\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Programme\\Softwin\\BitDefender10\\bdagent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\install.bat


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1158009444.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\WebReg 20071230231808.job


********************************************************************



zu 2:

CleanUp! started on 01/04/08 13:25:25.
...
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso242.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso242.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso243.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso243.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso244.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso251.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso252.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso253.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso261.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso262.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso263.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso271.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso272.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso273.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso273.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso274.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso280.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso290.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso290.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso291.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso291.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso292.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso292.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso294.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso29F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso29F.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2A0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2AF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B1.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B2.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2BF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C1.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C2.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CE.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2D0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2D1.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2DE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2DE.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2E.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2EE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2EF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F1.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F2.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FD.DOC - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FD.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FE.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30E.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30F.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso310.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31C.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31E.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32C.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34B.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34B.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35B.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso36B.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso36C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso37A.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso37A.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso38A.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso399.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso39A.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3A9.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3A9.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AD.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B9.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B9.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BD.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C8.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C8.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C9.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3D8.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3D9.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3E.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3F.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso40.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso40.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso41.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso50.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso60.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso61.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso62.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso67.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso68.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso68.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso69.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso69.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8C.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso90.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9C.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9C.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9D.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9D.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9E.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9E.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9F.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA0.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA1.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA2.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA4.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA5.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA6.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA7.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAB.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAC.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoB.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoB0.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBB.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBC.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoC.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCB.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCD.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoD.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDA.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDD.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE3.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE4.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoED.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFA.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFA.wmf - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFB.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFC.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFD.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFE.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFF.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Norton AntiVirus 2005 9-20-2006 2h2m41s.log - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\offcln9.log - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Office 2000 Professional Setup (0002).txt - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Office 2000 Professional Setup (0002)_MsiExec.txt - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Outlook Startup.BAK - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Outlook Startup.Log - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Perflib_Perfdata_a7c.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\setup_wm.exe - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Sophos Anti-Virus CustomActions Log.txt - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\SSALiveUpdate.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\symcprop.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\SymSCLiveUpdate.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\TWAIN.LOG - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twain001.Mtx - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twunk001.MTX - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twunk002.MTX - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\wecerr.txt - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1906.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1BAC.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1BAF.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF2675.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF2C06.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF32C7.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF3716.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF38AF.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF395D.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF3CDB.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4719.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4863.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4E05.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4EBB.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF5C51.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF5F82.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF65AE.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF6C8.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF8111.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF83E1.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF8849.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF9EE8.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA670.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA944.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA95F.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA97A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA995.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFAC22.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFACB8.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFAD43.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFB10A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFB78B.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFBC60.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFBDA6.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFC3C9.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFC46A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCA77.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCAC0.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCD0D.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD16.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD3B8.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD86A.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD91F.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFDD52.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFE47D.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFF23B.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRC0000.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRC3506.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0000.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0001.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0002.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0003.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0004.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0005.doc - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0005.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD3866.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0000.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0001.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0002.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0003.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0004.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0636.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0000.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0001.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0002.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0004.tmp - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\setuphook.dll - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\compatibility.ini - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\compreg.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\prefs.js - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\XPC.mfl - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\xpti.dat - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\IXP000.TMP\Setup.Exe - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\MARQUEELib.exd - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\MSForms.exd - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~rnsetup\pncrt.dll - deleted
C:\DOKUME~1\Daniela\LOKALE~1\Temp\~rnsetup\pnrs3260.dll - deleted
C:\WINDOWS\temp\hpzcoi00.log - deleted
C:\WINDOWS\temp\hpzcoi01.log - deleted
C:\WINDOWS\temp\hpzcoi02.log - deleted
C:\WINDOWS\temp\hpzcoi03.log - deleted
C:\WINDOWS\temp\hpzcoi04.log - deleted
C:\WINDOWS\temp\hpzcoi05.log - deleted
C:\WINDOWS\temp\hpzcoi06.log - deleted
C:\WINDOWS\temp\hpzcoi07.log - deleted
C:\WINDOWS\temp\hpzcoi08.log - deleted
C:\WINDOWS\temp\hpzcoi09.log - deleted
C:\WINDOWS\temp\Sophos Anti-Virus CustomActions Log.txt - deleted
C:\WINDOWS\temp\Sophos Anti-Virus install log.txt - deleted
C:\WINDOWS\temp\Sophos Anti-Virus Uninstall log.txt - deleted
C:\WINDOWS\temp\Sophos AutoUpdate install log.txt - deleted
C:\WINDOWS\temp\Thumbs.db - deleted
C:\WINDOWS\temp\Cookies\index.dat - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\temp\tmp00000c95\tmp00000000 - deleted
C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Daniela\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Daniela\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0ABDA372.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-3AD69296.pf - deleted
C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-123A1126.pf - deleted
C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf - deleted
C:\WINDOWS\Prefetch\ALMON.EXE-28D3E905.pf - deleted
C:\WINDOWS\Prefetch\ALSVC.EXE-271466C1.pf - deleted
C:\WINDOWS\Prefetch\ALUPDATE.EXE-3A543EEB.pf - deleted
C:\WINDOWS\Prefetch\AUTODL%3FBUNDLEID=11026_B197D-2F23AED5.pf - deleted
C:\WINDOWS\Prefetch\AVSAGENT.EXE-17248AEF.pf - deleted
C:\WINDOWS\Prefetch\BATTERYMANAGER.EXE-168A0E76.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf - deleted
C:\WINDOWS\Prefetch\DEFENC.EXE-00FF0189.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
C:\WINDOWS\Prefetch\DISPLAYMANAGER.EXE-341EEE0E.pf - deleted
C:\WINDOWS\Prefetch\DMLOADER.EXE-1C3A57B5.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-050F3EE5.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX SETUP 2.0.EXE-30F812B2.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf - deleted
C:\WINDOWS\Prefetch\FIREFOXGOOGLETOOLBARSETUP[1].-092895BC.pf - deleted
C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-06F6E328.pf - deleted
C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-2C9098C6.pf - deleted
C:\WINDOWS\Prefetch\GTB2K1031.EXE-213649C3.pf - deleted
C:\WINDOWS\Prefetch\GUS3.TMP-1C65D8BD.pf - deleted
C:\WINDOWS\Prefetch\HDASHCUT.EXE-2D2D5319.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted
C:\WINDOWS\Prefetch\HPOD.EXE-0BADB11C.pf - deleted
C:\WINDOWS\Prefetch\HPODLOG.EXE-0745C37F.pf - deleted
C:\WINDOWS\Prefetch\HPOEVM08.EXE-2C1E7315.pf - deleted
C:\WINDOWS\Prefetch\HPOHMR08.EXE-30701F6B.pf - deleted
C:\WINDOWS\Prefetch\HPOSTS08.EXE-024F9212.pf - deleted
C:\WINDOWS\Prefetch\HPOTDD01.EXE-20272A01.pf - deleted
C:\WINDOWS\Prefetch\HPQFRU07.EXE-0F2CC257.pf - deleted
C:\WINDOWS\Prefetch\HPQFRUCL.EXE-265D7627.pf - deleted
C:\WINDOWS\Prefetch\HPQWRG.EXE-22B12482.pf - deleted
C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf - deleted
C:\WINDOWS\Prefetch\HPZSTC07.EXE-15B07549.pf - deleted
C:\WINDOWS\Prefetch\ICQFILEXFER.EXE-16F6CA6F.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-01822910.pf - deleted
C:\WINDOWS\Prefetch\IEDW.EXE-062D8B1C.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-360BBB5C.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\INITOREG.EXE-01E82A0C.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-301DE7C6.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-2D38EF8E.pf - deleted
C:\WINDOWS\Prefetch\JAVAW.EXE-2F20B7E6.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-0B8B0317.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHER.EXE-26EADD35.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted
C:\WINDOWS\Prefetch\MAGICKBD.EXE-10E274B8.pf - deleted
C:\WINDOWS\Prefetch\MAKEADHOC.EXE-38CD462C.pf - deleted
C:\WINDOWS\Prefetch\MERGEDT.EXE-0B549972.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-2E3AC8DB.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-1D037CD3.pf - deleted
C:\WINDOWS\Prefetch\MSPAINT.EXE-146E0237.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-2C2D3760.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf - deleted
C:\WINDOWS\Prefetch\OFFPROV.EXE-0528779A.pf - deleted
C:\WINDOWS\Prefetch\OSA9.EXE-19470A70.pf - deleted
C:\WINDOWS\Prefetch\PATCHJRE.EXE-14C5D64B.pf - deleted
C:\WINDOWS\Prefetch\PDVDSERV.EXE-19072CB6.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-040FDD06.pf - deleted
C:\WINDOWS\Prefetch\PREMKBD.EXE-30349FA6.pf - deleted
C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0492F88B.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-03CE29F7.pf - deleted
C:\WINDOWS\Prefetch\REALPLAYER10-5GOLD_DE.EXE-1E688177.pf - deleted
C:\WINDOWS\Prefetch\REALPLAYER10-5GOLD_DE[1].EXE-2F127ABD.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY_MOUNTPOINTS.EXE-24100CD5.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0C8249C8.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted
C:\WINDOWS\Prefetch\REGTOINI.EXE-0FCDE46A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B866543.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C98A3C8.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-419F288A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-53A0F489.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-54023F1C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5ACE91DC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5DC26967.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6550671A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-673A7453.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-68FAE794.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-7310CA94.pf - deleted
C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf - deleted
C:\WINDOWS\Prefetch\SAVADMINSERVICE.EXE-369A6745.pf - deleted
C:\WINDOWS\Prefetch\SAVMAIN.EXE-2B7A524A.pf - deleted
C:\WINDOWS\Prefetch\SAVPROGRESS.EXE-176321D8.pf - deleted
C:\WINDOWS\Prefetch\SAVSERVICE.EXE-1D410D0B.pf - deleted
C:\WINDOWS\Prefetch\SETREG.EXE-0CEE614B.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-00B952E2.pf - deleted
C:\WINDOWS\Prefetch\SETUP_WM.EXE-0480CABE.pf - deleted
C:\WINDOWS\Prefetch\SETUP_WM.EXE-21CBB822.pf - deleted
C:\WINDOWS\Prefetch\SKYPESETUP[1].EXE-2E0AA032.pf - deleted
C:\WINDOWS\Prefetch\SLUTRAYNOTIFIER.EXE-01978F3C.pf - deleted
C:\WINDOWS\Prefetch\SMAX4.EXE-2353CE07.pf - deleted
C:\WINDOWS\Prefetch\SMAX4PNP.EXE-0AFDE2F0.pf - deleted
C:\WINDOWS\Prefetch\SSMYPICS.SCR-2B33A3BB.pf - deleted
C:\WINDOWS\Prefetch\SWG4.TMP-05270772.pf - deleted
C:\WINDOWS\Prefetch\SYNTPENH.EXE-33F656F5.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
C:\WINDOWS\Prefetch\UNPACK200.EXE-277D5B83.pf - deleted
C:\WINDOWS\Prefetch\UNREGMP2.EXE-0CFB0619.pf - deleted
C:\WINDOWS\Prefetch\VBPTASK.EXE-3521F25A.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-39A7680E.pf - deleted
C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\WMPAU.EXE-02825467.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735AB.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735B1.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735B5.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\ZIPPER.EXE-2DD3C3D4.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 429.6 MB of disk space from 2549 files.
CleanUp! finished on 01/04/08 13:25:28.

Da dies empfohlen wurde, habe ich den CleanUp erstmal nur zur Probe durchlaufen lassen und die Dateien noch nicht gelöscht. Werden dadurch alle meine Dokumente gelöscht und sollte ich vorher Sicherheitskopien anlegen? Es sollen auch ziemlich viele Dokumente aus dem Windows-Ordner gelöscht werden. Ist das in Ordnung so oder sollte ich einige Dateien davon nicht löschen?

zu 3:


Verzeichnis von C:\WINDOWS\system32

08-01-04 14:08 311,938 perfh009.dat
08-01-04 14:08 40,326 perfc009.dat
08-01-04 14:08 317,168 perfh007.dat
08-01-04 14:08 48,552 perfc007.dat
08-01-04 14:08 723,568 PerfStringBackup.INI
08-01-04 14:04 45,378 nvapps.xml
08-01-04 10:37 81,984 bdod.bin
07-12-31 19:43 185,952 rmoc3260.dll
07-12-31 19:43 5,632 pndx5032.dll
07-12-31 19:43 6,656 pndx5016.dll
07-12-31 19:43 278,528 pncrt.dll
07-12-29 14:28 9,857 jupdate-1.5.0_11-b03.log
06-12-15 04:09 127,078 javaws.exe
06-12-15 04:09 49,265 jpicpl32.cpl
06-12-15 02:31 53,346 javaw.exe
06-12-15 02:30 49,248 java.exe
06-11-16 07:20 10,474,920 MRT.exe
06-11-04 15:14 1,245,696 msxml4.dll


Verzeichnis von C:\DOKUME~1\Daniela\LOKALE~1\Temp

08-01-04 14:29 57,856 ~WRS0003.tmp
08-01-04 14:29 512 ~DFCE3F.tmp
08-01-04 14:09 81,688 jusched.log
08-01-04 14:04 0 JET784C.tmp
08-01-03 22:28 1,658 1199391697.log
08-01-03 22:20 8,954 live.ini
08-01-03 22:02 16,384 ~DFD86A.tmp
08-01-03 22:02 16,384 ~DFD3B8.tmp
08-01-03 21:55 59,096 Sophos Anti-Virus CustomActions Log.txt
08-01-03 21:53 16,384 Perflib_Perfdata_a7c.dat
08-01-03 21:44 19,712,000 1b7888.msi
08-01-03 21:24 16,384 ~DFA95F.tmp
08-01-03 21:24 16,384 ~DFA944.tmp
08-01-03 21:24 16,384 ~DFA97A.tmp
08-01-03 21:24 16,384 ~DFA995.tmp
08-01-03 21:15 16,384 ~DF4719.tmp
08-01-03 21:15 16,384 ~DF395D.tmp
08-01-03 19:05 16,384 ~DF8849.tmp
08-01-03 19:05 16,384 ~DF8111.tmp
08-01-03 18:55 65,536 ~DF1BAC.tmp
08-01-03 18:45 0 h2rA.tmp
08-01-03 18:43 633,344 ~WRD3866.tmp
08-01-03 10:34 797,676 IMT7.xml
08-01-03 10:34 426 IMT6.xml
08-01-03 10:34 2,036 IMT5.xml
08-01-02 19:34 16,384 ~DF1BAF.tmp
08-01-02 19:21 792 java_install_reg.log
07-12-31 19:30 75,080 InfoWindow.dll
07-12-31 13:53 0 flaAB.tmp
07-12-31 13:52 0 flaA6.tmp
07-12-30 22:36 0 flaE6.tmp
07-12-30 22:07 0 flaE5.tmp
07-12-30 20:06 0 flaD9.tmp
07-12-30 20:06 0 flaD8.tmp
07-12-30 20:04 0 flaD7.tmp
07-12-30 16:56 1,224,348 gtb2.tmp.cab
07-12-30 16:56 0 gtb2.tmp
07-12-29 14:33 1,052,672 gtb40.tmp.cab
07-12-29 14:33 0 gtb40.tmp
07-12-29 14:33 797,676 IMT3F.xml
07-12-29 14:33 426 IMT3E.xml
07-12-29 14:33 2,036 IMT3D.xml
07-12-29 14:28 0 java_install.log
07-12-29 14:26 1,156 jinstall.cfg


Verzeichnis von C:\WINDOWS

08-01-04 14:16 1,452,238 WindowsUpdate.log
08-01-04 14:04 0 0.log
08-01-04 14:04 159 wiadebug.log
08-01-04 14:04 50 wiaservc.log
08-01-04 14:04 2,048 bootstat.dat
08-01-04 11:02 417,388 ntbtlog.txt
08-01-04 10:37 32,618 SchedLgU.Txt
08-01-03 22:15 758 win.ini
08-01-03 19:26 644,034 setupapi.log
07-12-31 19:12 69 NeroDigital.ini



Verzeichnis von C:\WINDOWS\Temp

08-01-03 16:57 4,108 Sophos Anti-Virus install log.txt
08-01-03 16:57 8,441,854 Sophos Anti-Virus CustomActions Log.t



Verzeichnis von C:\WINDOWS\Downloaded Program Files




Verzeichnis von C:\

08-01-04 14:04 73 cj.ini
08-01-04 14:03 1,071,828,992 hiberfil.sys
08-01-04 14:03 1,610,612,736 pagefile.sys

Ich hoffe, ihr könnt damit etwas anfangen... Auf jeden Fall vielen Dank für die Hilfe!
Dieser Beitrag wurde am 28.03.2007 um 21:41 Uhr von D Bidell editiert.
Seitenanfang Seitenende
29.03.2007, 11:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ««
öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [starter] c:\windows\system32\starter.exe
»»
scanne mit kaspersky und poste den scanrpeort
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.03.2007, 18:37
...neu hier

Themenstarter

Beiträge: 7
#5 Hallo Sabina,

vielen Dank für deine Hilfe! Also der SDBot-RT ist jetzt nicht mehr auf meinem Rechner.

Leider hab ich nicht ganz verstanden, was du bei Kaspersky mit dem Scanreport meinst. Also ich hab sowohl den Online-Scan als auch die 30-Tage-Testversion durchlaufen lassen und beide haben nichts mehr gefunden...

Danach hab ich auch nochmal XoftSpySE durchlaufen lassen, mit dem ich den SDBot gefunden hatte und festgestellt, dass der zwar jetzt weg ist, ich aber zwei neue Viren auf meinem Computer hab, wobei ich nicht weiß, wie ich die finden kann, da ich die Pfadangaben nicht kenne. Der Befund war:

Vendor: Best Offers Smiley Source

Type: Registry Key

Object: typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\0\win32



typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\helpdir


Hab wohl gleich zwei davon auf dem Rechner...

Häng deshalb nochmal mein neues Logfile and, vielleicht kannst du daran erkennen, welche Einträge das sind:

Logfile of HijackThis v1.99.1
Scan saved at 17:02, on 07-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\XoftSpySE\XoftSpy.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Rar$EX00.719\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardiff.ac.uk/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardiff.ac.uk/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpac.cf.ac.uk/resicache.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareBot] C:\Programme\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe


ComboFix Log:


"Daniela" - 07-03-29 17:43:04 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Dokumente und Einstellungen\Daniela\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 ))))))))))))))))))))))))))))))))))


2007-03-29 16:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
2007-03-29 15:30 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-03-29 15:30 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-03-29 15:30 7,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-29 15:30 1,347,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-29 15:30 <DIR> d-------- C:\Programme\Kaspersky Lab
2007-03-29 15:30 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Kaspersky Lab
2007-03-29 15:23 <DIR> d-------- C:\kav
2007-03-29 14:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-03-28 20:07 <DIR> d-------- C:\Programme\XoftSpySE
2007-03-09 19:58 25,734 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-03-09 19:52 200,768 --a------ C:\WINDOWS\system32\klogon.dll
2007-03-03 20:39 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-29 16:43 48552 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-29 16:43 317168 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-28 19:49 81984 --a------ C:\WINDOWS\system32\bdod.bin


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"farstone"=""
"RestoreIT!"="\"C:\\Programme\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"
"MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
"AVStation Premium 3.75"="C:\\Programme\\Samsung\\AVStation Premium 3.75\\AVSAgent.exe"
"DisplayManager"="C:\\Programme\\Samsung\\DisplayManager\\DMLoader.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ReslanSelfReg"=""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot"
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\install.bat


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1158009444.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\WebReg 20071230231808.job
C:\WINDOWS\tasks\XoftSpySE.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-29 17:49:44



Die logs von datfindbat (leider stimmt das Datum teilweise immer noch nicht, weiß wirklich nicht, warum...):

Verzeichnis von C:\WINDOWS\system32

31.12.2007 19:43 185.952 rmoc3260.dll
31.12.2007 19:43 5.632 pndx5032.dll
31.12.2007 19:43 6.656 pndx5016.dll
31.12.2007 19:43 278.528 pncrt.dll
29.12.2007 14:28 9.857 jupdate-1.5.0_11-b03.log



Verzeichnis von C:\DOKUME~1\Daniela\LOKALE~1\Temp

29.03.2007 17:55 512 ~DF9BCF.tmp
29.03.2007 16:38 0 JET8F9D.tmp



Verzeichnis von C:\WINDOWS

31.12.2007 19:12 69 NeroDigital.ini



Verzeichnis von C:\

29.03.2007 17:57 0 sys.txt
29.03.2007 17:57 880 down.txt
29.03.2007 17:57 117 tmp.txt
29.03.2007 17:56 8.950 system.txt
29.03.2007 17:55 344 systemtemp.txt
29.03.2007 17:54 95.494 system32.txt
29.03.2007 17:49 5.575 ComboFix.txt
29.03.2007 16:38 73 cj.ini
29.03.2007 16:38 1.071.828.992 hiberfil.sys
29.03.2007 16:38 1.610.612.736 pagefile.sys
Dieser Beitrag wurde am 29.03.2007 um 19:30 Uhr von D Bidell editiert.
Seitenanfang Seitenende
29.03.2007, 21:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 ««
SpywareBot
Fakeprogramm, welches den Rechner zerstoert....
http://virus-protect.org/artikel/spyware/spywarebot.html

--------------------------

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

SpywareBot

in edit und klicke "Ok".
Notepad wird sich oeffnen - kopiere ab, was erscheint

------------------------------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot

Files to delete:
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

Folders to delete:
C:\Programme\SpywareBot
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.03.2007, 22:39
...neu hier

Themenstarter

Beiträge: 7
#7 Hier das Ergebnis von Registry Search:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 29.03.2007 21:23:57 for strings:
; 'spywarebot'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareBot]

[HKEY_CURRENT_USER\Software\SpywareBot]

[HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot]

[HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\RegInfo]

[HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\Settings]

; End Of The Log...



Mir wird auch immer noch angezeigt, dass ich "Best Offers Smiley Source" auf meinem Computer hätte.
Seitenanfang Seitenende
30.03.2007, 13:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 D Bidell

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareBot]

[-HKEY_CURRENT_USER\Software\SpywareBot]

[-HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot]

[-HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\RegInfo]

[-HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\Settings]
----------------------------------------------------------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot

Files to delete:
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

Folders to delete:
C:\Programme\SpywareBot
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

------------

scanne, lasse alles mit remove loeschen und poste den scanreport
http://virus-protect.org/counterspy1.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.03.2007, 18:18
...neu hier

Themenstarter

Beiträge: 7
#9 Hallo Sabina,

ich habe das mit dem fixme.reg zwar so gemacht wie angegeben, aber mir wird Folgendes angezeigt, wenn ich es der Registry beifügen will:

C:\Dokumente und Einstellungen\Daniela\Desktop\fixme.reg kann nicht importiert werden. Die angegebene Datei ist keine Registrierungsdatei. Registrierungsdateien können nur innerhalb des Registrierungs-Editors importiert werden.

Hab ich da vielleicht doch irgendwas falsch gemacht?


Bei Avenger kam:

Fatal error: could not create a new script file
Error code: 0
Error logged to errorlog.txt. Aborting now!

Das lag vielleicht daran, dass ich die Dateien schon gelöscht hatte...


Counterspy:

Scan History Details
Start Date: 30.03.2007 16:04:09
End Date: 30.03.2007 17:01:22
Total Time: 57 Min 13 Sec
Detected security risks

Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\daniela\cookies\daniela@com[1].txt



Ich habe mittlerweile auf verschiedenen Internetseiten gelesen, dass Leute, die Kaspersky installiert haben (wie ich im Moment), von XoftSpySE "Best Offers Smiley Source" angezeigt bekommen und wenn sie Kaspersky deinstallieren, ist es weg (bei erneuter Installation ist es dann wieder drauf). Da andere Virenprogramme den Virus nicht finden, denke ich, dass das eine Fehlmeldung von XoftSpySE ist und der Virus gar nicht auf meinem Rechner ist. Bei mir treten die Begleiterscheinungen des Virus wie Pop-Up Fenster auch nicht auf.

Ist mit meinem Rechner dann wieder alles ok?

Vielen Dank auf jeden Fall für die schnelle und kompetente Hilfe! Als ich den SDBot löschen konnte, war ich wirklich sehr erleichtert ;)
Dieser Beitrag wurde am 30.03.2007 um 18:27 Uhr von D Bidell editiert.
Seitenanfang Seitenende
30.03.2007, 18:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 gehe in die registry
Start - Ausfuehren - regedit

oben links - bearbeiten - suchen - SpywareBot

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareBot - loeschen

HKEY_CURRENT_USER\Software\SpywareBot - loeschen

PC neustarten
---------------------------------------------------------------

»»
hast du das avengerscript angewendet ???
XoftSpySE - deinstalliere - ist anscheinend nicht ganz koscher.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.03.2007, 19:06
...neu hier

Themenstarter

Beiträge: 7
#11 Hallo,

ich hab das mit dem fixme.reg nochmal wiederholt und diesmal ging es (auch mit dem Avenger). Aber ich habe wirklich nichts anders gemacht als beim erstem Mal (??) Ich hab Avenger so angewendet, wie du mir geschrieben hast...

Der Report von Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nvibgvkd

*******************

Script file located at: \??\C:\WINDOWS\gacmkibu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job not found!
Deletion of file C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job failed!

Could not process line:
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
Status: 0xc0000034



Folder C:\Programme\SpywareBot not found!
Deletion of folder C:\Programme\SpywareBot failed!

Could not process line:
C:\Programme\SpywareBot
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Denke, dass Avenger die Sachen nicht mehr gefunden hat, da ich sie ja schon mal gelöscht hatte.
Bin auch nochmal in die Registry, aber es wurden keine Dateien von SpywareBot mehr gefunden.
Sonst war aber nichts Verdächtiges mehr auf meinem PC?
Dieser Beitrag wurde am 30.03.2007 um 19:23 Uhr von D Bidell editiert.
Seitenanfang Seitenende
30.03.2007, 20:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 es muesste wieder alles i.o. sein ;)
wenn es noch Probleme gibt - melde dich.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.03.2007, 20:46
...neu hier

Themenstarter

Beiträge: 7
#13 OK, super! Nochmal vielen Dank an dieser Stelle! ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: