Wie entfernt man SDBot-RT? |
||
---|---|---|
#0
| ||
28.03.2007, 00:37
...neu hier
Beiträge: 7 |
||
|
||
28.03.2007, 09:28
Ehrenmitglied
Beiträge: 29434 |
#2
D Bidell
1. poste dieses log http://virus-protect.org/artikel/tools/combofix.html 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.03.2007, 16:01
...neu hier
Themenstarter Beiträge: 7 |
#3
Danke für die schnelle Antwort!
Bei Combofix kam folgende Fehlermeldung: 1 Datei(en) kopiert. 1 Datei(en) kopiert. Error: Key: software\microsoft\windows\currentversion\policies\system does not exist! C:\DOKUME~1\NETWOR~1\ANWEND~1 Aktive Codepage: 437. SteelWerX Registry Console Tool 2.0 Written by Bobbi Flekman 2006 (C) Error: Key: software\microsoft\windows\currentversion\uninstall\webnexus does not exist! FINDSTR: Zeile 3647 ist zu lang. FINDSTR: Zeile 7066 ist zu lang. SteelWerX Registry Console Tool 2.0 Written by Bobbi Flekman 2006 (C) Error: Key: software\winpcap does not exist! Das System kann die angegebene Datei nicht finden. Das System kann die angegebene Datei nicht finden. C:\Dokumente und Einstellungen\-83f1~1.url konnte nicht gefunden werden 1 Datei(en) kopiert. Hier das erstellte log (leider stimmt das Datum nicht, auch wenn ich es an meinem Computer richtig eingestellt habe. 3.01.08 ist dann 27.03.07...): "Daniela" - 08-01-04 13:11:22 Service Pack 2 ComboFix 07-03-27.4 - Running from: "C:\Dokumente und Einstellungen\Daniela\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))))) 2008-01-03 22:48 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-01-03 21:32 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Bitdefender 2008-01-03 21:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\BitDefender 2008-01-03 19:35 <DIR> d-------- C:\Autoruns 2008-01-03 19:27 1,048,576 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT 2008-01-03 19:27 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen 2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten 2008-01-03 19:27 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien 2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2008-01-03 19:27 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2008-01-03 19:27 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Symantec 2008-01-03 18:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-03 18:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2008-01-03 17:54 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\SpywareBot 2008-01-02 22:46 <DIR> d-------- C:\DOKUME~1\Daniela\DoctorWeb 2008-01-02 18:21 <DIR> d-------- C:\WINDOWS\Sun 2008-01-02 18:21 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Sun 2007-12-31 18:43 <DIR> d-------- C:\Programme\Real 2007-12-31 18:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared 2007-12-31 18:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real 2007-12-31 18:41 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Real 2007-12-31 18:30 <DIR> d-------- C:\Meine Downloads 2007-12-30 15:56 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google 2007-12-29 13:29 <DIR> d-------- C:\Programme\Google 2007-12-29 13:29 <DIR> d-------- C:\DOKUME~1\Daniela\ANWEND~1\Google (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-04 13:08 48552 --a------ C:\WINDOWS\system32\perfc007.dat 2008-01-04 13:08 317168 --a------ C:\WINDOWS\system32\perfh007.dat 2007-12-29 13:28 -------- d-------- C:\Programme\java (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "starter"="c:\\windows\\system32\\starter.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" "SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe" "SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "AGRSMMSG"="AGRSMMSG.exe" "farstone"="" "RestoreIT!"="\"C:\\Programme\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart" "MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe" "AVStation Premium 3.75"="C:\\Programme\\Samsung\\AVStation Premium 3.75\\AVSAgent.exe" "DisplayManager"="C:\\Programme\\Samsung\\DisplayManager\\DMLoader.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "ReslanSelfReg"="" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot" "BDMCon"="\"C:\\Programme\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Programme\\Softwin\\BitDefender10\\bdagent.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="sockspy.dll" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\install.bat Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1158009444.job C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job C:\WINDOWS\tasks\WebReg 20071230231808.job ******************************************************************** zu 2: CleanUp! started on 01/04/08 13:25:25. ... C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso242.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso242.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso243.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso243.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso244.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso251.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso252.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso253.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso261.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso262.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso263.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso271.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso272.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso273.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso273.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso274.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso280.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso290.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso290.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso291.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso291.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso292.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso292.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso294.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso29F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso29F.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2A0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2AF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B1.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2B2.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2BF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C1.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2C2.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CE.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2CF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2D0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2D1.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2DE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2DE.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2E.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2EE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2EF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F1.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2F2.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FD.DOC - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FD.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso2FE.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30E.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso30F.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso310.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31C.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso31E.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32C.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso32F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso33F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34B.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34B.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso34E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35B.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso35E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso36B.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso36C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso37A.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso37A.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso38A.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso399.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso39A.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3A9.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3A9.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AD.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3AE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B9.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3B9.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BD.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3BE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C8.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C8.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3C9.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3CC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3D8.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3D9.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3DC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3E.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso3F.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso40.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso40.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso41.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso4F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso50.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso5F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso60.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso61.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso62.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso67.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso68.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso68.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso69.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso69.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso6D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso7F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8C.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso8F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso90.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9C.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9C.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9D.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9D.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9E.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9E.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\mso9F.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA0.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA1.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA2.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA4.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA5.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA6.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoA7.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAB.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoAC.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoB.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoB0.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBB.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoBC.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoC.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCB.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCD.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoCE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoD.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDA.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoDD.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE3.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoE4.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoED.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoEE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoF.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFA.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFA.wmf - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFB.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFC.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFD.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFE.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\msoFF.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Norton AntiVirus 2005 9-20-2006 2h2m41s.log - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\offcln9.log - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Office 2000 Professional Setup (0002).txt - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Office 2000 Professional Setup (0002)_MsiExec.txt - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Outlook Startup.BAK - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Outlook Startup.Log - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Perflib_Perfdata_a7c.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\setup_wm.exe - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Sophos Anti-Virus CustomActions Log.txt - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\SSALiveUpdate.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\symcprop.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\SymSCLiveUpdate.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\TWAIN.LOG - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twain001.Mtx - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twunk001.MTX - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Twunk002.MTX - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\wecerr.txt - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1906.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1BAC.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF1BAF.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF2675.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF2C06.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF32C7.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF3716.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF38AF.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF395D.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF3CDB.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4719.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4863.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4E05.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF4EBB.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF5C51.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF5F82.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF65AE.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF6C8.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF8111.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF83E1.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF8849.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DF9EE8.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA670.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA944.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA95F.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA97A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFA995.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFAC22.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFACB8.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFAD43.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFB10A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFB78B.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFBC60.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFBDA6.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFC3C9.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFC46A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCA77.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCAC0.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFCD0D.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD16.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD3B8.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD86A.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFD91F.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFDD52.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFE47D.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~DFF23B.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRC0000.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRC3506.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0000.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0001.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0002.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0003.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0004.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0005.doc - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD0005.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRD3866.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0000.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0001.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0002.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0003.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0004.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRF0636.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0000.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0001.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0002.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~WRS0004.tmp - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\setuphook.dll - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\compatibility.ini - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\compreg.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\prefs.js - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\XPC.mfl - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\GGSA6.tmp\Fake Profile\xpti.dat - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\IXP000.TMP\Setup.Exe - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\MARQUEELib.exd - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\MSForms.exd - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~rnsetup\pncrt.dll - deleted C:\DOKUME~1\Daniela\LOKALE~1\Temp\~rnsetup\pnrs3260.dll - deleted C:\WINDOWS\temp\hpzcoi00.log - deleted C:\WINDOWS\temp\hpzcoi01.log - deleted C:\WINDOWS\temp\hpzcoi02.log - deleted C:\WINDOWS\temp\hpzcoi03.log - deleted C:\WINDOWS\temp\hpzcoi04.log - deleted C:\WINDOWS\temp\hpzcoi05.log - deleted C:\WINDOWS\temp\hpzcoi06.log - deleted C:\WINDOWS\temp\hpzcoi07.log - deleted C:\WINDOWS\temp\hpzcoi08.log - deleted C:\WINDOWS\temp\hpzcoi09.log - deleted C:\WINDOWS\temp\Sophos Anti-Virus CustomActions Log.txt - deleted C:\WINDOWS\temp\Sophos Anti-Virus install log.txt - deleted C:\WINDOWS\temp\Sophos Anti-Virus Uninstall log.txt - deleted C:\WINDOWS\temp\Sophos AutoUpdate install log.txt - deleted C:\WINDOWS\temp\Thumbs.db - deleted C:\WINDOWS\temp\Cookies\index.dat - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat - deleted C:\WINDOWS\temp\tmp00000c95\tmp00000000 - deleted C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Daniela\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Daniela\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\ACRORD32.EXE-0ABDA372.pf - deleted C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-3AD69296.pf - deleted C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-123A1126.pf - deleted C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf - deleted C:\WINDOWS\Prefetch\ALMON.EXE-28D3E905.pf - deleted C:\WINDOWS\Prefetch\ALSVC.EXE-271466C1.pf - deleted C:\WINDOWS\Prefetch\ALUPDATE.EXE-3A543EEB.pf - deleted C:\WINDOWS\Prefetch\AUTODL%3FBUNDLEID=11026_B197D-2F23AED5.pf - deleted C:\WINDOWS\Prefetch\AVSAGENT.EXE-17248AEF.pf - deleted C:\WINDOWS\Prefetch\BATTERYMANAGER.EXE-168A0E76.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf - deleted C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf - deleted C:\WINDOWS\Prefetch\DEFENC.EXE-00FF0189.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted C:\WINDOWS\Prefetch\DISPLAYMANAGER.EXE-341EEE0E.pf - deleted C:\WINDOWS\Prefetch\DMLOADER.EXE-1C3A57B5.pf - deleted C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted C:\WINDOWS\Prefetch\EXCEL.EXE-050F3EE5.pf - deleted C:\WINDOWS\Prefetch\FIREFOX SETUP 2.0.EXE-30F812B2.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf - deleted C:\WINDOWS\Prefetch\FIREFOXGOOGLETOOLBARSETUP[1].-092895BC.pf - deleted C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-06F6E328.pf - deleted C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-2C9098C6.pf - deleted C:\WINDOWS\Prefetch\GTB2K1031.EXE-213649C3.pf - deleted C:\WINDOWS\Prefetch\GUS3.TMP-1C65D8BD.pf - deleted C:\WINDOWS\Prefetch\HDASHCUT.EXE-2D2D5319.pf - deleted C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted C:\WINDOWS\Prefetch\HPOD.EXE-0BADB11C.pf - deleted C:\WINDOWS\Prefetch\HPODLOG.EXE-0745C37F.pf - deleted C:\WINDOWS\Prefetch\HPOEVM08.EXE-2C1E7315.pf - deleted C:\WINDOWS\Prefetch\HPOHMR08.EXE-30701F6B.pf - deleted C:\WINDOWS\Prefetch\HPOSTS08.EXE-024F9212.pf - deleted C:\WINDOWS\Prefetch\HPOTDD01.EXE-20272A01.pf - deleted C:\WINDOWS\Prefetch\HPQFRU07.EXE-0F2CC257.pf - deleted C:\WINDOWS\Prefetch\HPQFRUCL.EXE-265D7627.pf - deleted C:\WINDOWS\Prefetch\HPQWRG.EXE-22B12482.pf - deleted C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf - deleted C:\WINDOWS\Prefetch\HPZSTC07.EXE-15B07549.pf - deleted C:\WINDOWS\Prefetch\ICQFILEXFER.EXE-16F6CA6F.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-01822910.pf - deleted C:\WINDOWS\Prefetch\IEDW.EXE-062D8B1C.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-360BBB5C.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted C:\WINDOWS\Prefetch\INITOREG.EXE-01E82A0C.pf - deleted C:\WINDOWS\Prefetch\JAVA.EXE-301DE7C6.pf - deleted C:\WINDOWS\Prefetch\JAVAW.EXE-2D38EF8E.pf - deleted C:\WINDOWS\Prefetch\JAVAW.EXE-2F20B7E6.pf - deleted C:\WINDOWS\Prefetch\JUSCHED.EXE-0B8B0317.pf - deleted C:\WINDOWS\Prefetch\LAUNCHER.EXE-26EADD35.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted C:\WINDOWS\Prefetch\MAGICKBD.EXE-10E274B8.pf - deleted C:\WINDOWS\Prefetch\MAKEADHOC.EXE-38CD462C.pf - deleted C:\WINDOWS\Prefetch\MERGEDT.EXE-0B549972.pf - deleted C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted C:\WINDOWS\Prefetch\MSIMN.EXE-2E3AC8DB.pf - deleted C:\WINDOWS\Prefetch\MSMSGS.EXE-1D037CD3.pf - deleted C:\WINDOWS\Prefetch\MSPAINT.EXE-146E0237.pf - deleted C:\WINDOWS\Prefetch\NAVW32.EXE-2C2D3760.pf - deleted C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf - deleted C:\WINDOWS\Prefetch\OFFPROV.EXE-0528779A.pf - deleted C:\WINDOWS\Prefetch\OSA9.EXE-19470A70.pf - deleted C:\WINDOWS\Prefetch\PATCHJRE.EXE-14C5D64B.pf - deleted C:\WINDOWS\Prefetch\PDVDSERV.EXE-19072CB6.pf - deleted C:\WINDOWS\Prefetch\POWERPNT.EXE-040FDD06.pf - deleted C:\WINDOWS\Prefetch\PREMKBD.EXE-30349FA6.pf - deleted C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0492F88B.pf - deleted C:\WINDOWS\Prefetch\REALPLAY.EXE-03CE29F7.pf - deleted C:\WINDOWS\Prefetch\REALPLAYER10-5GOLD_DE.EXE-1E688177.pf - deleted C:\WINDOWS\Prefetch\REALPLAYER10-5GOLD_DE[1].EXE-2F127ABD.pf - deleted C:\WINDOWS\Prefetch\REALPLAY_MOUNTPOINTS.EXE-24100CD5.pf - deleted C:\WINDOWS\Prefetch\REALSCHED.EXE-0C8249C8.pf - deleted C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted C:\WINDOWS\Prefetch\REGTOINI.EXE-0FCDE46A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B866543.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C98A3C8.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-419F288A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-53A0F489.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-54023F1C.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-5ACE91DC.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-5DC26967.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-6550671A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-673A7453.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-68FAE794.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-7310CA94.pf - deleted C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf - deleted C:\WINDOWS\Prefetch\SAVADMINSERVICE.EXE-369A6745.pf - deleted C:\WINDOWS\Prefetch\SAVMAIN.EXE-2B7A524A.pf - deleted C:\WINDOWS\Prefetch\SAVPROGRESS.EXE-176321D8.pf - deleted C:\WINDOWS\Prefetch\SAVSERVICE.EXE-1D410D0B.pf - deleted C:\WINDOWS\Prefetch\SETREG.EXE-0CEE614B.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-00B952E2.pf - deleted C:\WINDOWS\Prefetch\SETUP_WM.EXE-0480CABE.pf - deleted C:\WINDOWS\Prefetch\SETUP_WM.EXE-21CBB822.pf - deleted C:\WINDOWS\Prefetch\SKYPESETUP[1].EXE-2E0AA032.pf - deleted C:\WINDOWS\Prefetch\SLUTRAYNOTIFIER.EXE-01978F3C.pf - deleted C:\WINDOWS\Prefetch\SMAX4.EXE-2353CE07.pf - deleted C:\WINDOWS\Prefetch\SMAX4PNP.EXE-0AFDE2F0.pf - deleted C:\WINDOWS\Prefetch\SSMYPICS.SCR-2B33A3BB.pf - deleted C:\WINDOWS\Prefetch\SWG4.TMP-05270772.pf - deleted C:\WINDOWS\Prefetch\SYNTPENH.EXE-33F656F5.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted C:\WINDOWS\Prefetch\UNPACK200.EXE-277D5B83.pf - deleted C:\WINDOWS\Prefetch\UNREGMP2.EXE-0CFB0619.pf - deleted C:\WINDOWS\Prefetch\VBPTASK.EXE-3521F25A.pf - deleted C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-39A7680E.pf - deleted C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted C:\WINDOWS\Prefetch\WMPAU.EXE-02825467.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735AB.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735B1.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-017735B5.pf - deleted C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted C:\WINDOWS\Prefetch\ZIPPER.EXE-2DD3C3D4.pf - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 429.6 MB of disk space from 2549 files. CleanUp! finished on 01/04/08 13:25:28. Da dies empfohlen wurde, habe ich den CleanUp erstmal nur zur Probe durchlaufen lassen und die Dateien noch nicht gelöscht. Werden dadurch alle meine Dokumente gelöscht und sollte ich vorher Sicherheitskopien anlegen? Es sollen auch ziemlich viele Dokumente aus dem Windows-Ordner gelöscht werden. Ist das in Ordnung so oder sollte ich einige Dateien davon nicht löschen? zu 3: Verzeichnis von C:\WINDOWS\system32 08-01-04 14:08 311,938 perfh009.dat 08-01-04 14:08 40,326 perfc009.dat 08-01-04 14:08 317,168 perfh007.dat 08-01-04 14:08 48,552 perfc007.dat 08-01-04 14:08 723,568 PerfStringBackup.INI 08-01-04 14:04 45,378 nvapps.xml 08-01-04 10:37 81,984 bdod.bin 07-12-31 19:43 185,952 rmoc3260.dll 07-12-31 19:43 5,632 pndx5032.dll 07-12-31 19:43 6,656 pndx5016.dll 07-12-31 19:43 278,528 pncrt.dll 07-12-29 14:28 9,857 jupdate-1.5.0_11-b03.log 06-12-15 04:09 127,078 javaws.exe 06-12-15 04:09 49,265 jpicpl32.cpl 06-12-15 02:31 53,346 javaw.exe 06-12-15 02:30 49,248 java.exe 06-11-16 07:20 10,474,920 MRT.exe 06-11-04 15:14 1,245,696 msxml4.dll Verzeichnis von C:\DOKUME~1\Daniela\LOKALE~1\Temp 08-01-04 14:29 57,856 ~WRS0003.tmp 08-01-04 14:29 512 ~DFCE3F.tmp 08-01-04 14:09 81,688 jusched.log 08-01-04 14:04 0 JET784C.tmp 08-01-03 22:28 1,658 1199391697.log 08-01-03 22:20 8,954 live.ini 08-01-03 22:02 16,384 ~DFD86A.tmp 08-01-03 22:02 16,384 ~DFD3B8.tmp 08-01-03 21:55 59,096 Sophos Anti-Virus CustomActions Log.txt 08-01-03 21:53 16,384 Perflib_Perfdata_a7c.dat 08-01-03 21:44 19,712,000 1b7888.msi 08-01-03 21:24 16,384 ~DFA95F.tmp 08-01-03 21:24 16,384 ~DFA944.tmp 08-01-03 21:24 16,384 ~DFA97A.tmp 08-01-03 21:24 16,384 ~DFA995.tmp 08-01-03 21:15 16,384 ~DF4719.tmp 08-01-03 21:15 16,384 ~DF395D.tmp 08-01-03 19:05 16,384 ~DF8849.tmp 08-01-03 19:05 16,384 ~DF8111.tmp 08-01-03 18:55 65,536 ~DF1BAC.tmp 08-01-03 18:45 0 h2rA.tmp 08-01-03 18:43 633,344 ~WRD3866.tmp 08-01-03 10:34 797,676 IMT7.xml 08-01-03 10:34 426 IMT6.xml 08-01-03 10:34 2,036 IMT5.xml 08-01-02 19:34 16,384 ~DF1BAF.tmp 08-01-02 19:21 792 java_install_reg.log 07-12-31 19:30 75,080 InfoWindow.dll 07-12-31 13:53 0 flaAB.tmp 07-12-31 13:52 0 flaA6.tmp 07-12-30 22:36 0 flaE6.tmp 07-12-30 22:07 0 flaE5.tmp 07-12-30 20:06 0 flaD9.tmp 07-12-30 20:06 0 flaD8.tmp 07-12-30 20:04 0 flaD7.tmp 07-12-30 16:56 1,224,348 gtb2.tmp.cab 07-12-30 16:56 0 gtb2.tmp 07-12-29 14:33 1,052,672 gtb40.tmp.cab 07-12-29 14:33 0 gtb40.tmp 07-12-29 14:33 797,676 IMT3F.xml 07-12-29 14:33 426 IMT3E.xml 07-12-29 14:33 2,036 IMT3D.xml 07-12-29 14:28 0 java_install.log 07-12-29 14:26 1,156 jinstall.cfg Verzeichnis von C:\WINDOWS 08-01-04 14:16 1,452,238 WindowsUpdate.log 08-01-04 14:04 0 0.log 08-01-04 14:04 159 wiadebug.log 08-01-04 14:04 50 wiaservc.log 08-01-04 14:04 2,048 bootstat.dat 08-01-04 11:02 417,388 ntbtlog.txt 08-01-04 10:37 32,618 SchedLgU.Txt 08-01-03 22:15 758 win.ini 08-01-03 19:26 644,034 setupapi.log 07-12-31 19:12 69 NeroDigital.ini Verzeichnis von C:\WINDOWS\Temp 08-01-03 16:57 4,108 Sophos Anti-Virus install log.txt 08-01-03 16:57 8,441,854 Sophos Anti-Virus CustomActions Log.t Verzeichnis von C:\WINDOWS\Downloaded Program Files Verzeichnis von C:\ 08-01-04 14:04 73 cj.ini 08-01-04 14:03 1,071,828,992 hiberfil.sys 08-01-04 14:03 1,610,612,736 pagefile.sys Ich hoffe, ihr könnt damit etwas anfangen... Auf jeden Fall vielen Dank für die Hilfe! Dieser Beitrag wurde am 28.03.2007 um 21:41 Uhr von D Bidell editiert.
|
|
|
||
29.03.2007, 11:53
Ehrenmitglied
Beiträge: 29434 |
#4
««
öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O4 - HKLM\..\Run: [starter] c:\windows\system32\starter.exe»» scanne mit kaspersky und poste den scanrpeort öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.03.2007, 18:37
...neu hier
Themenstarter Beiträge: 7 |
#5
Hallo Sabina,
vielen Dank für deine Hilfe! Also der SDBot-RT ist jetzt nicht mehr auf meinem Rechner. Leider hab ich nicht ganz verstanden, was du bei Kaspersky mit dem Scanreport meinst. Also ich hab sowohl den Online-Scan als auch die 30-Tage-Testversion durchlaufen lassen und beide haben nichts mehr gefunden... Danach hab ich auch nochmal XoftSpySE durchlaufen lassen, mit dem ich den SDBot gefunden hatte und festgestellt, dass der zwar jetzt weg ist, ich aber zwei neue Viren auf meinem Computer hab, wobei ich nicht weiß, wie ich die finden kann, da ich die Pfadangaben nicht kenne. Der Befund war: Vendor: Best Offers Smiley Source Type: Registry Key Object: typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\0\win32 typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\helpdir Hab wohl gleich zwei davon auf dem Rechner... Häng deshalb nochmal mein neues Logfile and, vielleicht kannst du daran erkennen, welche Einträge das sind: Logfile of HijackThis v1.99.1 Scan saved at 17:02, on 07-03-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Java\jre1.5.0_11\bin\jusched.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Samsung\DisplayManager\DisplayManager.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe C:\Programme\internet explorer\iexplore.exe C:\Programme\XoftSpySE\XoftSpy.exe C:\Programme\internet explorer\iexplore.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Daniela\LOKALE~1\Temp\Rar$EX00.719\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardiff.ac.uk/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardiff.ac.uk/index.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpac.cf.ac.uk/resicache.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpywareBot] C:\Programme\SpywareBot\SpywareBot.exe -boot O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://Download.Windowsupdate.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ComboFix Log: "Daniela" - 07-03-29 17:43:04 Service Pack 2 ComboFix 07-03-27.4.2 - Running from: "C:\Dokumente und Einstellungen\Daniela\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 )))))))))))))))))))))))))))))))))) 2007-03-29 16:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage 2007-03-29 15:30 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-03-29 15:30 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-03-29 15:30 7,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-03-29 15:30 1,347,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-03-29 15:30 <DIR> d-------- C:\Programme\Kaspersky Lab 2007-03-29 15:30 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Kaspersky Lab 2007-03-29 15:23 <DIR> d-------- C:\kav 2007-03-29 14:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-03-28 20:07 <DIR> d-------- C:\Programme\XoftSpySE 2007-03-09 19:58 25,734 --a------ C:\WINDOWS\system32\drivers\klop.dat 2007-03-09 19:52 200,768 --a------ C:\WINDOWS\system32\klogon.dll 2007-03-03 20:39 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-29 16:43 48552 --a------ C:\WINDOWS\system32\perfc007.dat 2007-03-29 16:43 317168 --a------ C:\WINDOWS\system32\perfh007.dat 2007-03-28 19:49 81984 --a------ C:\WINDOWS\system32\bdod.bin (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" "SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe" "SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "AGRSMMSG"="AGRSMMSG.exe" "farstone"="" "RestoreIT!"="\"C:\\Programme\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart" "MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe" "AVStation Premium 3.75"="C:\\Programme\\Samsung\\AVStation Premium 3.75\\AVSAgent.exe" "DisplayManager"="C:\\Programme\\Samsung\\DisplayManager\\DMLoader.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "ReslanSelfReg"="" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot" "AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\install.bat Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1158009444.job C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job C:\WINDOWS\tasks\WebReg 20071230231808.job C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-29 17:49:44 Die logs von datfindbat (leider stimmt das Datum teilweise immer noch nicht, weiß wirklich nicht, warum...): Verzeichnis von C:\WINDOWS\system32 31.12.2007 19:43 185.952 rmoc3260.dll 31.12.2007 19:43 5.632 pndx5032.dll 31.12.2007 19:43 6.656 pndx5016.dll 31.12.2007 19:43 278.528 pncrt.dll 29.12.2007 14:28 9.857 jupdate-1.5.0_11-b03.log Verzeichnis von C:\DOKUME~1\Daniela\LOKALE~1\Temp 29.03.2007 17:55 512 ~DF9BCF.tmp 29.03.2007 16:38 0 JET8F9D.tmp Verzeichnis von C:\WINDOWS 31.12.2007 19:12 69 NeroDigital.ini Verzeichnis von C:\ 29.03.2007 17:57 0 sys.txt 29.03.2007 17:57 880 down.txt 29.03.2007 17:57 117 tmp.txt 29.03.2007 17:56 8.950 system.txt 29.03.2007 17:55 344 systemtemp.txt 29.03.2007 17:54 95.494 system32.txt 29.03.2007 17:49 5.575 ComboFix.txt 29.03.2007 16:38 73 cj.ini 29.03.2007 16:38 1.071.828.992 hiberfil.sys 29.03.2007 16:38 1.610.612.736 pagefile.sys Dieser Beitrag wurde am 29.03.2007 um 19:30 Uhr von D Bidell editiert.
|
|
|
||
29.03.2007, 21:01
Ehrenmitglied
Beiträge: 29434 |
#6
««
SpywareBot Fakeprogramm, welches den Rechner zerstoert.... http://virus-protect.org/artikel/spyware/spywarebot.html -------------------------- Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpywareBot in edit und klicke "Ok". Notepad wird sich oeffnen - kopiere ab, was erscheint ------------------------------------ Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.03.2007, 22:39
...neu hier
Themenstarter Beiträge: 7 |
#7
Hier das Ergebnis von Registry Search:
Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 29.03.2007 21:23:57 for strings: ; 'spywarebot' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareBot"="C:\\Programme\\SpywareBot\\SpywareBot.exe -boot" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareBot] [HKEY_CURRENT_USER\Software\SpywareBot] [HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot] [HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\RegInfo] [HKEY_CURRENT_USER\Software\SpywareBot\SpywareBot\Settings] ; End Of The Log... Mir wird auch immer noch angezeigt, dass ich "Best Offers Smiley Source" auf meinem Computer hätte. |
|
|
||
30.03.2007, 13:35
Ehrenmitglied
Beiträge: 29434 |
#8
D Bidell
«« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT4---------------------------------------------------------------- Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ------------ scanne, lasse alles mit remove loeschen und poste den scanreport http://virus-protect.org/counterspy1.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.03.2007, 18:18
...neu hier
Themenstarter Beiträge: 7 |
#9
Hallo Sabina,
ich habe das mit dem fixme.reg zwar so gemacht wie angegeben, aber mir wird Folgendes angezeigt, wenn ich es der Registry beifügen will: C:\Dokumente und Einstellungen\Daniela\Desktop\fixme.reg kann nicht importiert werden. Die angegebene Datei ist keine Registrierungsdatei. Registrierungsdateien können nur innerhalb des Registrierungs-Editors importiert werden. Hab ich da vielleicht doch irgendwas falsch gemacht? Bei Avenger kam: Fatal error: could not create a new script file Error code: 0 Error logged to errorlog.txt. Aborting now! Das lag vielleicht daran, dass ich die Dateien schon gelöscht hatte... Counterspy: Scan History Details Start Date: 30.03.2007 16:04:09 End Date: 30.03.2007 17:01:22 Total Time: 57 Min 13 Sec Detected security risks Cookie: Com.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs. Status: Deleted Cookies detected c:\dokumente und einstellungen\daniela\cookies\daniela@com[1].txt Ich habe mittlerweile auf verschiedenen Internetseiten gelesen, dass Leute, die Kaspersky installiert haben (wie ich im Moment), von XoftSpySE "Best Offers Smiley Source" angezeigt bekommen und wenn sie Kaspersky deinstallieren, ist es weg (bei erneuter Installation ist es dann wieder drauf). Da andere Virenprogramme den Virus nicht finden, denke ich, dass das eine Fehlmeldung von XoftSpySE ist und der Virus gar nicht auf meinem Rechner ist. Bei mir treten die Begleiterscheinungen des Virus wie Pop-Up Fenster auch nicht auf. Ist mit meinem Rechner dann wieder alles ok? Vielen Dank auf jeden Fall für die schnelle und kompetente Hilfe! Als ich den SDBot löschen konnte, war ich wirklich sehr erleichtert Dieser Beitrag wurde am 30.03.2007 um 18:27 Uhr von D Bidell editiert.
|
|
|
||
30.03.2007, 18:54
Ehrenmitglied
Beiträge: 29434 |
#10
gehe in die registry
Start - Ausfuehren - regedit oben links - bearbeiten - suchen - SpywareBot HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareBot - loeschen HKEY_CURRENT_USER\Software\SpywareBot - loeschen PC neustarten --------------------------------------------------------------- »» hast du das avengerscript angewendet ??? XoftSpySE - deinstalliere - ist anscheinend nicht ganz koscher. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.03.2007, 19:06
...neu hier
Themenstarter Beiträge: 7 |
#11
Hallo,
ich hab das mit dem fixme.reg nochmal wiederholt und diesmal ging es (auch mit dem Avenger). Aber ich habe wirklich nichts anders gemacht als beim erstem Mal (??) Ich hab Avenger so angewendet, wie du mir geschrieben hast... Der Report von Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nvibgvkd ******************* Script file located at: \??\C:\WINDOWS\gacmkibu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job not found! Deletion of file C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job failed! Could not process line: C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job Status: 0xc0000034 Folder C:\Programme\SpywareBot not found! Deletion of folder C:\Programme\SpywareBot failed! Could not process line: C:\Programme\SpywareBot Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SpywareBot failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Denke, dass Avenger die Sachen nicht mehr gefunden hat, da ich sie ja schon mal gelöscht hatte. Bin auch nochmal in die Registry, aber es wurden keine Dateien von SpywareBot mehr gefunden. Sonst war aber nichts Verdächtiges mehr auf meinem PC? Dieser Beitrag wurde am 30.03.2007 um 19:23 Uhr von D Bidell editiert.
|
|
|
||
30.03.2007, 20:29
Ehrenmitglied
Beiträge: 29434 |
#12
es muesste wieder alles i.o. sein
wenn es noch Probleme gibt - melde dich. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.03.2007, 20:46
...neu hier
Themenstarter Beiträge: 7 |
#13
OK, super! Nochmal vielen Dank an dieser Stelle!
|
|
|
||
ich habe über diverse Virenscanner herausgefunden, dass ich SDBot-RT auf meinem Computer habe, aber leider kann ich ihn nicht entfernen. Ich muss wohl irgendwie c:\windows\system32\starter.exe entfernen. Das Problem ist, dass ich die starter.exe nicht finden kann, auch nicht, wenn ich mir die versteckten Dateien anzeigen lasse... Es laufen auch nicht alle Virenprogramme, da der Wurm die wohl beeinfluss.
Ich weiß nicht, ob es weiterhilft, aber ich hänge mal mein Logfile an:
Logfile of HijackThis v1.99.1
Scan saved at 22:18:14, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Daniela\LOKALE~1\Temp\Rar$EX08.203\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpac.cf.ac.uk/resicache.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [starter] c:\windows\system32\starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareBot] C:\Programme\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Das Hauptproblem ist, dass ich diese starter.exe einfach nicht finde, obwohl sie mir bei Virenscans angezeigt wird...
Vielen Dank für eure Hilfe schon mal im Voraus!