Home » Viren, Trojaner & Malware Forum » Werde von TR/Vundo.Gen belagert » Themenansicht

Werde von TR/Vundo.Gen belagert
#0
08.10.2007, 14:20
No.Way.Out
Member

Beiträge: 13
#1 Hallo, hab schon viele Threads durchgelesen und versucht danach selbst diesen TR loszuwerden, aber ohne erfolgt.

TR/Vundo.gen belagert meinen Hauptrechner weiter. Er liegt bei mir: C:\Windows\system32\mljge.dll

Logfile of HijackThis v1.99.1
Scan saved at 14:21:33, on 08.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Raven Projekt\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XYZ0JQL\1_99_1[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A05E07B-155D-4B27-BF2E-7FFB8CB0FC2E} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {0DCB138A-3186-4045-8BB1-FC8B46840E58} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {52072538-5CC9-4A0A-8128-553168BDB62D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {6BC3DA40-F2FF-4023-B61A-85F69385DBC9} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85B53573-9741-47D7-9D55-8D1E0CA5D0FD} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {9022E023-386F-4037-8E37-34AE008B36E0} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {A7728F57-3849-431E-A5CD-64D61EBB25B4} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: {ba7693ab-e3c2-bada-16f4-42a6e0c3ca9a} - {a9ac3c0e-6a24-4f61-adab-2c3eba3967ab} - C:\WINDOWS\system32\utqetavi.dll (file missing)
O2 - BHO: (no name) - {B88D188E-10F3-4D0A-8C48-7E66A1BB04C8} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {BD5D8C2B-FAFC-4BB7-BC19-0001E1C42E35} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {BE12E900-73D1-4C14-992B-68CFEF30A83D} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {CB9A5711-EF7E-432F-90F0-6FDA13E59CE3} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {D9F061E5-C2EF-47AA-9EE6-40DCDDA7786D} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {DB5B0248-BE61-4BDF-82D7-4A00D5E9D82C} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {DDF7D262-546D-4DE2-9B42-EAA30A90A701} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {EF6E6652-1FC0-42D2-8898-0C284E728C9C} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Trust\250S Series\lwbwheel.exe
O4 - HKLM\..\Run: [NI.UGA6PU_0001_N108M1308] "c:\dokumente und einstellungen\raven projekt\anwendungsdaten\install_de[1].exe" -nag
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtt - C:\WINDOWS\
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: geebc - C:\WINDOWS\
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: geedc - C:\WINDOWS\
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\
O20 - Winlogon Notify: mlljg - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: ssttt - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvtqo - C:\WINDOWS\SYSTEM32\xxyvtqo.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Wäre super wenn jemand mir helfen könnte...
Dieser Beitrag wurde am 08.10.2007 um 14:45 Uhr von No.Way.Out editiert.
Seitenanfang Seitenende
08.10.2007, 14:22
neXtar
Member

Beiträge: 43
#2 http://board.protecus.de/t23188.htm
Seitenanfang Seitenende
08.10.2007, 14:26
No.Way.Out
Member

Themenstarter

Beiträge: 13
#3 CleanUp! started on 10/08/07 14:25:39.
...
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\koordtool[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\land_tene_FS_468x60[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\lang_sel[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\lauftext[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\li_ohne_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\li_ohne_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\logout[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\logout_aktive[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[2].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[3].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[4].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[5].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[6].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\menu[7].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\miss[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\mitte_verl_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\motorcycleclubbannerschrift[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\navi_unten[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben2_1[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben2_2[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben2_5[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben_2[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\oben_3[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\popups[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\popups[2].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\preis_mall_SS_120x600[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\prototype[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\QUE_NE_010307_linie_01_osterdeko_000_120x600[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\reload[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\re_mit_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\re_ohne_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\re_ohne_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\re_ohne_on[2].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sel[1] - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sel[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sonny12_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sonny1_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sonny8_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\space[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\stat_kl[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\stat_kl[2].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\sterngross[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\submit[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\tabs[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\tattooshow-stuttgart[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\trans[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\trenn[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\tssflyer2007_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\uran[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\version[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\werbung[2].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\werbung_r[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\werb_links_u[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\werb_unten[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\A3GNEDS3\werb_verl[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\10_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\120x600_v1_flyDvd[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\127-2772_IMG[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\127-2776_IMG[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\127-2778_IMG_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\127-2780_IMG_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\127-2782_IMG_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\13_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\16_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\1[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\3723566[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\468x60_SoHo_standard_070222_b[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\5_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\87[2].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\9_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\abstand[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\adjs[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\affa[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\banner2[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\banner2[2].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\banner[1] - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\bg-tab-firston[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\bg-tab-leftoff[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\bildrandlinks[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\body_verl[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\bsponsoren[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\butdhwgallery[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\bwelcome[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\CA5K0N91.swc - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\CAG5EP38.swc - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\clickurl=;ord=45258998168[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\cmdinfo[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\contact[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\copy[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\copy[2].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\de_sel_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\de_sel_off[2].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\de_sel_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\dhhintergrunddhw[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\dw[1].css - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\dynLib[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\en_sel_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\fakebanner_468x60_1[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[2].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[3].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[4].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[5].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash[6].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flash_target[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\flyopenroad_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\fl_pfeil[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\ha-nomads[1].css - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\hasnavi[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\header_featurenav[1].css - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\headh[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\homepage[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[2].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[3].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[4].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[5].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[6].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[7].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\image[8].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\js[1] - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\js[2] - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\kalender2004[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\kmds0[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\kmds1[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\kmds5[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\komm0[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\koordtool[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\Landal_de_feb-mrt_468x60[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\lang_sel[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\lang_zu_hinter[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\linieschwarz[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\links_world[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\li_ohne_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\login[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\logo-uitg[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\logout[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\logo[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\logo[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\logo[2].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\lunar[1].css - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menuh[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[2].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[3].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[4].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[5].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu[6].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\menu_std[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\mitte_verl_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\mitte_verl_on[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\m[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\n3515990[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\navi_links[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\navi_rechts[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\navi_unten[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\navi_verl[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\nazisrausbutton[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\note[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\nz[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\oben2_3[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\oben2_3[2].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\oben_2[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\oben_3[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\oel[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\pathfinder_fullsize-468x60[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\pfeil[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\popup_script[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\popup_script[2].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\promosite[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\Q207_DE_Silhouette_120x600_070131[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\radar[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\raw[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\reload[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\re_mit_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\re_mit_off[2].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\re_ohne_off[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\skysc_120x600_mueland78[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\sonny2_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\sonny5_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\sonny9[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\sonny9_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\start[1].swf - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\stat_gr[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\sterngross[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\style[1].css - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\submit[1].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\submit[2].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\submit[3].png - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\term[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\titan[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\tssflyer2007_small[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\tssoben[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\uhr[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\version[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\votebg[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\web[2].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\werbung[1].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\werbung[2].htm - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\werb_oben[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\werb_rechts_u[1].jpg - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\writecached[1].js - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\KX0JAJAJ\w[1].gif - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für d-tool.zip\DWTool.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für SmitfraudFix.zip\SmitfraudFix\SmitfraudFix.cmd - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 2 für d-tool.zip\D-Wars Tool.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 2 für d-tool.zip\DWTool.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 3 für d-tool.zip\D-Wars Tool.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 3 für d-tool.zip\DWTool.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 4 für d-tool.zip\D-Wars Tool.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 4 für d-tool.zip\DWTool.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 5 für d-tool.zip\D-Wars Tool.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Temporäres Verzeichnis 5 für d-tool.zip\DWTool.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Verlauf\History.IE5\index.dat - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\artpclnt.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\cabarc.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\dbghelp.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\libxml2.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\MFC71.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\msvcp71.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\msvcr71.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\patchw32.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\Preferences.xml - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\Warhammer Mark of Chaos Patcher\Updater.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{0DFCDAF2-5A04-4EA6-BD54-809D790CB67C}\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\CutScene_00.avi - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{0DFCDAF2-5A04-4EA6-BD54-809D790CB67C}\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\CutScene_00.wav - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{0DFCDAF2-5A04-4EA6-BD54-809D790CB67C}\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\mplayerc.exe - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{70FF7DF1-E69E-47df-9AA6-F062FADD6146}\lrfA.tmp - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{DB0CFA19-6009-46C1-937A-1A86EA68A1B7}\ISSetup.dll - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{DB0CFA19-6009-46C1-937A-1A86EA68A1B7}\setup.isn - deleted
C:\DOKUME~1\RAVENP~1\LOKALE~1\Temp\{DB0CFA19-6009-46C1-937A-1A86EA68A1B7}\_Setup.dll - deleted
C:\WINDOWS\SET25.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET4.tmp - deleted
C:\WINDOWS\SET8.tmp - deleted
C:\Dokumente und Einstellungen\Raven Projekt\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Raven Projekt\Cookies\raven projekt@board.protecus[1].txt - deleted
C:\Dokumente und Einstellungen\Raven Projekt\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Raven Projekt\Cookies\raven projekt@board.protecus[1].txt - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\layout.ini - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 482.0 MB of disk space from 1821 files.
CleanUp! finished on 10/08/07 14:25:41.

Das kam beim CleanUp! raus... - aber ich komm an dieser Stelle nun nicht weiter. :-/

TR ist weiter da... hat sich sogar verschlimmert, AntiVir bringt mir die TR Nachricht nicht nur 1 mal, sonder nun schon 3 mal am stück.

Ist denn gerade niemand da, der mir da helfen kann? - Sonst muss ich meinen Rechner formatieren.
Dieser Beitrag wurde am 08.10.2007 um 14:50 Uhr von No.Way.Out editiert.
Seitenanfang Seitenende
08.10.2007, 14:57
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#4 Hi,

schweres Geschütz:
(Dabei Antivir kurzfristig den Guard ausschalten!)
http://board.protecus.de/t29350.htm

Poste das Log und ein neues HJ-Log...

Chris
Seitenanfang Seitenende
08.10.2007, 15:00
No.Way.Out
Member

Themenstarter

Beiträge: 13
#5 Log & HJL beides vom dem Abgesicherten Modus posten????

Also im abgesicherten Modus wurde: TR/Fakealert.311 gefunden und gelöscht
Dieser Beitrag wurde am 08.10.2007 um 15:18 Uhr von No.Way.Out editiert.
Seitenanfang Seitenende
08.10.2007, 15:18
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#6 Si!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Chris
Seitenanfang Seitenende
08.10.2007, 15:36
No.Way.Out
Member

Themenstarter

Beiträge: 13
#7 Also wie oben schon erwähnt, wurde nur der TR/Fakealert.311 gefunden.

Logfile of HijackThis v1.99.1
Scan saved at 15:32:27, on 08.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Raven Projekt\Desktop\1_99_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A05E07B-155D-4B27-BF2E-7FFB8CB0FC2E} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {0DCB138A-3186-4045-8BB1-FC8B46840E58} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {52072538-5CC9-4A0A-8128-553168BDB62D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {6BC3DA40-F2FF-4023-B61A-85F69385DBC9} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85B53573-9741-47D7-9D55-8D1E0CA5D0FD} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {9022E023-386F-4037-8E37-34AE008B36E0} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {9F321DAA-CE4C-4604-854C-BCDF4C82BBD2} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {A7728F57-3849-431E-A5CD-64D61EBB25B4} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: {ba7693ab-e3c2-bada-16f4-42a6e0c3ca9a} - {a9ac3c0e-6a24-4f61-adab-2c3eba3967ab} - C:\WINDOWS\system32\utqetavi.dll (file missing)
O2 - BHO: (no name) - {B88D188E-10F3-4D0A-8C48-7E66A1BB04C8} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {BD5D8C2B-FAFC-4BB7-BC19-0001E1C42E35} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {BE12E900-73D1-4C14-992B-68CFEF30A83D} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {CB9A5711-EF7E-432F-90F0-6FDA13E59CE3} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {D9F061E5-C2EF-47AA-9EE6-40DCDDA7786D} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {DB5B0248-BE61-4BDF-82D7-4A00D5E9D82C} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {EF6E6652-1FC0-42D2-8898-0C284E728C9C} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Trust\250S Series\lwbwheel.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtt - C:\WINDOWS\
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: geebc - C:\WINDOWS\
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: geedc - C:\WINDOWS\
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\
O20 - Winlogon Notify: mlljg - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: ssttt - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvtqo - C:\WINDOWS\SYSTEM32\xxyvtqo.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



TR/Vundo.gen ist weiterhin da.

(Hab den Dr.Web Log vergessen zu speichern, muss Scan gerade neu machen - dauert einen kleinen moment noch.)
Dieser Beitrag wurde am 08.10.2007 um 15:45 Uhr von No.Way.Out editiert.
Seitenanfang Seitenende
08.10.2007, 15:47
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#8 Hi,

Killbox:
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
reinkopieren:
C:\WINDOWS\SYSTEM32\xxyvtqo.dll

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "yes"

PC neustarten

Mit HJ-Fixen (Du bist wieder auf der alten Version?):
Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Achtung: Alle Anwendungen bis auf HJ müssen geschlossen sein!)

Zitat


O2 - BHO: (no name) - {0A05E07B-155D-4B27-BF2E-7FFB8CB0FC2E} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {0DCB138A-3186-4045-8BB1-FC8B46840E58} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {52072538-5CC9-4A0A-8128-553168BDB62D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {6BC3DA40-F2FF-4023-B61A-85F69385DBC9} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85B53573-9741-47D7-9D55-8D1E0CA5D0FD} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {9022E023-386F-4037-8E37-34AE008B36E0} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {9F321DAA-CE4C-4604-854C-BCDF4C82BBD2} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {A7728F57-3849-431E-A5CD-64D61EBB25B4} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: {ba7693ab-e3c2-bada-16f4-42a6e0c3ca9a} - {a9ac3c0e-6a24-4f61-adab-2c3eba3967ab} - C:\WINDOWS\system32\utqetavi.dll (file missing)
O2 - BHO: (no name) - {B88D188E-10F3-4D0A-8C48-7E66A1BB04C8} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {BD5D8C2B-FAFC-4BB7-BC19-0001E1C42E35} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {BE12E900-73D1-4C14-992B-68CFEF30A83D} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {CB9A5711-EF7E-432F-90F0-6FDA13E59CE3} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {D9F061E5-C2EF-47AA-9EE6-40DCDDA7786D} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {DB5B0248-BE61-4BDF-82D7-4A00D5E9D82C} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: (no name) - {EF6E6652-1FC0-42D2-8898-0C284E728C9C} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: awvtt - C:\WINDOWS\
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: geebc - C:\WINDOWS\
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: geedc - C:\WINDOWS\
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\
O20 - Winlogon Notify: mlljg - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: ssttt - C:\WINDOWS\
O20 - Winlogon Notify: xxyvtqo - C:\WINDOWS\SYSTEM32\xxyvtqo.dll


Hoffentlich ist mir keiner durch die Lappen gegangen...

Scanne mit Avira:
Aktualisiere Antivir, stelle dein Antivir ein, wie hier beschrieben:
http://board.protecus.de/t23979.htm
Poste das Log u. ein neues HJ-Log!

Chris
Seitenanfang Seitenende
08.10.2007, 15:50
No.Way.Out
Member

Themenstarter

Beiträge: 13
#9 Beide Logs dann wieder im gesicherten Modus, oder im normalen???


Ich kann Killbox nicht benutzen, da kommt immer:

[...]Killbox.exe ist keine zulässige Win32-Anwendung.
Dieser Beitrag wurde am 08.10.2007 um 15:57 Uhr von No.Way.Out editiert.
Seitenanfang Seitenende
08.10.2007, 16:57
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#10 Hi,

versuche die Killbox umzubenennen (z. B. k.com),
prüfe ob sie dann läuft (da hat sich aber einer
Mühe gegeben beim Programmieren von seinem
Trojaner!)!

Alternativ:
Avenger:
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat


Files to delete:
C:\WINDOWS\SYSTEM32\xxyvtqo.dll
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

Die Datei sollte auf jeden Fall weg (kannst Sie ja mal bei virustotal scannen lassen):
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

Zitat

C:\WINDOWS\SYSTEM32\xxyvtqo.dll
Chris

Ps.: Wenn die Probleme weiter bestehen, ich bin morgen/übermorgen unterwegs und nicht erreichbar -> Arnold oder Raman ansprechen!
Dieser Beitrag wurde am 08.10.2007 um 17:18 Uhr von Chris4You editiert.
Seitenanfang Seitenende
08.10.2007, 17:17
No.Way.Out
Member

Themenstarter

Beiträge: 13
#11 Da kommt dann:

Error: selected files does not appear to be a valid script
Seitenanfang Seitenende
08.10.2007, 17:24
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#12 Hi,

nicht Zitat mit rein kopieren!

Chris
Seitenanfang Seitenende
08.10.2007, 17:26
No.Way.Out
Member

Themenstarter

Beiträge: 13
#13 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fkdebbec

*******************

Script file located at: \??\C:\tyvjcxsb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\xxyvtqo.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
08.10.2007, 17:28
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#14 Hi,

jetzt noch die Einträge wie beschrieben mit HJ-fixen,
neues HJ-Log erstellen und Posten.

Habe Arni eine pm geschrieben, da ich jetzt dann weg bin....

chris
Seitenanfang Seitenende
08.10.2007, 17:28
No.Way.Out
Member

Themenstarter

Beiträge: 13
#15 Logfile of HijackThis v1.99.1
Scan saved at 17:28:28, on 08.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Raven Projekt\Desktop\1_99_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9946A3BA-62C5-4900-B6F3-67E278363948} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: {ba7693ab-e3c2-bada-16f4-42a6e0c3ca9a} - {a9ac3c0e-6a24-4f61-adab-2c3eba3967ab} - C:\WINDOWS\system32\utqetavi.dll (file missing)
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Trust\250S Series\lwbwheel.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Der TR/Vundo.gen ist weiterhin drauf.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12