Home » Spyware & Browser Hijacker Support Forum » Problem mit WinAntiVirusPro2006 » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Problem mit WinAntiVirusPro2006

Thema ist geschlossen!

19.10.2006, 17:05

computerfreak

...neu hier

Beiträge: 10

#1 Bei mir öffnen sich immer wieder Pop Up Fenster von WinAntiVirus2006 sowohl beim IE als auch bei Firefox. Normale Software kann ihn nicht entfernen. Vllt wisst ihr ja was ich noch probieren könnte. Anbei die Scanns von Hijack, combofix und datfind.

Logfile of HijackThis v1.99.1
Scan saved at 16:59:38, on 19.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\lg_fwupdate\fwupdate.exe
C:\Programme\NETGEAR\WPN111 Konfigurationsprogramm\wpn111.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094888310937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Besitzer - 19.10.2006 16:23:17,93 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Besitzer\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2019-09-06 to 2019.10.2006 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="atiptaxx.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LGODDFU"="C:\\Programme\\lg_fwupdate\\fwupdate.exe blrun"
"CloneCDElbyCDFL"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"="C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\DJSNETCN.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rdvldl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Norton QuickScan ausfhren - Besitzer.job
C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Besitzer.job

Completion time: 19.10.2006 16:24:57,17
C:\ComboFix.txt ... 19.10.2006 16:24
C:\ComboFix2.txt ... 27.09.2006 18:50

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\

19.10.2006 16:34 0 sys.txt
19.10.2006 16:33 567 down.txt
19.10.2006 16:33 327 tmp.txt
19.10.2006 16:32 12.896 system.txt
19.10.2006 16:32 523 systemtemp.txt
19.10.2006 16:31 107.538 system32.txt
19.10.2006 16:24 4.926 ComboFix.txt
19.10.2006 12:10 805.306.368 pagefile.sys
27.09.2006 18:50 14.877 ComboFix2.txt
25.08.2006 11:25 32 installer_debug.txt
07.06.2006 18:10 211 boot.ini
07.06.2006 17:58 47.564 NTDETECT.COM
07.06.2006 17:58 251.184 ntldr

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS\system32

19.10.2006 16:28 12.598 wpa.dbl
18.10.2006 19:41 118.152 FNTCACHE.DAT
17.10.2006 17:25 10.646 KGyGaAvL.sys
14.10.2006 13:07 401.064 perfh009.dat
14.10.2006 13:07 62.344 perfc009.dat
14.10.2006 13:07 415.470 perfh007.dat
14.10.2006 13:07 74.996 perfc007.dat
14.10.2006 13:07 927.022 PerfStringBackup.INI
07.10.2006 14:53 12.540 wpa.bak
04.10.2006 13:03 9.639.336 MRT.exe
28.09.2006 18:30 73.748 gomssxaf.dll
26.09.2006 16:49 16.832 amcompat.tlb
26.09.2006 16:49 23.392 nscompat.tlb
15.09.2006 22:04 48.816 S32EVNT1.DLL
13.09.2006 07:02 1.084.416 msxml3.dll
04.09.2006 15:47 102.420 tybcmyfi.dll
04.09.2006 08:12 1.494.016 shdocvw.dll
03.09.2006 19:29 102.420 xylmjnre.dll
03.09.2006 17:13 102.420 kvtovkhl.dll
03.09.2006 12:50 102.420 frjmsqpq.dll
03.09.2006 08:14 102.420 yitkqpll.dll
02.09.2006 21:56 102.420 dbjtkphy.dll
25.08.2006 17:46 617.472 comctl32.dll
25.08.2006 12:58 13.844 jrtmjicj.exe
25.08.2006 10:53 13.844 xpogusju.exe
25.08.2006 07:56 13.844 salqmcjh.exe
24.08.2006 19:36 13.844 qaungkqh.exe
24.08.2006 12:08 13.844 eidesvsa.exe
24.08.2006 09:58 13.844 ortjpnsl.exe
24.08.2006 07:44 13.844 kcjqqgfc.exe
23.08.2006 16:04 13.844 peohsdub.exe
23.08.2006 14:23 143 mcrh.tmp
23.08.2006 14:18 13.844 cmacemnx.exe
23.08.2006 13:45 13.844 gseouyqh.exe
23.08.2006 12:48 13.844 psohoknt.exe
23.08.2006 09:25 13.844 mvsqjpxo.exe
23.08.2006 08:35 13.844 jxkbypfu.exe
23.08.2006 04:11 307.200 atiiiexx.dll
23.08.2006 03:53 260.096 ati2dvag.dll
23.08.2006 03:47 114.688 atipdlxx.dll
23.08.2006 03:46 77.824 Oemdspif.dll
23.08.2006 03:46 26.112 Ati2mdxx.exe
23.08.2006 03:46 41.984 ati2edxx.dll
23.08.2006 03:46 86.016 ati2evxx.dll
23.08.2006 03:45 413.696 ati2evxx.exe
23.08.2006 03:44 53.248 ATIDDC.DLL
23.08.2006 03:38 2.401.984 ati3duag.dll
23.08.2006 03:33 303.104 ATIDEMGR.dll
23.08.2006 03:33 2.510.752 ativvaxx.dll
23.08.2006 03:27 6.684.672 atioglx1.dll
23.08.2006 03:24 5.140.480 atioglxx.dll
23.08.2006 03:21 221.184 atikvmag.dll
23.08.2006 03:19 17.408 atitvo32.dll
23.08.2006 03:14 290.816 ati2cqag.dll
22.08.2006 21:05 520.192 ati2sgag.exe
22.08.2006 19:55 13.844 nlvxcnsu.exe
22.08.2006 19:12 13.844 jxudnsrh.exe
22.08.2006 15:42 13.844 nxnwemcs.exe
22.08.2006 10:44 13.844 jbpowkac.exe
22.08.2006 09:17 13.844 exarexqy.exe
21.08.2006 20:17 13.844 sorhfogn.exe
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
17.08.2006 17:42 13.844 dkhygkcu.exe
17.08.2006 14:31 12.308 wtimctch.exe
17.08.2006 14:31 12.308 utktnbva.exe
17.08.2006 11:41 12.308 skxspkmn.exe
17.08.2006 11:41 12.308 hsvikuaw.exe
17.08.2006 09:04 12.308 bbucqviy.exe
17.08.2006 09:04 12.308 ymfakklf.exe
17.08.2006 08:03 12.308 nulbfgjf.exe
17.08.2006 08:03 12.308 bwburmpx.exe
16.08.2006 20:03 12.308 wqbwjoqc.exe
16.08.2006 20:03 12.308 ojjutetj.exe
16.08.2006 19:52 133.583 atiicdxx.dat
16.08.2006 19:01 12.308 nohdeyxn.exe
16.08.2006 19:01 12.308 vugntdbr.exe
16.08.2006 13:58 100.352 6to4svc.dll
07.08.2006 16:02 534.208 SymNeti.dll
07.08.2006 16:02 161.472 SymRedir.dll
03.08.2006 17:34 466.944 capicom.dll
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
26.07.2006 16:39 320 results.txt
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
11.07.2006 15:26 579.853 gjllm.tmp
07.07.2006 21:05 5.308 d3d9caps.dat
05.07.2006 12:55 1.057.792 kernel32.dll
01.07.2006 13:51 237.568 lame_enc.dll

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp

19.10.2006 16:29 16.384 Perflib_Perfdata_534.dat
19.10.2006 16:29 16.384 Perflib_Perfdata_af8.dat
19.10.2006 16:29 16.384 Perflib_Perfdata_474.dat
19.10.2006 16:28 16.384 ~DF35E3.tmp
19.10.2006 12:11 16.384 ~DFB808.tmp
5 Datei(en) 81.920 Bytes
0 Verzeichnis(se), 31.593.009.152 Bytes frei

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS\Temp

19.10.2006 16:28 409 WGANotify.settings
19.10.2006 16:28 255 WGAErrLog.txt
2 Datei(en) 664 Bytes
0 Verzeichnis(se), 31.598.030.848 Bytes frei

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS

19.10.2006 16:28 357 lgfwup.ini
19.10.2006 16:28 1.194.953 WindowsUpdate.log
19.10.2006 16:11 216.874 setupapi.log
19.10.2006 12:12 0 0.log
19.10.2006 12:11 159 wiadebug.log
19.10.2006 12:11 50 wiaservc.log
19.10.2006 12:10 2.048 bootstat.dat
18.10.2006 20:04 32.568 SchedLgU.Txt
15.10.2006 11:20 1.006 KLETT.INI
14.10.2006 13:10 169.064 iis6.log
14.10.2006 13:10 297.508 comsetup.log
14.10.2006 13:10 231.999 ntdtcsetup.log
14.10.2006 13:10 442.203 tsoc.log
14.10.2006 13:10 1.393 imsins.log
14.10.2006 13:10 60.774 ocmsn.log
14.10.2006 13:10 13.060 KB924191.log
14.10.2006 13:10 498.795 ocgen.log
14.10.2006 13:10 57.340 msgsocm.log
14.10.2006 13:10 1.099.282 FaxSetup.log
14.10.2006 13:10 61.367 updspapi.log
14.10.2006 13:10 1.393 imsins.BAK
14.10.2006 13:10 12.814 KB922819.log
14.10.2006 13:09 11.469 KB923414.log
14.10.2006 13:09 11.577 KB924496.log
14.10.2006 13:03 8.821 KB923191.log
14.10.2006 09:20 10.184 setupact.log
13.10.2006 21:44 127.338 wmsetup.log
09.10.2006 19:33 10.944 mozver.dat
07.10.2006 14:53 42.102 setuplog.txt
07.10.2006 11:50 868 win.ini
28.09.2006 14:16 34.590 LUINSTALL.LOG
27.09.2006 14:15 10.595 KB925486.log
26.09.2006 18:35 106.237 spupdsvc.log
26.09.2006 17:34 20.167 KB917734.log
26.09.2006 16:50 460 wmsetup10.log
25.09.2006 14:24 0 setuperr.log
22.09.2006 21:19 1.017 ATICIM.INI
13.09.2006 13:38 13.035 KB920872.log
13.09.2006 13:38 11.371 KB920685.log
13.09.2006 13:37 11.569 KB919007.log
13.09.2006 13:37 7.714 KB922582.log
19.08.2006 12:50 614.654 dp2_log.txt
10.08.2006 19:52 7.057 ODBC.INI
10.08.2006 19:51 4.554 ODBCINST.INI
08.08.2006 20:27 16.041 KB920214.log
08.08.2006 20:27 16.035 KB922616.log
08.08.2006 20:27 16.493 KB921398.log
08.08.2006 20:27 19.670 KB918899.log
08.08.2006 20:26 11.900 KB920670.log
08.08.2006 20:26 12.057 KB917422.log
08.08.2006 20:25 12.354 KB920683.log
08.08.2006 20:02 11.123 KB921883.log
01.08.2006 18:32 1.025 Wininit.ini
01.08.2006 18:32 156 TMPCPYIS.BAT
01.08.2006 18:32 122 TMPDELIS.BAT
31.07.2006 13:13 138.900 DirectX.log
12.07.2006 14:10 11.835 KB917159.log
12.07.2006 14:10 12.371 KB914388.log
12.07.2006 14:10 10.360 KB916595.log
11.07.2006 16:41 0 Radeon Omega Drivers v3.8.252 Uninstall Log.txt
10.07.2006 16:09 67.863 Omega Drivers v3.8.252.log
10.07.2006 16:09 451.072 Radeon Omega Drivers v3.8.252 Uninstall.exe
10.07.2006 15:37 11.747 KB904942.log
10.07.2006 15:36 8.736 KB891122.log
10.07.2006 15:36 316.640 WMSysPr9.prx

Falls ihr noch ein paar Berichte braucht bitte sagen! Danke!

20.10.2006, 01:50

Sabina

Ehrenmitglied

Beiträge: 29434

#2 computerfreak

1.
arbeite vundofix ab und poste nach neustart den report
http://virus-protect.org/artikel/tools/vundofixx.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rdvldl

Files to delete:
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\gomssxaf.dll
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\tybcmyfi.dll
C:\WINDOWS\system32\xylmjnre.dll
C:\WINDOWS\system32\kvtovkhl.dll
C:\WINDOWS\system32\frjmsqpq.dll
C:\WINDOWS\system32\yitkqpll.dll
C:\WINDOWS\system32\dbjtkphy.dll
C:\WINDOWS\system32\jrtmjicj.exe
C:\WINDOWS\system32\xpogusju.exe
C:\WINDOWS\system32\salqmcjh.exe
C:\WINDOWS\system32\qaungkqh.exe
C:\WINDOWS\system32\eidesvsa.exe
C:\WINDOWS\system32\ortjpnsl.exe
C:\WINDOWS\system32\kcjqqgfc.exe
C:\WINDOWS\system32\peohsdub.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\cmacemnx.exe
C:\WINDOWS\system32\gseouyqh.exe
C:\WINDOWS\system32\psohoknt.exe
C:\WINDOWS\system32\mvsqjpxo.exe
C:\WINDOWS\system32\jxkbypfu.exe
C:\WINDOWS\system32\nlvxcnsu.exe
C:\WINDOWS\system32\jxudnsrh.exe
C:\WINDOWS\system32\nxnwemcs.exe
C:\WINDOWS\system32\jbpowkac.exe
C:\WINDOWS\system32\exarexqy.exe
C:\WINDOWS\system32\sorhfogn.exe
C:\WINDOWS\system32\dkhygkcu.exe
C:\WINDOWS\system32\wtimctch.exe
C:\WINDOWS\system32\utktnbva.exe
C:\WINDOWS\system32\skxspkmn.exe
C:\WINDOWS\system32\hsvikuaw.exe
C:\WINDOWS\system32\bbucqviy.exe
C:\WINDOWS\system32\ymfakklf.exe
C:\WINDOWS\system32\nulbfgjf.exe
C:\WINDOWS\system32\bwburmpx.exe
C:\WINDOWS\system32\wqbwjoqc.exe
C:\WINDOWS\system32\ojjutetj.exe
C:\WINDOWS\system32\atiicdxx.dat
C:\WINDOWS\system32\nohdeyxn.exe
C:\WINDOWS\system32\vugntdbr.exe
C:\WINDOWS\system32\gjllm.tmp

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint

**
poste die 6 logs von datfindbat
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

20.10.2006, 16:24

computerfreak

...neu hier

Themenstarter

Beiträge: 10

#3 Vielen Dank für die Antwort. Habe alles wie vorgegeben durchgeführt.

VundoFix V6.2.6

Checking Java version...

Sun Java not detected
Scan started at 15:46:12 20.10.2006

Listing files found while scanning....

C:\WINDOWS\system32\dbjtkphy.dll
C:\WINDOWS\system32\frjmsqpq.dll
C:\WINDOWS\system32\gomssxaf.dll
C:\WINDOWS\system32\kvtovkhl.dll
C:\WINDOWS\system32\bbucqviy.exe
C:\WINDOWS\system32\bwburmpx.exe
C:\WINDOWS\system32\cmacemnx.exe
C:\WINDOWS\system32\dkhygkcu.exe
C:\WINDOWS\system32\eidesvsa.exe
C:\WINDOWS\system32\exarexqy.exe
C:\WINDOWS\system32\gseouyqh.exe
C:\WINDOWS\system32\hsvikuaw.exe
C:\WINDOWS\system32\jbpowkac.exe
C:\WINDOWS\system32\jrtmjicj.exe
C:\WINDOWS\system32\jxkbypfu.exe
C:\WINDOWS\system32\jxudnsrh.exe
C:\WINDOWS\system32\kcjqqgfc.exe
C:\WINDOWS\system32\mvsqjpxo.exe
C:\WINDOWS\system32\nlvxcnsu.exe
C:\WINDOWS\system32\nohdeyxn.exe
C:\WINDOWS\system32\nulbfgjf.exe
C:\WINDOWS\system32\nxnwemcs.exe
C:\WINDOWS\system32\ojjutetj.exe
C:\WINDOWS\system32\ortjpnsl.exe
C:\WINDOWS\system32\peohsdub.exe
C:\WINDOWS\system32\psohoknt.exe
C:\WINDOWS\system32\qaungkqh.exe
C:\WINDOWS\system32\salqmcjh.exe
C:\WINDOWS\system32\skxspkmn.exe
C:\WINDOWS\system32\sorhfogn.exe
C:\WINDOWS\system32\utktnbva.exe
C:\WINDOWS\system32\vugntdbr.exe
C:\WINDOWS\system32\wqbwjoqc.exe
C:\WINDOWS\system32\wtimctch.exe
C:\WINDOWS\system32\xpogusju.exe
C:\WINDOWS\system32\ymfakklf.exe
C:\WINDOWS\system\rdvldl.dll
C:\WINDOWS\system\ldlvdr.ini
C:\WINDOWS\system\ldlvdr.bak1
C:\WINDOWS\system\ldlvdr.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dbjtkphy.dll
C:\WINDOWS\system32\dbjtkphy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\frjmsqpq.dll
C:\WINDOWS\system32\frjmsqpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gomssxaf.dll
C:\WINDOWS\system32\gomssxaf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvtovkhl.dll
C:\WINDOWS\system32\kvtovkhl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbucqviy.exe
C:\WINDOWS\system32\bbucqviy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bwburmpx.exe
C:\WINDOWS\system32\bwburmpx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cmacemnx.exe
C:\WINDOWS\system32\cmacemnx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dkhygkcu.exe
C:\WINDOWS\system32\dkhygkcu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\eidesvsa.exe
C:\WINDOWS\system32\eidesvsa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\exarexqy.exe
C:\WINDOWS\system32\exarexqy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gseouyqh.exe
C:\WINDOWS\system32\gseouyqh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hsvikuaw.exe
C:\WINDOWS\system32\hsvikuaw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jbpowkac.exe
C:\WINDOWS\system32\jbpowkac.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jrtmjicj.exe
C:\WINDOWS\system32\jrtmjicj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jxkbypfu.exe
C:\WINDOWS\system32\jxkbypfu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jxudnsrh.exe
C:\WINDOWS\system32\jxudnsrh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kcjqqgfc.exe
C:\WINDOWS\system32\kcjqqgfc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvsqjpxo.exe
C:\WINDOWS\system32\mvsqjpxo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nlvxcnsu.exe
C:\WINDOWS\system32\nlvxcnsu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nohdeyxn.exe
C:\WINDOWS\system32\nohdeyxn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nulbfgjf.exe
C:\WINDOWS\system32\nulbfgjf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nxnwemcs.exe
C:\WINDOWS\system32\nxnwemcs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojjutetj.exe
C:\WINDOWS\system32\ojjutetj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ortjpnsl.exe
C:\WINDOWS\system32\ortjpnsl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\peohsdub.exe
C:\WINDOWS\system32\peohsdub.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\psohoknt.exe
C:\WINDOWS\system32\psohoknt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qaungkqh.exe
C:\WINDOWS\system32\qaungkqh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\salqmcjh.exe
C:\WINDOWS\system32\salqmcjh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\skxspkmn.exe
C:\WINDOWS\system32\skxspkmn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sorhfogn.exe
C:\WINDOWS\system32\sorhfogn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\utktnbva.exe
C:\WINDOWS\system32\utktnbva.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vugntdbr.exe
C:\WINDOWS\system32\vugntdbr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqbwjoqc.exe
C:\WINDOWS\system32\wqbwjoqc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wtimctch.exe
C:\WINDOWS\system32\wtimctch.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xpogusju.exe
C:\WINDOWS\system32\xpogusju.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ymfakklf.exe
C:\WINDOWS\system32\ymfakklf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system\rdvldl.dll
C:\WINDOWS\system\rdvldl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system\ldlvdr.ini
C:\WINDOWS\system\ldlvdr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system\ldlvdr.bak1
C:\WINDOWS\system\ldlvdr.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system\ldlvdr.bak2
C:\WINDOWS\system\ldlvdr.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system\rdvldl.dll
C:\WINDOWS\system\rdvldl.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gycqhwgw

*******************

Script file located at: \??\C:\upbqkklk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\lgfwup.ini deleted successfully.

File C:\WINDOWS\system32\gomssxaf.dll not found!
Deletion of file C:\WINDOWS\system32\gomssxaf.dll failed!

Could not process line:
C:\WINDOWS\system32\gomssxaf.dll
Status: 0xc0000034

File C:\WINDOWS\system32\amcompat.tlb deleted successfully.
File C:\WINDOWS\system32\nscompat.tlb deleted successfully.
File C:\WINDOWS\system32\tybcmyfi.dll deleted successfully.
File C:\WINDOWS\system32\xylmjnre.dll deleted successfully.

File C:\WINDOWS\system32\kvtovkhl.dll not found!
Deletion of file C:\WINDOWS\system32\kvtovkhl.dll failed!

Could not process line:
C:\WINDOWS\system32\kvtovkhl.dll
Status: 0xc0000034

File C:\WINDOWS\system32\frjmsqpq.dll not found!
Deletion of file C:\WINDOWS\system32\frjmsqpq.dll failed!

Could not process line:
C:\WINDOWS\system32\frjmsqpq.dll
Status: 0xc0000034

File C:\WINDOWS\system32\yitkqpll.dll deleted successfully.

File C:\WINDOWS\system32\dbjtkphy.dll not found!
Deletion of file C:\WINDOWS\system32\dbjtkphy.dll failed!

Could not process line:
C:\WINDOWS\system32\dbjtkphy.dll
Status: 0xc0000034

File C:\WINDOWS\system32\jrtmjicj.exe not found!
Deletion of file C:\WINDOWS\system32\jrtmjicj.exe failed!

Could not process line:
C:\WINDOWS\system32\jrtmjicj.exe
Status: 0xc0000034

File C:\WINDOWS\system32\xpogusju.exe not found!
Deletion of file C:\WINDOWS\system32\xpogusju.exe failed!

Could not process line:
C:\WINDOWS\system32\xpogusju.exe
Status: 0xc0000034

File C:\WINDOWS\system32\salqmcjh.exe not found!
Deletion of file C:\WINDOWS\system32\salqmcjh.exe failed!

Could not process line:
C:\WINDOWS\system32\salqmcjh.exe
Status: 0xc0000034

File C:\WINDOWS\system32\qaungkqh.exe not found!
Deletion of file C:\WINDOWS\system32\qaungkqh.exe failed!

Could not process line:
C:\WINDOWS\system32\qaungkqh.exe
Status: 0xc0000034

File C:\WINDOWS\system32\eidesvsa.exe not found!
Deletion of file C:\WINDOWS\system32\eidesvsa.exe failed!

Could not process line:
C:\WINDOWS\system32\eidesvsa.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ortjpnsl.exe not found!
Deletion of file C:\WINDOWS\system32\ortjpnsl.exe failed!

Could not process line:
C:\WINDOWS\system32\ortjpnsl.exe
Status: 0xc0000034

File C:\WINDOWS\system32\kcjqqgfc.exe not found!
Deletion of file C:\WINDOWS\system32\kcjqqgfc.exe failed!

Could not process line:
C:\WINDOWS\system32\kcjqqgfc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\peohsdub.exe not found!
Deletion of file C:\WINDOWS\system32\peohsdub.exe failed!

Could not process line:
C:\WINDOWS\system32\peohsdub.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mcrh.tmp deleted successfully.

File C:\WINDOWS\system32\cmacemnx.exe not found!
Deletion of file C:\WINDOWS\system32\cmacemnx.exe failed!

Could not process line:
C:\WINDOWS\system32\cmacemnx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\gseouyqh.exe not found!
Deletion of file C:\WINDOWS\system32\gseouyqh.exe failed!

Could not process line:
C:\WINDOWS\system32\gseouyqh.exe
Status: 0xc0000034

File C:\WINDOWS\system32\psohoknt.exe not found!
Deletion of file C:\WINDOWS\system32\psohoknt.exe failed!

Could not process line:
C:\WINDOWS\system32\psohoknt.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mvsqjpxo.exe not found!
Deletion of file C:\WINDOWS\system32\mvsqjpxo.exe failed!

Could not process line:
C:\WINDOWS\system32\mvsqjpxo.exe
Status: 0xc0000034

File C:\WINDOWS\system32\jxkbypfu.exe not found!
Deletion of file C:\WINDOWS\system32\jxkbypfu.exe failed!

Could not process line:
C:\WINDOWS\system32\jxkbypfu.exe
Status: 0xc0000034

File C:\WINDOWS\system32\nlvxcnsu.exe not found!
Deletion of file C:\WINDOWS\system32\nlvxcnsu.exe failed!

Could not process line:
C:\WINDOWS\system32\nlvxcnsu.exe
Status: 0xc0000034

File C:\WINDOWS\system32\jxudnsrh.exe not found!
Deletion of file C:\WINDOWS\system32\jxudnsrh.exe failed!

Could not process line:
C:\WINDOWS\system32\jxudnsrh.exe
Status: 0xc0000034

File C:\WINDOWS\system32\nxnwemcs.exe not found!
Deletion of file C:\WINDOWS\system32\nxnwemcs.exe failed!

Could not process line:
C:\WINDOWS\system32\nxnwemcs.exe
Status: 0xc0000034

File C:\WINDOWS\system32\jbpowkac.exe not found!
Deletion of file C:\WINDOWS\system32\jbpowkac.exe failed!

Could not process line:
C:\WINDOWS\system32\jbpowkac.exe
Status: 0xc0000034

File C:\WINDOWS\system32\exarexqy.exe not found!
Deletion of file C:\WINDOWS\system32\exarexqy.exe failed!

Could not process line:
C:\WINDOWS\system32\exarexqy.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sorhfogn.exe not found!
Deletion of file C:\WINDOWS\system32\sorhfogn.exe failed!

Could not process line:
C:\WINDOWS\system32\sorhfogn.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dkhygkcu.exe not found!
Deletion of file C:\WINDOWS\system32\dkhygkcu.exe failed!

Could not process line:
C:\WINDOWS\system32\dkhygkcu.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wtimctch.exe not found!
Deletion of file C:\WINDOWS\system32\wtimctch.exe failed!

Could not process line:
C:\WINDOWS\system32\wtimctch.exe
Status: 0xc0000034

File C:\WINDOWS\system32\utktnbva.exe not found!
Deletion of file C:\WINDOWS\system32\utktnbva.exe failed!

Could not process line:
C:\WINDOWS\system32\utktnbva.exe
Status: 0xc0000034

File C:\WINDOWS\system32\skxspkmn.exe not found!
Deletion of file C:\WINDOWS\system32\skxspkmn.exe failed!

Could not process line:
C:\WINDOWS\system32\skxspkmn.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hsvikuaw.exe not found!
Deletion of file C:\WINDOWS\system32\hsvikuaw.exe failed!

Could not process line:
C:\WINDOWS\system32\hsvikuaw.exe
Status: 0xc0000034

File C:\WINDOWS\system32\bbucqviy.exe not found!
Deletion of file C:\WINDOWS\system32\bbucqviy.exe failed!

Could not process line:
C:\WINDOWS\system32\bbucqviy.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ymfakklf.exe not found!
Deletion of file C:\WINDOWS\system32\ymfakklf.exe failed!

Could not process line:
C:\WINDOWS\system32\ymfakklf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\nulbfgjf.exe not found!
Deletion of file C:\WINDOWS\system32\nulbfgjf.exe failed!

Could not process line:
C:\WINDOWS\system32\nulbfgjf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\bwburmpx.exe not found!
Deletion of file C:\WINDOWS\system32\bwburmpx.exe failed!

Could not process line:
C:\WINDOWS\system32\bwburmpx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wqbwjoqc.exe not found!
Deletion of file C:\WINDOWS\system32\wqbwjoqc.exe failed!

Could not process line:
C:\WINDOWS\system32\wqbwjoqc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ojjutetj.exe not found!
Deletion of file C:\WINDOWS\system32\ojjutetj.exe failed!

Could not process line:
C:\WINDOWS\system32\ojjutetj.exe
Status: 0xc0000034

File C:\WINDOWS\system32\atiicdxx.dat deleted successfully.

File C:\WINDOWS\system32\nohdeyxn.exe not found!
Deletion of file C:\WINDOWS\system32\nohdeyxn.exe failed!

Could not process line:
C:\WINDOWS\system32\nohdeyxn.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vugntdbr.exe not found!
Deletion of file C:\WINDOWS\system32\vugntdbr.exe failed!

Could not process line:
C:\WINDOWS\system32\vugntdbr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\gjllm.tmp deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rdvldl not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rdvldl failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\

20.10.2006 16:20 0 sys.txt
20.10.2006 16:19 567 down.txt
20.10.2006 16:19 327 tmp.txt
20.10.2006 16:19 12.896 system.txt
20.10.2006 16:18 1.635 systemtemp.txt
20.10.2006 16:18 105.395 system32.txt
20.10.2006 16:16 16.632 avenger.txt
20.10.2006 16:15 805.306.368 pagefile.sys
19.10.2006 16:35 2.090 DirDPF.txt
19.10.2006 16:35 2 DirDPFCns.txt
19.10.2006 16:24 4.926 ComboFix.txt
27.09.2006 18:50 14.877 ComboFix2.txt
25.08.2006 11:25 32 installer_debug.txt
07.06.2006 18:10 211 boot.ini
07.06.2006 17:58 47.564 NTDETECT.COM
07.06.2006 17:58 251.184 ntldr

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS\system32

20.10.2006 16:16 12.598 wpa.dbl
20.10.2006 16:16 0 atiicdxx.dat
18.10.2006 19:41 118.152 FNTCACHE.DAT
17.10.2006 17:25 10.646 KGyGaAvL.sys
14.10.2006 13:07 401.064 perfh009.dat
14.10.2006 13:07 415.470 perfh007.dat
14.10.2006 13:07 62.344 perfc009.dat
14.10.2006 13:07 74.996 perfc007.dat
14.10.2006 13:07 927.022 PerfStringBackup.INI
07.10.2006 14:53 12.540 wpa.bak
04.10.2006 13:03 9.639.336 MRT.exe
15.09.2006 22:04 48.816 S32EVNT1.DLL
13.09.2006 07:02 1.084.416 msxml3.dll
04.09.2006 08:12 1.494.016 shdocvw.dll
25.08.2006 17:46 617.472 comctl32.dll
23.08.2006 04:11 307.200 atiiiexx.dll
23.08.2006 03:53 260.096 ati2dvag.dll
23.08.2006 03:47 114.688 atipdlxx.dll
23.08.2006 03:46 77.824 Oemdspif.dll
23.08.2006 03:46 26.112 Ati2mdxx.exe
23.08.2006 03:46 41.984 ati2edxx.dll
23.08.2006 03:46 86.016 ati2evxx.dll
23.08.2006 03:45 413.696 ati2evxx.exe
23.08.2006 03:44 53.248 ATIDDC.DLL
23.08.2006 03:38 2.401.984 ati3duag.dll
23.08.2006 03:33 303.104 ATIDEMGR.dll
23.08.2006 03:33 2.510.752 ativvaxx.dll
23.08.2006 03:27 6.684.672 atioglx1.dll
23.08.2006 03:24 5.140.480 atioglxx.dll
23.08.2006 03:21 221.184 atikvmag.dll
23.08.2006 03:19 17.408 atitvo32.dll
23.08.2006 03:14 290.816 ati2cqag.dll
22.08.2006 21:05 520.192 ati2sgag.exe
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
16.08.2006 13:58 100.352 6to4svc.dll
07.08.2006 16:02 534.208 SymNeti.dll
07.08.2006 16:02 161.472 SymRedir.dll
03.08.2006 17:34 466.944 capicom.dll
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
26.07.2006 16:39 320 results.txt
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
07.07.2006 21:05 5.308 d3d9caps.dat
05.07.2006 12:55 1.057.792 kernel32.dll
01.07.2006 13:51 237.568 lame_enc.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
23.06.2006 13:10 664.576 wininet.dll
23.06.2006 13:10 146.432 msrating.dll
23.06.2006 13:10 39.424 pngfilt.dll
23.06.2006 13:10 448.512 mshtmled.dll
23.06.2006 13:10 474.624 shlwapi.dll
23.06.2006 13:10 532.480 mstime.dll
23.06.2006 13:10 205.312 dxtrans.dll
23.06.2006 13:10 357.888 dxtmsft.dll

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp

20.10.2006 16:17 512 ~DFB790.tmp
20.10.2006 16:17 16.384 ~DF2CAC.tmp
20.10.2006 16:17 512 ~DFD1E1.tmp
20.10.2006 16:17 16.384 ~DFCE47.tmp
20.10.2006 16:17 16.384 Perflib_Perfdata_ec0.dat
20.10.2006 16:16 16.384 Perflib_Perfdata_7f0.dat
20.10.2006 16:16 16.384 ~DFDCDB.tmp
20.10.2006 16:11 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}23740.html
20.10.2006 16:11 16.384 ~DF9B8A.tmp
20.10.2006 16:11 16.384 ~DF84A8.tmp
20.10.2006 16:09 16.384 ~DF9335.tmp
20.10.2006 16:07 32.768 ~DFAF8B.tmp
20.10.2006 16:06 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}1903.html
20.10.2006 15:46 32.768 ~DFF154.tmp
20.10.2006 15:44 16.384 ~DFD6C0.tmp
20.10.2006 15:43 512 ~DF7883.tmp
20.10.2006 15:43 16.384 ~DF771D.tmp
20.10.2006 15:43 16.384 Perflib_Perfdata_ec8.dat
20.10.2006 15:43 16.384 Perflib_Perfdata_a88.dat
20.10.2006 15:40 16.384 Perflib_Perfdata_44c.dat
20.10.2006 15:40 16.384 ~DF98D0.tmp
19.10.2006 21:12 16.384 ~DF9756.tmp
19.10.2006 19:14 416 java_install_reg.log
19.10.2006 18:56 16.384 ~DF9EA3.tmp
19.10.2006 16:28 16.384 ~DF35E3.tmp
25 Datei(en) 347.977 Bytes
0 Verzeichnis(se), 31.637.790.720 Bytes frei

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS\Temp

20.10.2006 16:16 409 WGANotify.settings
20.10.2006 16:16 43 WGAErrLog.txt
2 Datei(en) 452 Bytes
0 Verzeichnis(se), 31.637.700.608 Bytes frei

Datentr„ger in Laufwerk C: ist Win XP
Volumeseriennummer: F4D9-B7B7

Verzeichnis von C:\WINDOWS

20.10.2006 16:16 0 0.log
20.10.2006 16:16 159 wiadebug.log
20.10.2006 16:16 136 lgfwup.ini
20.10.2006 16:16 50 wiaservc.log
20.10.2006 16:16 2.048 bootstat.dat
20.10.2006 16:15 32.568 SchedLgU.Txt
20.10.2006 16:15 1.217.975 WindowsUpdate.log
19.10.2006 17:29 10.244 setupact.log
19.10.2006 16:11 216.874 setupapi.log
15.10.2006 11:20 1.006 KLETT.INI
14.10.2006 13:10 169.064 iis6.log
14.10.2006 13:10 297.508 comsetup.log
14.10.2006 13:10 231.999 ntdtcsetup.log
14.10.2006 13:10 1.393 imsins.log
14.10.2006 13:10 442.203 tsoc.log
14.10.2006 13:10 60.774 ocmsn.log
14.10.2006 13:10 13.060 KB924191.log
14.10.2006 13:10 498.795 ocgen.log
14.10.2006 13:10 57.340 msgsocm.log
14.10.2006 13:10 1.099.282 FaxSetup.log
14.10.2006 13:10 61.367 updspapi.log
14.10.2006 13:10 1.393 imsins.BAK
14.10.2006 13:10 12.814 KB922819.log
14.10.2006 13:09 11.469 KB923414.log
14.10.2006 13:09 11.577 KB924496.log
14.10.2006 13:03 8.821 KB923191.log
13.10.2006 21:44 127.338 wmsetup.log
09.10.2006 19:33 10.944 mozver.dat
07.10.2006 14:53 42.102 setuplog.txt
07.10.2006 11:50 868 win.ini
28.09.2006 14:16 34.590 LUINSTALL.LOG
27.09.2006 14:15 10.595 KB925486.log
26.09.2006 18:35 106.237 spupdsvc.log
26.09.2006 17:34 20.167 KB917734.log
26.09.2006 16:50 460 wmsetup10.log
25.09.2006 14:24 0 setuperr.log
22.09.2006 21:19 1.017 ATICIM.INI
13.09.2006 13:38 13.035 KB920872.log
13.09.2006 13:38 11.371 KB920685.log
13.09.2006 13:37 11.569 KB919007.log
13.09.2006 13:37 7.714 KB922582.log
19.08.2006 12:50 614.654 dp2_log.txt
10.08.2006 19:52 7.057 ODBC.INI
10.08.2006 19:51 4.554 ODBCINST.INI
08.08.2006 20:27 16.041 KB920214.log
08.08.2006 20:27 16.035 KB922616.log
08.08.2006 20:27 16.493 KB921398.log
08.08.2006 20:27 19.670 KB918899.log
08.08.2006 20:26 11.900 KB920670.log
08.08.2006 20:26 12.057 KB917422.log
08.08.2006 20:25 12.354 KB920683.log
08.08.2006 20:02 11.123 KB921883.log
01.08.2006 18:32 1.025 Wininit.ini
01.08.2006 18:32 156 TMPCPYIS.BAT
01.08.2006 18:32 122 TMPDELIS.BAT
31.07.2006 13:13 138.900 DirectX.log
12.07.2006 14:10 11.835 KB917159.log
12.07.2006 14:10 12.371 KB914388.log
12.07.2006 14:10 10.360 KB916595.log
11.07.2006 16:41 0 Radeon Omega Drivers v3.8.252 Uninstall Log.txt
10.07.2006 16:09 67.863 Omega Drivers v3.8.252.log
10.07.2006 16:09 451.072 Radeon Omega Drivers v3.8.252 Uninstall.exe
10.07.2006 15:37 11.747 KB904942.log
10.07.2006 15:36 8.736 KB891122.log
10.07.2006 15:36 316.640 WMSysPr9.prx
28.06.2006 16:09 14.412 WgaNotify.log
22.06.2006 11:23 40.858 KB873339.log
21.06.2006 18:21 25.271 KB911565.log
21.06.2006 17:40 9.197 WGA.log
21.06.2006 17:16 13.093 ie7beta2Uninst.log
18.06.2006 17:01 11.695 ie7beta2_main.log
18.06.2006 17:00 19.805 ie7beta2.log
18.06.2006 16:58 3.451 KB915865.log
14.06.2006 21:16 14.217 KB918439.log
14.06.2006 21:16 14.576 KB917344.log
14.06.2006 21:16 14.351 KB917953.log
14.06.2006 21:16 14.329 KB911280.log
14.06.2006 21:16 17.611 KB916281.log
14.06.2006 21:16 11.527 KB914389.log
07.06.2006 19:59 45.504 KB899587.log
07.06.2006 19:59 36.986 KB896422.log
07.06.2006 19:59 35.980 KB885835.log

21.10.2006, 00:29

Sabina

Ehrenmitglied

Beiträge: 29434

#4 ich finde nichts mehr...
scanne mit ewido (Online) und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

21.10.2006, 13:16

computerfreak

...neu hier

Themenstarter

Beiträge: 10

#5 Habe mit ewido alles gescannt beim ersten Scann hat er einige Sache gefunden, allerdings kann er eine Datei nicht entfernen.

Erster EWIDO Bericht:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: Adware.BargainBuddy
Path: HKLM\SYSTEM\ControlSet001\Enum\DISPLAY\MBOE995\5&394cc5b0&0&10000080&01&00\LogConf
Risk: Medium

Name: Logger.VBStat.e
Path: C:\avenger\backup.zip/avenger/tybcmyfi.dll
Risk: High

Name: Logger.VBStat.e
Path: C:\avenger\backup.zip/avenger/xylmjnre.dll
Risk: High

Name: Logger.VBStat.e
Path: C:\avenger\backup.zip/avenger/yitkqpll.dll
Risk: High

Name: TrackingCookie.Mediaplex
Path: :mozilla.15:C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\8truaf2a.Standard-Benutzer\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.16:C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\8truaf2a.Standard-Benutzer\cookies.txt
Risk: Medium

Name: Logger.VBStat.e
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP505\A0138209.dll
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143210.exe
Risk: Low

Name: Trojan.Small.ju
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143237.exe
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143238.exe
Risk: Low

Name: Trojan.Small.ju
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143239.exe
Risk: High

Name: Logger.VBStat.e
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143261.dll
Risk: High

Name: Logger.VBStat.e
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143262.dll
Risk: High

Name: Logger.VBStat.e
Path: C:\System Volume Information\_restore{7AF93032-9770-48C8-A85F-D087672F3724}\RP525\A0143263.dll
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\bbucqviy.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\bwburmpx.exe.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\cmacemnx.exe.bad
Risk: Low

Name: Logger.VBStat.e
Path: C:\VundoFix Backups\dbjtkphy.dll.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\dkhygkcu.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\eidesvsa.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\exarexqy.exe.bad
Risk: Low

Name: Logger.VBStat.e
Path: C:\VundoFix Backups\frjmsqpq.dll.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\gseouyqh.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\hsvikuaw.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\jbpowkac.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\jrtmjicj.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\jxkbypfu.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\jxudnsrh.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\kcjqqgfc.exe.bad
Risk: Low

Name: Logger.VBStat.e
Path: C:\VundoFix Backups\kvtovkhl.dll.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\mvsqjpxo.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\nlvxcnsu.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\nohdeyxn.exe.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\nulbfgjf.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\nxnwemcs.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\ojjutetj.exe.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\ortjpnsl.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\peohsdub.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\psohoknt.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\qaungkqh.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\salqmcjh.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\skxspkmn.exe.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\sorhfogn.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\utktnbva.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\vugntdbr.exe.bad
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.i
Path: C:\VundoFix Backups\wqbwjoqc.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\wtimctch.exe.bad
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.r
Path: C:\VundoFix Backups\xpogusju.exe.bad
Risk: Low

Name: Trojan.Small.ju
Path: C:\VundoFix Backups\ymfakklf.exe.bad
Risk: High

Und nach dem versuchten entfernen:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: Adware.BargainBuddy
Path: HKLM\SYSTEM\ControlSet001\Enum\DISPLAY\MBOE995\5&394cc5b0&0&10000080&01&00\LogConf
Risk: Medium

21.10.2006, 15:35

Sabina

Ehrenmitglied

Beiträge: 29434

#6 1.
loeschen:
C:\avenger\backup.zip
C:\VundoFix Backups

2.
Papierkorb leeren

3.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

4.
Avenger

Zitat

registry keys to delete:
HKLM\SYSTEM\ControlSet001\Enum\DISPLAY\MBOE995\5&394cc5b0&0&10000080&01&00

__________
MfG Sabina

rund um die PC-Sicherheit

21.10.2006, 17:11

computerfreak

...neu hier

Themenstarter

Beiträge: 10

#7 Konnte die Datei löschen und Ewido findet sonst auch nichts mehr bis auf ein paar Cockies. Können die Probleme mit WinAntiVirus2006 wieder auftreten? Wenn ja wie kann man sich am besten davor schützen?

22.10.2006, 01:15

Sabina

Ehrenmitglied

Beiträge: 29434

#8 1.bestimmte Seiten meiden

2.versuche es damit
http://virus-protect.org/artikel/tools/sandboxie.html
__________
MfG Sabina

rund um die PC-Sicherheit

22.10.2006, 08:11

computerfreak

...neu hier

Themenstarter

Beiträge: 10

#9 Nochmals Vielen Dank für die schnelle und kompetente Hilfe!

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

» NoName (?) Dialer & WinAntivirusPro2006

Seite(n): 1