Critical System Error

#1 Ich habe mir auch beim Downloaeden eines Videos einen Virus eingefangen. Naemlich ein Symbol, das alle drei Minuten einen Critical System Error meldet. Beim draufklicken werde ich auf eine Homepage verwiesen, wo ich eine Antispywareprogramm kaufen kann. Wie bekomme ich das wieder weg? Das Programm habe ich schon gekauft und das Symbol ist immer noch da. (natuerlich nur ein Scherz
Also, ich wuerde mich sehr freuen ueber einen hilfreichen Tipp. Leider habe ich nicht viel Ahnung von Computern. Deshalb, bitte so schreiben, dass eine Anfaenger wie ich den Anweisungen folgen kann. Ich sage schon mal danke.
Gruss Max

Hier mein Hijjackergebnis:

Logfile of HijackThis v1.99.1
Scan saved at 1:26:12 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\brss01a.exe
C:\windows\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\USER.USER-4A8C0BF431\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll (file missing)
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe
O4 - Global Startup: wlan.lnk = C:\Program Files\Power Manager\PM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Suche - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?3aef1ae1f85f4232936f33f05b3fe513
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?3aef1ae1f85f4232936f33f05b3fe513
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19F5638D-4002-48BA-9A60-36A2DDDF5682}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {67BE36B5-18FD-400D-8C4C-BCA4BC0BBB45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\windows\system32\dpfwu.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#2 maxboecker

um das loeschen zu koennen
http://virus-protect.org/artikel/spyware/mmediacodec_remove.html
brauche ich noch einige infos:
___________________________________________________________

1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren)

VirusBurster

in edit und klicke "Ok".
Notepad wird sich oeffnen


in: "Enter search strings" (reinkopieren)

MMediaCodec

in edit und klicke "Ok".
Notepad wird sich oeffnen
__________
MfG Sabina

rund um die PC-Sicherheit

#3 So, das sind die beiden Logs, ich hoffe ich habe das richtig gemacht. Danke aber schonmal fuer deine schnelle Antwort.
Gruss Max



user - 06-10-13 14:55:41.21 Service Pack 2
ComboFix 06.10.12 - Running from: "C:\Documents and Settings\user.USER-4A8C0BF431\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-13 12:03 106,496 --a------ C:\WINDOWS\system32\dpfwu.dll
2006-09-27 14:50 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-09-27 14:50 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2006-09-27 14:50 57,344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2006-09-27 14:50 54,272 --------- C:\WINDOWS\system32\brinsstr.dll
2006-09-27 14:50 45,056 --a------ C:\WINDOWS\system32\brss01a.exe
2006-09-27 14:50 37,888 --a------ C:\WINDOWS\system32\BrUSi05a.dll
2006-09-27 14:50 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2006-09-27 14:50 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2006-09-27 14:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2006-09-27 14:50 147,456 --------- C:\WINDOWS\brunin03.dll
2006-09-27 14:50 131,072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2006-09-27 14:50 121,856 --a------ C:\WINDOWS\system32\BrWia05a.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-13 14:47 -------- d-------- C:\Documents and Settings\user.USER-4A8C0BF431\Application Data\Skype
2006-10-13 12:10 -------- d-------- C:\Program Files\VirusBurster
2006-10-13 12:04 -------- d-------- C:\Program Files\MMediaCodec
2006-10-12 09:21 -------- d-------- C:\Program Files\SPSS
2006-10-10 00:31 -------- d-------- C:\Program Files\PokerStars.NET
2006-10-05 09:56 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 11:29 -------- d-------- C:\Program Files\SPSS Viewer
2006-10-03 11:29 -------- d-------- C:\Documents and Settings\user.USER-4A8C0BF431\Application Data\Help
2006-09-27 15:20 -------- dr------- C:\Documents and Settings\user.USER-4A8C0BF431\Application Data\Brother
2006-09-27 14:50 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-27 14:50 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-27 14:50 -------- d-------- C:\Program Files\Brother
2006-09-27 14:47 -------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2006-09-27 14:47 -------- d-------- C:\Program Files\Common Files
2006-09-27 14:46 -------- d-------- C:\Program Files\ScanSoft
2006-09-26 13:28 -------- d-------- C:\Program Files\BearShare
2006-09-19 21:31 -------- d-------- C:\Program Files\Online Services
2006-09-16 16:40 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-09-13 13:51 -------- d-------- C:\Documents and Settings\user.USER-4A8C0BF431\Application Data\FreeCall
2006-09-12 19:27 -------- d-------- C:\Program Files\FreeCall.com
2006-09-06 20:46 -------- d-------- C:\Program Files\Winamp
2006-09-03 23:22 -------- d-------- C:\Program Files\ICQLite


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"PowerManager"="C:\\Program Files\\Power Manager\\PM.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"NeroFilterCheck"="C:\\windows\\system32\\NeroCheck.exe"
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver"
"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Program Files\\MMediaCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\MMediaCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-13 14:56:25.21
ComboFix.txt








REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 10/13/2006 2:59:52 PM for strings:
; 'virusburster'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0\win32]
@="C:\\Program Files\\VirusBurster\\virusburster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\HELPDIR]
@="C:\\Program Files\\VirusBurster\\"

[HKEY_USERS\S-1-5-21-402871595-964474984-1028139589-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\USER~1.USE\\LOCALS~1\\Temp\\vb20.exe"="VirusBurster Install"
"C:\\Program Files\\VirusBurster\\virusburster.exe"="Anti- spyware and adware"
"C:\\DOCUME~1\\USER~1.USE\\LOCALS~1\\Temp\\~nsu.tmp\\Au_.exe"="VirusBurster Install"

; End Of The Log...

#4 maxboecker

gehe in die Registry
Start - Ausführen - regedit

bearbeiten - suchen - contrabandists

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
löschen
contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
löschen
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
loeschen:
"isamonitor.exe"
"pmsngr.exe"


Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMediaCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MMediaCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e}

Files to delete:
C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\vb20.exe
C:\WINDOWS\system32\dpfwu.dll

Folders to delete:
C:\Program Files\Save
C:\Program Files\VirusBurster
C:\Program Files\MMediaCodec
C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\~nsu.tmp

Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint

________________

loesche das Backup vom Avenger unter C:\Avenger\backup.zip

________________

fixe , soweit es noch vorhanden ist:

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll

O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MMediaCodec\iesplugin.dll

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\windows\system32\dpfwu.dll

__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hallo,

ich hab jetzt seit gestern das gleiche Problem wie viele. Bei mir kommt auch dauernd die meldung: critical system error.
Was muss ich machen um das Problem zu beheben?Über Hilfe würd ich mich sehr freuen!



Admin - 06-10-13 16:30:28,26 Service Pack 2
ComboFix 06.10.13 - Running from: "C:\Dokumente und Einstellungen\Admin\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-12 17:58 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-12 17:58 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-12 17:58 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-12 16:08 106,496 --a------ C:\WINDOWS\system32\dpfwu.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-13 14:53 -------- d-------- C:\Programme\MMediaCodec
2006-10-12 21:08 -------- d----c--- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lavasoft
2006-10-12 20:00 -------- d-------- C:\Programme\Lavasoft
2006-10-12 17:58 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-10-12 17:52 -------- d-------- C:\Programme\AVPersonal
2006-10-12 17:33 -------- d----c--- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help
2006-10-12 17:01 -------- d-------- C:\Programme\VirusBurster
2006-10-10 15:57 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-10-08 20:10 -------- d----c--- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
2006-10-08 20:06 -------- d----c--- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
2006-10-08 18:56 -------- d-------- C:\Programme\Adobe
2006-10-08 18:49 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-08 18:47 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2006-10-08 18:47 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-07 18:13 -------- d-------- C:\Programme\Valve
2006-10-07 18:13 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-10-07 16:19 -------- d-------- C:\Programme\Windows Media Player
2006-10-06 17:21 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-03 16:27 -------- d----c--- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real
2006-10-03 16:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 12:40 -------- d-------- C:\Programme\Internet Explorer
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 11:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 12:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PVR"="C:\\Programme\\XemiComputers\\Pocket Voice Recorder\\PVR.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000003

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVGNT"
"hkey"="HKLM"
"command"="\"C:\\Programme\\AVPersonal\\AVGNT.EXE\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nForce APU1 Utilities]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVATray"
"hkey"="HKLM"
"command"="NVATray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-13 16:31:45.57
C:\ComboFix.txt ... 06-10-13 16:31




Logfile of HijackThis v1.99.1
Scan saved at 16:59:03, on 13.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Programme\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\MMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [PVR] C:\Programme\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

#6 Debora

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren)

VirusBurster

in edit und klicke "Ok".
Notepad wird sich oeffnen - poste den report


in: "Enter search strings" (reinkopieren)

MMediaCodec

in edit und klicke "Ok".
Notepad wird sich oeffnen poste den report

in: "Enter search strings" (reinkopieren)

{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}

in edit und klicke "Ok".
Notepad wird sich oeffnen -poste den report

in: "Enter search strings" (reinkopieren)

{d869742a-e5d2-4624-96c7-aae26170665e}

in edit und klicke "Ok".
Notepad wird sich oeffnen -poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

#7 REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 13.10.2006 17:45:51 for strings:
; 'virusburster'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0\win32]
@="C:\\Programme\\VirusBurster\\virusburster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\HELPDIR]
@="C:\\Programme\\VirusBurster\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurster]

; End Of The Log...





REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 13.10.2006 17:49:32 for strings:
; 'mmediacodec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\InprocServer32]
@="C:\\Programme\\MMediaCodec\\iesplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}\InprocServer32]
@="C:\\Programme\\MMediaCodec\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\MMediaCodec\\iesuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\MMediaCodec\\pmuninst.exe\""

[HKEY_USERS\S-1-5-21-329068152-113007714-1957994488-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\MMediaCodec\\isauninst.exe"="isauninst"

; End Of The Log...



REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 13.10.2006 17:51:49 for strings:
; '{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\Implemented Categories\{00021493-0000-0000-C000-000000000046}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
; Contents of value:
;
"{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}"=hex:00

[HKEY_USERS\S-1-5-21-329068152-113007714-1957994488-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5}]

[HKEY_USERS\S-1-5-21-329068152-113007714-1957994488-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5}\iexplore]

; End Of The Log...




REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 13.10.2006 17:54:03 for strings:
; '{d869742a-e5d2-4624-96c7-aae26170665e}
{d869742a-e5d2-4624-96c7-aae26170665e}
{d869742a-e5d2-4624-96c7-aae26170665e}
{d869742a-e5d2-4624-96c7-aae26170665e}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#8 Debora

gehe in die Registry
Start - Ausführen - regedit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
löschen
"{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
löschen
contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
löschen
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

HKEY_USERS\S-1-5-21-329068152-113007714-1957994488-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - löschen


««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e}

Files to delete:
C:\WINDOWS\system32\dpfwu.dll

Folders to delete:
C:\Programme\VirusBurster
C:\Programme\MMediaCodec

scanne mit smitfraudfix (option 1 und 2 )
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 So hier das log vom avenger,
das Zeichen ist weg. Das ist der Hammer.
Dankeschoen. Wie kann ich weiter danken?
Super cool. Gracias, Bedankt, Thanks


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\trjwsnst

*******************

Script file located at: \??\C:\windows\system32\ewmewqdw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\vb20.exe not found!
Deletion of file C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\vb20.exe failed!

Could not process line:
C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\vb20.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dpfwu.dll deleted successfully.


Folder C:\Program Files\Save not found!
Deletion of folder C:\Program Files\Save failed!

Could not process line:
C:\Program Files\Save
Status: 0xc0000034

Folder C:\Program Files\VirusBurster deleted successfully.
Folder C:\Program Files\MMediaCodec deleted successfully.
Folder C:\Documents and Settings\user.USER-4A8C0BF431\Local Settings\Temp\~nsu.tmp deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMediaCodec deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MMediaCodec deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurster not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurster failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#10 Das mit dem avenger klappt bei mir nicht. nachdem ich das vorgegebene reinkopiert hab und auf die grüne ampel geklickt hab kam ne errormeldung..hab ich was falsch gemacht?

Hab jetzt neustart gemacht und das blinkende Fragezeichen ist weg!=D
Vom avenger is kein Log erschienen. Hätte da was kommen sollen oder ist das egal?


das kam beim allerletzten schritt den ich machen sollte raus:

SmitFraudFix v2.109

Scan done at 22:22:02,61, 13.10.2006
Run from C:\Dokumente und Einstellungen\Admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Admin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Admin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Admin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

C:\Programme\MMediaCodec\ FOUND !
C:\Programme\VirusBurster\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="NVDESK32.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





SmitFraudFix v2.109

Scan done at 22:23:50,10, 13.10.2006
Run from C:\Dokumente und Einstellungen\Admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dpfwu.dll Deleted
C:\Programme\MMediaCodec\ Deleted
C:\Programme\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Is jetzt eigentlich alles wieder ok?

#11 Debora

ja, es ist wieder alles in Ordnung
dennoch solltest du noch mal versuchen, den Avenger anzuwenden...bis es klappt,
ich weiss nicht, inwiefern smitfraudfix alles rausgeloescht hat. ...
__________
MfG Sabina

rund um die PC-Sicherheit

#12 maxboecker

scanne mit smitfraudfix (option 1 und 2 )
http://virus-protect.org/artikel/tools/smitfrautfix.html
poste hier beide scanreporte
__________
MfG Sabina

rund um die PC-Sicherheit

#13 ok,mach ich:-)

Vielen Dank für die schnelle und vor allem gute Hilfe!

Mfg Debora