Probleme mit Critical System Error

#1 Habe mir ein Virus eingefangen. Habe Combofix laufen lassen.
Das log sieht wie folg aus:
Serge - 06-10-23 21:59:39,34 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\"

((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))


2006-10-23 21:59 276,918 --a------ C:\combofix.exe
2006-10-23 21:19 60,416 --a------ C:\WINDOWS\system32\drivers\hha^qxap.sys
2006-10-20 20:58 106,496 --a------ C:\WINDOWS\system32\dpfwu.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-23 21:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-10-21 20:43 -------- d-------- C:\Programme\EPSON
2006-10-18 20:46 -------- d-------- C:\Programme\Apple Software Update
2006-10-18 18:35 -------- d-------- C:\Programme\iTunes
2006-10-18 18:35 -------- d-------- C:\Programme\iPod
2006-10-18 18:33 -------- d-------- C:\Programme\QuickTime
2006-10-17 22:12 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-17 02:07 -------- d-------- C:\Programme\Norton Internet Security
2006-10-13 06:35 -------- d-------- C:\Programme\MSXML 4.0
2006-09-28 14:12 -------- d-------- C:\Programme\Symantec
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 10:25 36040 --a------ C:\Dokumente und Einstellungen\Serge\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-09-02 17:03 -------- d-------- C:\Programme\HyperSnap-DX 5
2006-08-28 13:31 -------- d-------- C:\Programme\Nikon
2006-08-28 10:13 -------- d-------- C:\Programme\Plug-Ins
2006-08-27 10:15 -------- d-------- C:\Dokumente und Einstellungen\Serge\Anwendungsdaten\Adobe
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 20:20 -------- d-------- C:\Programme\Bibble Labs
2006-08-24 20:20 -------- d-------- C:\Dokumente und Einstellungen\Serge\Anwendungsdaten\bibble
2006-08-24 20:19 -------- d-------- C:\Programme\Gemeinsame Dateien\Bibble Labs
2006-08-24 20:19 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-18 17:52 7184 --a------ C:\Dokumente und Einstellungen\Serge\Anwendungsdaten\ViewerApp.dat
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 13:27 3997696 --a------ C:\WINDOWS\system32\NkNEFPlugin.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Evidence Eliminator"="C:\\Programme\\Evidence Eliminator\\ee.exe /m"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
@=""
"Norton Ghost 9.0"="C:\\Programme\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Picasa Media Detector"="C:\\Programme\\Picasa2\\PicasaMediaDetector.exe"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systempr�üfung ausfü�hren - Serge.job

Completion time: 06-10-23 22:05:02.06
C:\ComboFix.txt ... 06-10-23 22:05
C:\ComboFix2.txt ... 06-10-21 21:05

#2 scanne mit smitfraudfix - Option 1 und 2 - poste hier beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit