Home » Spyware & Browser Hijacker Support Forum » "critical system error" in der taskleiste » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

"critical system error" in der taskleiste

25.10.2006, 14:03

Indulge

...neu hier

Beiträge: 4

#1 ich hab das problem und zwar "critical system error" in der taskleiste

jetzt möcht ich das wegkriegen, hab schon die forumssuche benutzt nur kriege ich nicht weg.

durchlaufen lassen hab ich:
spybot search & destroy hat aber nichts gebracht

kann jemand bitte helfen

Vielen Dank!

Logfile of HijackThis v1.99.1
Scan saved at 14:01:07, on 25.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VideoCompressionCodec\isamonitor.exe
C:\Programme\VideoCompressionCodec\pmsngr.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\VideoCompressionCodec\isamini.exe
C:\Programme\VideoCompressionCodec\pmmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Rico\LOKALE~1\Temp\Rar$EX00.218\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Startup: WISO Bewerbung 2007 Reminder.lnk = C:\Programme\WISO\Bewerbung 2007\KCReminder.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{11743EE2-9FA1-4C59-BAD1-9BA74EA6A618}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{942F4081-EEE5-4EBA-B0A7-A52BD6DE9A27}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C15802A5-17C2-44C9-9063-8F97A6AEDA83}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C7DDAB-9973-4164-99CC-F50F581E9D72}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11743EE2-9FA1-4C59-BAD1-9BA74EA6A618}: NameServer = 192.168.178.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11743EE2-9FA1-4C59-BAD1-9BA74EA6A618}: NameServer = 192.168.178.1
O20 - AppInit_DLLs: MsgPlusLoader.dll,wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

25.10.2006, 14:16

Sabina

Ehrenmitglied

Beiträge: 29434

#2 poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

26.10.2006, 14:32

Indulge

...neu hier

Themenstarter

Beiträge: 4

#3 Hallo Sabina,

anbei den Log:

Rico - 06-10-26 14:29:55.90 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Programme\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Programme\outlook

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

2006-10-25 10:23 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-25 10:23 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-25 10:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-25 10:23 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-23 18:33 106,496 --a------ C:\WINDOWS\system32\dpfwu.dll
2006-10-23 09:16 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-24 00:33 -------- d-------- C:\Dokumente und Einstellungen\Rico\Anwendungsdaten\Ips
2006-10-23 18:57 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-23 18:57 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-23 18:45 -------- d-------- C:\Programme\IPS
2006-10-23 18:44 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2006-10-23 18:33 -------- d-------- C:\Programme\VirusBurster
2006-10-23 18:33 -------- d-------- C:\Programme\VideoCompressionCodec
2006-10-23 18:20 -------- d-------- C:\Programme\Kaspersky Lab
2006-10-17 20:01 -------- d-------- C:\Programme\PacificPoker
2006-10-17 19:58 -------- d-------- C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free
2006-10-17 19:58 -------- d-------- C:\Programme\DriveCleaner 2006 Free
2006-10-16 02:28 -------- d-------- C:\Programme\Radiograbber
2006-10-08 22:32 2928 --a------ C:\Dokumente und Einstellungen\Rico\Anwendungsdaten\AdobeDLM.log
2006-10-08 14:40 -------- d-------- C:\Programme\NimoCodec Pack
2006-10-08 09:18 101240 --a------ C:\Dokumente und Einstellungen\Rico\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-09-29 07:17 91344 --a------ C:\Dokumente und Einstellungen\Rico\Anwendungsdaten\errorsafefreeinstall_de[1].exe
2006-09-26 16:37 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-25 20:26 -------- d-------- C:\Programme\MyGlobalSearch
2006-09-25 16:43 -------- d-------- C:\Programme\LimeWire
2006-09-25 16:32 -------- d-------- C:\Programme\BearShare
2006-09-16 21:01 -------- d-------- C:\Programme\avmwlanstick
2006-09-14 14:20 -------- d-------- C:\Dokumente und Einstellungen\Rico\Anwendungsdaten\Teleca
2006-09-14 14:17 6176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2006-09-14 14:17 5808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 15:24 -------- d---s---- C:\Programme\Xfire
2006-09-06 15:22 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-09-06 15:22 165376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-09-06 15:13 -------- d-------- C:\Programme\Panzer Elite Action
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 02:20 1288224 --a------ C:\WINDOWS\system32\erotik-finden.de-ss01.scr

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Ulead AutoDetector v2"="C:\\Programme\\Gemeinsame Dateien\\Ulead Systems\\AutoDetector\\monitor.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"AVMWlanClient"="C:\\Programme\\avmwlanstick\\FRITZWLANMini.exe"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"kis"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoSharedDocuments"=hex:00,00,00,00
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\VideoCompressionCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\VideoCompressionCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"ares"="\"C:\\Programme\\Ares Lite Edition\\Ares.exe\" -h"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"zBrowser Launcher"="C:\\Programme\\Logitech\\iTouch\\iTouch.exe"
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"o2cd"="C:\\Programme\\O2Micro\\AudioDJ\\o2cd.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"LWBMOUSE"="C:\\Programme\\Trust\\250S Series\\lwbwheel.exe"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DataLayer"="C:\\PROGRA~1\\GEMEIN~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"LanguageShortcut"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"BearShare"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause"
"eBayToolbar"="C:\\Programme\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-26 14:31:28.93
C:\ComboFix.txt ... 06-10-26 14:31

26.10.2006, 14:39

Sabina

Ehrenmitglied

Beiträge: 29434

#4 das muss ich naeher beaeugen

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\VirusBurster" >>files.txt
dir "C:\Programme\VideoCompressionCodec" >>files.txt
dir "C:\Programme\PacificPoker" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free" >>files.txt
dir "C:\Programme\DriveCleaner 2006 Free" >>files.txt
dir "C:\Programme\NimoCodec Pack" >>files.txt
dir "C:\Dokumente und Einstellungen\Rico\Anwendungsdaten" >>files.txt
dir "C:\Programme\MyGlobalSearc" >>files.txt
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

««
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

VirusBurster

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

VideoCompressionCodec

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

In: "Enter search strings" (reinschreiben oder reinkopieren)

DriveCleaner 2006 Free

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit

30.10.2006, 19:28

Indulge

...neu hier

Themenstarter

Beiträge: 4

#5 Hallo Sabina,

hier ist den Text was mir regsearch rausgegeben hat:

verzeichnis von c:\programme\virusburster

06-10-23 18:33 <dir> .
06-10-23 18:33 <dir> ..
06-10-25 11:46 356 virusburster.ini
1 datei(en) 356 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db

verzeichnis von c:\programme\videocompressioncodec

06-10-23 18:33 <dir> .
06-10-23 18:33 <dir> ..
06-10-23 18:33 33,280 isamonitor.exe
06-10-23 18:33 24,576 isauninst.exe
06-10-30 17:58 13,824 isaddon.dll
06-10-23 18:33 11,408 pmsngr.exe
06-10-23 18:33 14,848 pmuninst.exe
06-10-30 17:58 6,144 isamini.exe
06-10-30 17:58 2,776 pmmon.exe
06-10-23 18:33 26,624 iesplugin.dll
06-10-23 18:33 24,576 iesuninst.exe
06-10-23 18:33 4,286 ts.ico
06-10-23 18:33 4,286 ot.ico
06-10-23 18:33 25,652 uninst.exe
12 datei(en) 192,280 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db
verzeichnis von c:\programme\gemeinsame dateien\drivecleaner 2006 free

06-10-17 19:58 <dir> .
06-10-17 19:58 <dir> ..
06-09-27 14:56 163,840 udcsdr.exe
06-09-27 14:49 155,648 udcpas.exe
2 datei(en) 319,488 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db

verzeichnis von c:\programme\drivecleaner 2006 free

06-10-17 19:58 <dir> .
06-10-17 19:58 <dir> ..
06-10-17 19:58 13,637 unins000.dat
06-10-17 19:58 669,002 unins000.exe
06-08-30 17:01 1,137,664 udc2006.exe
06-08-30 12:06 124,416 udcshell.dll
06-08-30 12:03 33,792 udcpchk.dll
06-10-17 19:58 <dir> appbase
06-07-25 17:31 2,426,784 udc2006.xml
06-03-30 20:05 35,776 udcshell.xml
06-03-31 16:07 536,576 updater.exe
06-09-27 12:02 120,832 insthelp.exe
06-09-27 13:11 147,456 udc6cw.exe
05-12-09 18:29 53,248 pv.exe
06-02-23 17:08 327 activate.dat
06-02-23 19:48 41 up.dat
05-11-09 13:04 8 vbpv.dat
06-08-30 16:23 3 lapv.dat
06-10-17 19:58 131 bnlink.dat
06-10-17 19:58 8 pv.dat
06-10-06 10:03 75,309 license.rtf
06-10-06 10:04 3,079 readme.rtf
05-10-06 13:09 1,406 uninstall.ico
06-02-24 15:24 5,012 uninstallpage.html
06-10-17 19:58 <dir> img
06-10-17 19:58 53 udc6.url
06-10-17 19:58 72 support.url
06-10-17 19:58 71 manual.url
06-10-17 19:58 328 updater.dat
06-10-17 19:58 0 err.log
06-10-17 19:58 127 sr.log
06-10-25 12:00 160 schedule.dat
06-10-17 19:59 931,338 scanreport.dat
06-10-25 12:02 7,632 update.log
06-10-18 12:49 <dir> download
30 datei(en) 6,324,288 bytes
5 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db

Hier nur VirusBurster:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 06-10-30 19:19:43 for strings:
; 'verzeichnis von c:\programme\virusburster

06-10-23 18:33 <dir> .
06-10-23 18:33 <dir> ..
06-10-25 11:46 356 virusburster.ini
1 datei(en) 356 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

Hier nur der videocompressioncodec:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 06-10-30 19:23:49 for strings:
; 'verzeichnis von c:\programme\videocompressioncodec

06-10-23 18:33 <dir> .
06-10-23 18:33 <dir> ..
06-10-23 18:33 33,280 isamonitor.exe
06-10-23 18:33 24,576 isauninst.exe
06-10-30 17:58 13,824 isaddon.dll
06-10-23 18:33 11,408 pmsngr.exe
06-10-23 18:33 14,848 pmuninst.exe
06-10-30 17:58 6,144 isamini.exe
06-10-30 17:58 2,776 pmmon.exe
06-10-23 18:33 26,624 iesplugin.dll
06-10-23 18:33 24,576 iesuninst.exe
06-10-23 18:33 4,286 ts.ico
06-10-23 18:33 4,286 ot.ico
06-10-23 18:33 25,652 uninst.exe
12 datei(en) 192,280 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

Hier nur der drivecleaner 2006 free:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 06-10-30 19:27:01 for strings:
; 'verzeichnis von c:\programme\gemeinsame dateien\drivecleaner 2006 free

06-10-17 19:58 <dir> .
06-10-17 19:58 <dir> ..
06-09-27 14:56 163,840 udcsdr.exe
06-09-27 14:49 155,648 udcpas.exe
2 datei(en) 319,488 bytes
2 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db

verzeichnis von c:\programme\drivecleaner 2006 free

06-10-17 19:58 <dir> .
06-10-17 19:58 <dir> ..
06-10-17 19:58 13,637 unins000.dat
06-10-17 19:58 669,002 unins000.exe
06-08-30 17:01 1,137,664 udc2006.exe
06-08-30 12:06 124,416 udcshell.dll
06-08-30 12:03 33,792 udcpchk.dll
06-10-17 19:58 <dir> appbase
06-07-25 17:31 2,426,784 udc2006.xml
06-03-30 20:05 35,776 udcshell.xml
06-03-31 16:07 536,576 updater.exe
06-09-27 12:02 120,832 insthelp.exe
06-09-27 13:11 147,456 udc6cw.exe
05-12-09 18:29 53,248 pv.exe
06-02-23 17:08 327 activate.dat
06-02-23 19:48 41 up.dat
05-11-09 13:04 8 vbpv.dat
06-08-30 16:23 3 lapv.dat
06-10-17 19:58 131 bnlink.dat
06-10-17 19:58 8 pv.dat
06-10-06 10:03 75,309 license.rtf
06-10-06 10:04 3,079 readme.rtf
05-10-06 13:09 1,406 uninstall.ico
06-02-24 15:24 5,012 uninstallpage.html
06-10-17 19:58 <dir> img
06-10-17 19:58 53 udc6.url
06-10-17 19:58 72 support.url
06-10-17 19:58 71 manual.url
06-10-17 19:58 328 updater.dat
06-10-17 19:58 0 err.log
06-10-17 19:58 127 sr.log
06-10-25 12:00 160 schedule.dat
06-10-17 19:59 931,338 scanreport.dat
06-10-25 12:02 7,632 update.log
06-10-18 12:49 <dir> download
30 datei(en) 6,324,288 bytes
5 verzeichnis(se), 15,122,972,672 bytes frei
volume in laufwerk c: hat keine bezeichnung.
volumeseriennummer: 70c5-95db
'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

Vielen Dank im Voraus

Grüße Indulge

31.10.2006, 00:14

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Information rogue anti-spyware program - drivecleaner_2006
http://virus-protect.org/artikel/spyware/drivecleaner_2006.html
__________________________________________________

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

Registry Keys to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\DriveCleaner 2006 Free
HKEY_ALL_USERS\Software\DriveCleaner 2006 Free
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}

files to delete:
C:\WINDOWS\system32\dpfwu.dll

folders to delete:
C:\Programme\VirusBurster
C:\Programme\VideoCompressionCodec
C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free
C:\Programme\DriveCleaner 2006 Free
C:\Programme\MyGlobalSearc
C:\Dokumente und Einstellungen\All Users\Start Menu\Programme\DriveCleaner 2006 Free
C:\Dokumente und Einstellungen\Rico\Start Menu\Programme\DriveCleaner 2006 Free

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste hier das log vom avenger, was nach neustart erscheint

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll

PC neustarten

««
scanne mit smitfraudfix - option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 31.10.2006 um 00:21 Uhr von Sabina editiert.

31.10.2006, 11:33

Indulge

...neu hier

Themenstarter

Beiträge: 4

#7 Hallo Sabina,

anbei den Avenger-Log:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 2
Line: HKEY_ALL_USERS\Software\DriveCleaner 2006 Free

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qlnxdjlt

*******************

Script file located at: \??\C:\WINDOWS\bvqgtruk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\dpfwu.dll not found!
Deletion of file C:\WINDOWS\system32\dpfwu.dll failed!

Could not process line:
C:\WINDOWS\system32\dpfwu.dll
Status: 0xc0000034

Folder C:\Programme\VirusBurster not found!
Deletion of folder C:\Programme\VirusBurster failed!

Could not process line:
C:\Programme\VirusBurster
Status: 0xc0000034

Folder C:\Programme\VideoCompressionCodec not found!
Deletion of folder C:\Programme\VideoCompressionCodec failed!

Could not process line:
C:\Programme\VideoCompressionCodec
Status: 0xc0000034

Folder C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free not found!
Deletion of folder C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free
Status: 0xc0000034

Folder C:\Programme\DriveCleaner 2006 Free not found!
Deletion of folder C:\Programme\DriveCleaner 2006 Free failed!

Could not process line:
C:\Programme\DriveCleaner 2006 Free
Status: 0xc0000034

Folder C:\Programme\MyGlobalSearc not found!
Deletion of folder C:\Programme\MyGlobalSearc failed!

Could not process line:
C:\Programme\MyGlobalSearc
Status: 0xc0000034

Could not open folder C:\Dokumente und Einstellungen\All Users\Start Menu\Programme\DriveCleaner 2006 Free for deletion
Deletion of folder C:\Dokumente und Einstellungen\All Users\Start Menu\Programme\DriveCleaner 2006 Free failed!

Could not process line:
C:\Dokumente und Einstellungen\All Users\Start Menu\Programme\DriveCleaner 2006 Free
Status: 0xc000003a

Could not open folder C:\Dokumente und Einstellungen\Rico\Start Menu\Programme\DriveCleaner 2006 Free for deletion
Deletion of folder C:\Dokumente und Einstellungen\Rico\Start Menu\Programme\DriveCleaner 2006 Free failed!

Could not process line:
C:\Dokumente und Einstellungen\Rico\Start Menu\Programme\DriveCleaner 2006 Free
Status: 0xc000003a

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed!
Status: 0xc0000034

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DriveCleaner 2006 Free not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\DriveCleaner 2006 Free failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69} failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

------------------------------------------------------------------------

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

mit Hjiackthis gefixt

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll

wurde nicht mehr gefunden

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

auch gefixt

O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll

auch gefixt

---------------------------------------------------------------------------

Anbei den Log (option1 und option 2) von http://virus-protect.org/artikel/tools/smitfrautfix.html

OPTION1 :

SmitFraudFix v2.117

Scan done at 11:20:05.35, 06-10-31
Run from C:\Dokumente und Einstellungen\Rico\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Rico

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Rico\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\RICO\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll,wbsys.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------------

OPTION 2:

SmitFraudFix v2.117

Scan done at 11:18:29.03, 06-10-31
Run from C:\Dokumente und Einstellungen\Rico\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------------------------------------------

Vielen Dank

Grüße

Indulge

31.10.2006, 14:02

Sabina

Ehrenmitglied

Beiträge: 29434

#8 loesche manuell ueber Start - Programme:

C:\Dokumente und Einstellungen\Rico\Start Menu\Programme\DriveCleaner 2006 Free

**
scanne, stelle nach dem scan alles auf remove und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1