PDA

View Full Version : Critical System Error!


Mr.Daywalker
2006-09-07, 21:13
Hi I wanted to see a fun movie in the internet, so I klicked on the file and got the message that i need a vcodec. So I trusted in it and downloaded and installed it, a big fault...
I suddenly got problems and I started my AntiVir programm. He found a few dangerous programms, so i deleted them. But also after this action I still had a sign in my taskbar, which changes from a question mark to a red cross.
I tried every Virus scanner I found, but it didnt worked they sometimes found something but no programm was able to delete the programm, which always starts the sign.
After searching in the internet I found our forum and found the list of things I should do before I post here.

I tried everything and took every step but nothing helped... Panda Online scanner found just a few cookies but nothing else...

So I made the last step, I downloaded Hijackthis! and here is my logfile:

----------

Logfile of HijackThis v1.99.1
Scan saved at 18:54:16, on 07.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
D:\Programme\AntiVirenKit 2006 trial\AVKService.exe
D:\Programme\AntiVirenKit 2006 trial\AVKWCtl.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - D:\Programme\Media-Codec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - D:\Programme\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157239564995
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC10C23-598E-4487-BE20-5CA838ABFB25}: NameServer = 217.237.149.161 217.237.150.205
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - D:\WINDOWS\system32\duxzj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AVKProxy - G DATA Software AG - D:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - D:\Programme\AntiVirenKit 2006 trial\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - D:\Programme\AntiVirenKit 2006 trial\AVKWCtl.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

--------------

I hope you are able to help me or to give me any programm, which gonna help me.


Thanks, Mr.Daywalker
Mr.Daywalker
2006-09-08, 13:01
Thanks for this thread!!!

http://forums.spybot.info/showthread.php?t=4015

It works!!! I am free!!! :bigthumb:



Thanks Mr.Daywalker
pskelley
2006-09-12, 12:06
Welcome to the forum and thanks for that feedback. You did indeed find the correct information so many others overlook. I would suggest you post a last log so I can be sure all of the junk is gone, but that is your call. I will leave you with this information:
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

If we don't hear from you within a few days, tashi:) will close the topic. Safe surfing.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
tashi
2006-09-17, 21:31
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Cheers. :)