Mal wieder Critical System Error / VirusBurst

#1 Hi,

hoffe dieses tolle Forum kann mir helfen! =) Bin seit gestern (trotz Nod32) vom VirusBurst befallen. Er hat mein C:\ in "Hello" umbenannt, der Explorer ist abgestürzt, die Taskleiste lies sich nicht mehr öffnen und die Adress- und Symbolleiste in der Ordneransicht war verschwunden. Mithilfe von CCleaner, AVG Antispyware und Smitfraud habe ich ihn eigtl. im Griff - dachte ich. Der Balloon "Tip" ist immernoch da und warnt mich vor unsicherem System ;)

Hoffe ihr könnt mir helfen.

--------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:47:01, on 10.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NetLimiter 2\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\bmctl.exe
C:\Program Files\Opera\Opera.exe
D:\Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE22AA5-F76F-4C61-A47D-07AFD1E289D3}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABE1805E-37E1-4B02-98DC-43BB1DADB9C2}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: breakneck - {06fe8138-6c67-484f-ab1f-42abddd2cbb6} - C:\WINDOWS\system32\qnusjji.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


-----------------------------------------

rydd - 06-10-10 10:54:25,79 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\rydd"

((((((((((((((((((((((((((((((( Files Created from 2006-09-10 to 2006-10-10 ))))))))))))))))))))))))))))))))))


2006-10-09 23:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-09 22:16 143,360 --a------ C:\WINDOWS\system32\qnusjji.dll
2006-10-09 15:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-09 15:59 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-09 15:42 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-09 15:41 913,280 --a------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2006-10-09 15:41 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-10-09 15:41 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-10-09 15:41 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-10-09 15:41 7,136 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2006-10-09 15:41 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-10-09 15:41 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-10-09 15:41 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-09 15:41 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-09 15:41 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-10-09 15:41 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-10-09 15:41 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-10-09 15:41 2,180,096 --a------ C:\WINDOWS\system32\drivers\LVSVF2.sys
2006-10-09 15:41 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-10-09 15:41 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-03 13:21 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-03 13:21 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-03 13:21 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-03 13:21 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-03 13:21 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-10-03 13:20 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-02 16:20 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2006-10-02 16:20 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2006-10-02 16:20 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2006-10-02 16:20 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2006-10-02 16:20 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2006-09-28 21:45 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-28 21:42 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-28 21:42 451,072 C:\WINDOWSRadeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-28 21:42 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-09-23 18:06 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-09 23:12 -------- d-------- C:\Program Files\Grisoft
2006-10-09 23:09 -------- d-------- C:\Program Files\CCleaner
2006-10-09 22:48 -------- d-------- C:\Program Files\Lavasoft
2006-10-09 22:48 -------- d-------- C:\Documents and Settings\rydd\Application Data\Lavasoft
2006-10-09 22:18 -------- d-------- C:\Program Files\Trillian
2006-10-09 22:08 -------- d-------- C:\Program Files\TVgenial
2006-10-09 15:55 -------- d---s---- C:\Documents and Settings\rydd\Application Data\Microsoft
2006-10-09 15:54 -------- d-------- C:\Program Files\MSN Messenger
2006-10-09 15:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-09 15:41 -------- d-------- C:\Program Files\Logitech
2006-10-09 15:41 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-09 15:32 -------- d-------- C:\Program Files\MSN
2006-10-09 13:29 -------- d-------- C:\Documents and Settings\rydd\Application Data\Hamachi
2006-10-09 01:35 -------- d-------- C:\Program Files\Project64 1.6
2006-10-05 21:25 -------- d-------- C:\Program Files\IrfanView
2006-10-03 23:31 -------- d-------- C:\Program Files\EA SPORTS
2006-10-03 23:24 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-02 16:20 -------- d-------- C:\Program Files\Common Files
2006-09-30 17:37 -------- d-------- C:\Documents and Settings\rydd\Application Data\dvdcss
2006-09-28 21:42 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-28 21:42 -------- d-------- C:\Program Files\Radeon Omega Drivers
2006-09-28 19:16 -------- d-------- C:\Program Files\Common Files\mapserv
2006-09-25 15:28 -------- d-------- C:\Program Files\Last.fm
2006-09-21 17:27 -------- d-------- C:\Program Files\Launch Manager
2006-09-17 20:35 -------- d-------- C:\Program Files\PartyGaming
2006-09-15 19:35 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-15 19:27 -------- d-------- C:\Program Files\Handmark
2006-09-14 14:43 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-09-07 16:00 -------- d-------- C:\Program Files\PartyPoker
2006-09-07 15:55 -------- d-------- C:\Program Files\NetLimiter 2
2006-09-07 15:55 -------- d-------- C:\Documents and Settings\rydd\Application Data\Locktime
2006-09-05 20:33 2508 --a------ C:\Documents and Settings\rydd\Application Data\$_hpcst$.hpc
2006-09-03 15:30 -------- d-------- C:\Documents and Settings\rydd\Application Data\Ahead
2006-09-03 15:29 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-03 15:26 -------- d-------- C:\Program Files\Nero
2006-09-03 15:21 -------- d-------- C:\Program Files\Ahead
2006-09-01 17:14 -------- d-------- C:\Program Files\Microsoft Games
2006-09-01 15:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-31 22:50 -------- d-------- C:\Program Files\SuDokuV2
2006-08-31 18:21 -------- dr------- C:\Documents and Settings\rydd\Application Data\Brother
2006-08-29 18:30 -------- d-------- C:\Program Files\AGEIA Technologies
2006-08-28 19:36 -------- d-------- C:\Program Files\Druckserver 32bit
2006-08-10 19:29 -------- d-------- C:\Program Files\MSXML 4.0
2006-08-10 12:48 -------- d-------- C:\Program Files\VOX3DPlaner
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 17:22 2137856 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-07-27 17:22 2015104 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-07-27 17:19 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-07-24 22:18 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-07-24 22:18 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-07-24 22:18 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-07-24 22:14 2829 --a------ C:\WINDOWS\DIIUnin.pif
2006-07-24 22:14 102400 --a------ C:\WINDOWS\DIIUnin.exe
2006-07-19 04:58 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-07-19 04:53 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-07-19 04:53 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-07-19 04:53 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-07-19 04:52 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-07-19 04:52 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-07-19 04:51 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-07-19 04:51 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-07-19 04:44 2732608 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-07-19 04:39 1744416 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-07-19 04:27 204800 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-07-19 04:26 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-07-19 04:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-07-19 04:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-07-19 04:22 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-07-19 04:21 290816 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-07-19 04:13 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WinRoll"="C:\\Program Files\\WinRoll\\winroll.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"D_V_T"="C:\\\\dvt.exe /S \\C:\\\\d_v_t.reg\\"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"System Files Updater"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AtiPTA"="atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=hex:00,00,00,00
"NoSharedDocuments"=hex:00,00,00,00
"NoRecentDocsMenu"=dword:00000001
"NoStartMenuHelp"=dword:00000001
"NoFind"=dword:00000001
"NoSMHelp"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Advanced]
"NoStartMenuHelp"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"breakneck"="{06fe8138-6c67-484f-ab1f-42abddd2cbb6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 10.10.2006 10:55:44.37
ComboFix.txt

-------------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\WINDOWS\system32

09.10.2006 22:16 143.360 qnusjji.dll
09.10.2006 15:59 1.197 lvcoinst.log
09.10.2006 15:42 491 Installer.log
08.10.2006 16:31 2.206 wpa.dbl
23.09.2006 18:06 98.304 CmdLineExt.dll
12.09.2006 18:04 64 winnet.ini
01.09.2006 17:20 199.344 FNTCACHE.DAT
10.08.2006 12:48 1.115.704 O2CPlayer.OCX
31.07.2006 14:29 34.064 lhacm.acm
29.07.2006 19:32 48.936 sirenacm.dll
28.07.2006 09:30 236.824 xactengine2_3.dll
28.07.2006 09:30 62.744 xinput1_2.dll
27.07.2006 17:22 2.137.856 ntoskrnl.exe
27.07.2006 17:22 2.015.104 ntkrnlpa.exe
27.07.2006 17:19 218.624 uxtheme.dll
24.07.2006 22:18 21.840 SIntfNT.dll
24.07.2006 22:18 17.212 SIntf32.dll
24.07.2006 22:18 12.067 SIntf16.dll
19.07.2006 04:58 258.048 ati2dvag.dll
19.07.2006 04:53 114.688 atipdlxx.dll
19.07.2006 04:53 77.824 Oemdspif.dll
19.07.2006 04:53 26.112 Ati2mdxx.exe
19.07.2006 04:52 41.984 ati2edxx.dll
19.07.2006 04:52 86.016 ati2evxx.dll
19.07.2006 04:51 401.408 ati2evxx.exe
19.07.2006 04:51 53.248 ATIDDC.DLL
19.07.2006 04:44 2.732.608 ati3duag.dll
19.07.2006 04:39 1.744.416 ativvaxx.dll
19.07.2006 04:27 204.800 atikvmag.dll
19.07.2006 04:26 17.408 atitvo32.dll
19.07.2006 04:23 307.200 atiiiexx.dll
19.07.2006 04:22 6.684.672 atioglx1.dll
19.07.2006 04:22 286.720 ati2cqag.dll
19.07.2006 04:21 290.816 ATIDEMGR.dll
19.07.2006 04:13 5.136.384 atioglxx.dll
04.07.2006 19:38 176.167 rmoc3260.dll
04.07.2006 19:38 6.656 pndx5016.dll
04.07.2006 19:38 5.632 pndx5032.dll
04.07.2006 19:38 278.528 pncrt.dll
26.06.2006 21:09 129.832 rapi.dll
26.06.2006 21:08 20.264 ceutil.dll
21.06.2006 17:01 129.084 atiicdxx.dat
16.06.2006 01:58 183 imon1.dat
13.06.2006 00:21 395.534 perfh009.dat
13.06.2006 00:21 59.774 perfc009.dat
13.06.2006 00:21 409.298 PerfStringBackup.INI
09.06.2006 01:29 2.062 UTLDEFI.WLL

----------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\DOCUME~1\rydd\LOCALS~1\Temp

10.10.2006 11:02 114.616 system32.000
10.10.2006 10:56 10.328 hijackthis.000
10.10.2006 10:55 12.726 ComboFix.000
10.10.2006 10:31 286 WCESLog.log
4 File(s) 137.956 bytes
0 Dir(s) 10.763.956.224 bytes free

------------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\WINDOWS

10.10.2006 11:00 6.792 ModemLog_Novatel Wireless UMTS Modem Primary Port.txt
10.10.2006 10:31 159 wiadebug.log
10.10.2006 10:31 50 wiaservc.log
10.10.2006 10:31 0 Sti_Trace.log
10.10.2006 10:30 238 SchedLgU.Txt
10.10.2006 10:30 0 0.log
10.10.2006 10:30 2.048 bootstat.dat
10.10.2006 10:29 708 WindowsUpdate.log
10.10.2006 00:02 60 ntbtlog.txt
09.10.2006 01:23 104 mfpd.ini
08.10.2006 16:18 900 wincmd.ini
04.10.2006 19:17 116 NeroDigital.ini
01.10.2006 18:15 23 BlendSettings.ini
28.09.2006 21:42 451.072 Radeon Omega Drivers v3.8.273 Uninstall.exe
28.09.2006 19:16 12 psolaw1.ini
28.09.2006 19:16 26 wpsola.ini
27.09.2006 20:37 27 BRPP2KA.INI
27.09.2006 20:37 475 BRWMARK.INI
11.09.2006 16:23 1.488 wcx_ftp.ini
01.09.2006 15:11 2.510 Microsoft.MIF
10.08.2006 12:52 8.192 o2cLicStore.bin
27.07.2006 17:22 15.194 RestoreFlyakiteOSX.txt
25.07.2006 16:50 260 pow32.cfg
25.07.2006 16:50 133 pow32.dsk
25.07.2006 16:50 1.115 pow32.prj
25.07.2006 16:50 924 win.ini
24.07.2006 22:22 16.509 DIIUnin.dat
24.07.2006 22:14 2.829 DIIUnin.pif
24.07.2006 22:14 102.400 DIIUnin.exe
18.07.2006 18:30 2.802 Sobo.sam
18.07.2006 15:44 95 UF.ini
16.07.2006 16:38 836 QIII.INI
12.07.2006 12:30 5.278 ModemLog_Bluetooth DUN Modem.txt
12.07.2006 12:30 5.272 ModemLog_Bluetooth Fax Modem.txt
12.07.2006 12:29 3.894 ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
09.07.2006 19:40 338 Sobo.ntz
09.07.2006 19:40 0 PROTOCOL.INI
09.07.2006 19:06 1.277 APDFPRP.INI
15.06.2006 22:12 482 eReg.dat
07.06.2006 22:32 2.380 ModemLog_Bluetooth LAP Modem #2.txt
07.06.2006 22:32 2.380 ModemLog_Bluetooth LAP Modem.txt
05.06.2006 20:39 24 mainser

------------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\WINDOWS\Temp

------------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\WINDOWS\Downloaded Program Files

05.05.2006 15:51 65 desktop.ini
02.03.2006 15:40 1.271 erma.inf
2 File(s) 1.336 bytes
0 Dir(s) 10.763.948.032 bytes free

-------------------------------

Volume in drive C is Hello
Volume Serial Number is DC91-E53E

Directory of C:\

10.10.2006 11:04 0 sys.txt
10.10.2006 11:04 314 down.txt
10.10.2006 11:04 100 tmp.txt
10.10.2006 11:03 6.460 system.txt
10.10.2006 11:03 415 systemtemp.txt
10.10.2006 11:02 114.616 system32.txt
10.10.2006 10:55 12.726 ComboFix.txt
10.10.2006 10:30 1.071.763.456 hiberfil.sys
10.10.2006 10:30 1.610.612.736 pagefile.sys
09.10.2006 23:49 1.691 rapport.txt
09.10.2006 15:55 244 sqmnoopt00.sqm
09.10.2006 15:55 268 sqmdata00.sqm
02.10.2006 16:20 2.785 LGSInst.Log
17.08.2006 17:32 60.840 pdatime.log


Hoffe ich habe alles kopiert, danke euch jetzt schonmal für die Hilfe.

MfG,
Rydd.

#2 ««
Gehe in die registry
Start - Ausfuehren - regedit

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"breakneck"="{06fe8138-6c67-484f-ab1f-42abddd2cbb6}" - loeschen

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001 - in 0 aendern
"NoStartMenuHelp"=dword:00000001 - in 0 aendern
"NoFind"=dword:00000001 - in 0 aendern
"NoSMHelp"=dword:00000001 - in 0 aendern

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Advanced]
"NoStartMenuHelp"=dword:00000001 - in 0 aendern


**
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06fe8138-6c67-484f-ab1f-42abddd2cbb6}
HKEY_CLASSES_ROOT\CLSID\{06fe8138-6c67-484f-ab1f-42abddd2cbb6}

Files to delete:
C:\WINDOWS\system32\qnusjji.dll

Folders to delete:
C:\Program Files\PartyPoker
C:\Program Files\PartyGaming

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker\PartyPokerNet\RunPF.exe (file missing)

O21 - SSODL: breakneck - {06fe8138-6c67-484f-ab1f-42abddd2cbb6} - C:\WINDOWS\system32\qnusjji.dll

**
loesche das backup vom Avenger unter C:\Avenger\backup.zip
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hi Sabina,

danke. Ich glaube ich bin das Mistding los. Allerdings waren "NoHelp", "NoSearch" usw. selbsterstellte Einträge, das Startmenü war korrekt, nur ging Programme bzw. Einstellungen nicht mehr zu öffnen - jetzt ist wieder alles in Lot.

Vielen Dank nochmals,
Rydd.

PS: PartyPoker hat auch seine Berechtigung Verdiene mir ab und an ein wenig Geld. *g*