ich habe alle punkte gemacht aber der pc bootet immer noch bei malwarebytes

aaah und CCleaner bekommt die eine datei auch nicht weg egal wie oft ich es versuche

Welche Datei ist es denn? Ich brauche den genauen Namen und den Pfad.

ciao, andreas

das ist die datei
{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

ich glaub die ist im HKEY CLASSES ROOT zu finden

Zitat:

ich glaub die ist im HKEY CLASSES ROOT zu finden

Das ist keine Datei sondern ein Registryeintrag, der wurde von Avira angelegt, geschützt und lässt sich deshalb nicht löschen. Das ist schon in Ordnung so.

Poste bitte nochmal ein aktuelles HJT-Log.

Gleich im Anschluß: http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3 der Anleitung)

ciao, andreas

hier die neue log super anti spyware mach ich jetzt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:00 μμ, on 16/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7979 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2009 at 00:29 AM

Application Version : 4.26.1002

Core Rules Database Version : 3896
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 00:49:57

Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 4350
Registry threats detected : 0
File items scanned : 116090
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\USER\Cookies\user@atdmt[1].txt

Trojan.Agent/Gen-FSG
C:\EIGENE DATEIEN\PROGRAMME\NERO BURNING ROM\NERO_BURNING_ROM_V6.6.0.13

1.) Deinstalliere (falls möglich):

• SuperAntiSpyware
• Bonjour

2.) Stecke alles, das du jemals mit dem Computer verbunden hast, wie Kamera, Handy, Speicherkarten, Memorysticks, externe Laufwerke, ... vor dem nächsten Scan an.

ComboFix

Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  
  Sollte sich ComboFix nicht starten lassen, dann benenne es um in cf.com und versuche es nocheinmal.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

3.) Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

ciao, andreas

ich werde es versuchen aber noch eine frage
koennte es evtl am neuen antivir 9 liegen das ich am selben tag installiert habe wo die probleme angefangen haben und das neue mozilla hatte ich auch an dem tag installiert ???

Wäre möglich, aber es gibt Anzeichen auf einen Backdoor. Das halte ich dann doch für wahrscheinlicher.

ciao, andreas

oki ich werde den test jetzt machen nur das Bonjour finde ich nicht

Macht nichts, den kriegen wir anders klein.

ciao, andreas

hier die neue log

ComboFix 09-05-16.05 - USER 17/05/2009 1:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.30.1032.18.2046.1625 [GMT 3:00]
Running from: c:\documents and settings\USER\Επιφάνεια εργασίας\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_C902.ini
c:\windows\system32\tmp70.tmp
c:\windows\system32\tmp71.tmp
c:\windows\system32\tmp80.tmp
c:\windows\system32\tmp81.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 20:34 . 2009-05-16 22:03 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 20:29 . 2009-05-16 20:29 -------- d-----w c:\documents and settings\USER\Tracing
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Microsoft
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 20:27 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live
2009-05-16 20:25 . 2009-05-16 20:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\USER\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 12:20 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 12:08 . 2009-05-16 12:08 -------- d-----w c:\program files\CCleaner
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Trend Micro
2009-05-14 01:54 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-13 10:34 . 2009-05-13 10:34 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\PunkBuster
2009-05-07 16:15 . 2009-05-13 18:15 -------- d-----w c:\program files\LucasArts
2009-04-23 20:56 . 2009-04-23 20:56 -------- d-----w c:\documents and settings\USER\Application Data\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:29 . 2008-05-03 18:45 14464 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 17:58 . 2008-05-06 20:28 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-16 17:57 . 2008-05-08 23:46 -------- d-----w c:\program files\VideoLAN
2009-05-16 17:54 . 2008-05-07 19:39 -------- d-----w c:\program files\Java
2009-05-15 19:45 . 2008-05-06 18:00 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 19:45 . 2008-05-06 18:00 189472 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-14 20:26 . 2009-03-06 19:35 -------- d-----w c:\program files\Steam
2009-05-14 11:17 . 2008-05-06 20:11 -------- d-----w c:\program files\KalOnlineEng
2009-05-14 01:58 . 2008-05-06 20:21 -------- d-----w c:\program files\ICQToolbar
2009-05-14 01:51 . 2006-03-02 12:00 95336 ----a-w c:\windows\system32\perfc008.dat
2009-05-14 01:51 . 2006-03-02 12:00 551152 ----a-w c:\windows\system32\perfh008.dat
2009-05-14 01:47 . 2008-05-03 18:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:34 . 2008-05-06 17:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-28 14:08 . 2008-10-17 19:08 -------- d-----w c:\program files\Electronic Arts
2009-04-23 16:14 . 2009-01-19 17:49 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 16:14 . 2009-01-19 17:49 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Common Files\Portrait Displays
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Portrait Displays
2009-03-25 15:01 . 2008-07-03 11:32 -------- d-----w c:\program files\DC++
2009-03-06 14:45 . 2006-03-02 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 01:04 . 2009-02-28 00:45 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-02-28 01:04 . 2009-02-28 00:45 17212 ----atw c:\windows\system32\SIntf32.dll
2009-02-28 01:04 . 2009-02-28 00:45 12067 ----atw c:\windows\system32\SIntf16.dll
2009-02-27 19:46 . 2009-02-27 19:46 58 ----a-w c:\windows\wininit.tmp
2009-02-27 16:39 . 2008-10-30 18:10 533 ----a-w c:\windows\eReg.dat
2009-02-20 17:10 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-12-17 22:34 . 2009-05-14 20:47 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:34 . 2009-05-14 20:47 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:34 . 2009-05-14 20:47 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:34 . 2009-05-14 20:47 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:34 . 2009-05-14 20:47 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-05-17 01:37:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 171 GB (71%) free of 239 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:38 πμ, on 17/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7193 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*isabledC++"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:EnabledivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:EnabledivX EKG"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe"="C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe:*:Enabledbsetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*isabled:Free Download Manager"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 2 months======

2009-05-17 01:32:34 ----D---- C:\rsit
2009-05-17 01:29:54 ----D---- C:\WINDOWS\temp
2009-05-17 01:29:53 ----A---- C:\ComboFix.txt
2009-05-17 01:26:20 ----A---- C:\WINDOWS\zip.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\vFind.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWSC.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWREG.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\sed.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\grep.exe
2009-05-17 01:26:14 ----D---- C:\ComboFix
2009-05-17 01:22:59 ----D---- C:\WINDOWS\ERDNT
2009-05-17 01:22:52 ----D---- C:\Qoobox
2009-05-17 01:03:46 ----SHD---- C:\Config.Msi
2009-05-16 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 23:34:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-16 23:34:11 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 23:28:36 ----D---- C:\Program Files\Microsoft
2009-05-16 23:28:21 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 23:27:59 ----D---- C:\Program Files\Windows Live
2009-05-16 23:25:58 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-16 15:20:53 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-05-16 15:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 15:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-16 15:08:03 ----D---- C:\Program Files\CCleaner
2009-05-15 03:25:37 ----D---- C:\Program Files\Trend Micro
2009-05-14 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-14 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-14 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-14 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-14 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 19:15:45 ----D---- C:\Program Files\LucasArts
2009-04-23 23:56:28 ----D---- C:\Documents and Settings\USER\Application Data\Software Informer
2009-04-15 20:24:27 ----D---- C:\Documents and Settings\USER\Application Data\DisplayTune
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcp70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvbvm60.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc70.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcp80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcm80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\ijl15.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\atl80.dll
2009-04-15 20:23:42 ----D---- C:\Program Files\Portrait Displays
2009-04-15 20:23:42 ----D---- C:\Program Files\Common Files\Portrait Displays
2009-04-05 03:22:08 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-05 03:22:06 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 2 months======

2009-05-17 01:32:48 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 01:31:45 ----D---- C:\Documents and Settings\USER\Application Data\Free Download Manager
2009-05-17 01:29:55 ----D---- C:\WINDOWS\system32
2009-05-17 01:29:54 ----D---- C:\WINDOWS
2009-05-17 01:28:39 ----A---- C:\WINDOWS\system.ini
2009-05-17 01:27:55 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 01:27:55 ----D---- C:\WINDOWS\AppPatch
2009-05-17 01:27:51 ----D---- C:\Program Files\Common Files
2009-05-17 01:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 01:26:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 01:26:25 ----D---- C:\WINDOWS\Prefetch
2009-05-17 01:26:19 ----SHD---- C:\System Volume Information
2009-05-17 01:26:19 ----D---- C:\WINDOWS\system32\Restore
2009-05-17 01:17:11 ----D---- C:\Downloads
2009-05-17 01:03:47 ----SHD---- C:\WINDOWS\Installer
2009-05-17 00:53:59 ----RD---- C:\Program Files
2009-05-16 23:28:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-16 23:28:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 23:27:47 ----HD---- C:\WINDOWS\inf
2009-05-16 23:25:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 23:15:48 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:58:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-05-16 20:58:18 ----SD---- C:\WINDOWS\Tasks
2009-05-16 20:57:42 ----D---- C:\Program Files\VideoLAN
2009-05-16 20:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-16 20:54:26 ----D---- C:\Program Files\Java
2009-05-16 16:14:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-16 15:10:16 ----D---- C:\WINDOWS\Debug
2009-05-16 03:58:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-15 22:45:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-15 21:11:51 ----D---- C:\Program Files\WinRAR
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-14 23:37:55 ----D---- C:\Documents and Settings\USER\Application Data\Real
2009-05-14 23:26:30 ----D---- C:\Program Files\Steam
2009-05-14 14:17:51 ----D---- C:\Program Files\KalOnlineEng
2009-05-14 04:58:55 ----D---- C:\Program Files\ICQToolbar
2009-05-14 04:51:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-14 04:50:10 ----D---- C:\WINDOWS\WinSxS
2009-05-14 04:47:07 ----D---- C:\WINDOWS\system32\wbem
2009-05-14 04:47:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 03:07:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-14 03:06:55 ----D---- C:\WINDOWS\system32\el-gr
2009-05-14 03:06:55 ----D---- C:\Program Files\Internet Explorer
2009-05-14 03:05:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-13 21:01:41 ----A---- C:\WINDOWS\win.ini
2009-05-13 15:04:34 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2009-05-13 13:34:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-10 02:48:43 ----D---- C:\WINDOWS\Help
2009-05-07 15:09:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-07 02:50:28 ----D---- C:\DaViDeo3.PRO
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 19:50:03 ----D---- C:\download
2009-05-01 01:36:36 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-05-01 01:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 17:08:08 ----D---- C:\Program Files\Electronic Arts
2009-04-23 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-23 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-04-07 13:38:32 ----RD---- C:\eigene dateien
2009-03-25 18:01:02 ----D---- C:\Program Files\DC++
2009-03-21 17:18:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 20:55:12 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Πρόγραμμα οδήγησης πληκτρολογίου HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-04 14976]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-04 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-04 25416]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-05-13 9632]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Πρόγραμμα οδήγησης τυπικού διανομέα USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys []
S3 aci25k6t;aci25k6t; C:\WINDOWS\system32\drivers\aci25k6t.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Αποκωδικοποιητής κωδικοποιημένων υπότιτλων; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Σύνδεση τηλεόρασης/βίντεο της Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-15 189472]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-01-30 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-11-06 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 WMPNetworkSvc;Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 922112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------