Winrar crc fehler + und pc absturz virus??

Niralei · 16.05.2009, 21:18

das ist die datei
{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

ich glaub die ist im HKEY CLASSES ROOT zu finden

john.doe · 16.05.2009, 21:28

Zitat:

ich glaub die ist im HKEY CLASSES ROOT zu finden

Das ist keine Datei sondern ein Registryeintrag, der wurde von Avira angelegt, geschützt und lässt sich deshalb nicht löschen. Das ist schon in Ordnung so.

Poste bitte nochmal ein aktuelles HJT-Log.

Gleich im Anschluß: http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3 der Anleitung)

ciao, andreas

Niralei · 16.05.2009, 23:38

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-05-17 01:37:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 171 GB (71%) free of 239 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:38 πμ, on 17/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7193 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*

isabled

C++"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:Enabled

ivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:Enabled

ivX EKG"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe"="C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe:*:Enabled

bsetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*

isabled:Free Download Manager"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Niralei · 16.05.2009, 21:13

aaah und CCleaner bekommt die eine datei auch nicht weg egal wie oft ich es versuche

john.doe · 16.05.2009, 21:14

Welche Datei ist es denn? Ich brauche den genauen Namen und den Pfad.

ciao, andreas

Niralei · 17.05.2009, 15:22

Filelisting hats nicht getan ich hab kein grund hier zu luegen
und ich nutze den pc nicht alleine aber vielen dank fuer deine hilfe mfg nira

Niralei · 17.05.2009, 14:50

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : USER ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:233 Go (Free:165 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( ‰¬¨ 17/05/2009|16:48 )

--------------------\\ Ordner Verzeichnis unter APPLIC~1

[03/05/2008|09:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\ADMINI~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[14/10/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[30/10/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[10/11/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/05/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[08/11/2008|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[01/05/2009|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Codemasters
[28/07/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[25/09/2008|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[20/02/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FreeDownloadManager.ORG
[01/07/2008|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ICQ
[22/09/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[13/10/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[16/05/2009|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[16/05/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[18/02/2009|03:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[16/05/2009|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[10/11/2008|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[08/11/2008|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Ericsson
[16/05/2009|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[17/05/2009|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/03/2009|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/10/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/05/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[0|€¨®œε˜] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[25|‰˜«αΆ¦š¦ ] C:\DOCUME~1\ALLUSE~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[03/05/2008|09:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\DEFAUL~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[15/03/2009|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[25/09/2008|05:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> agi
[03/05/2008|09:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[5|‰˜«αΆ¦š¦ ] C:\DOCUME~1\LOCALS~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[11/02/2009|06:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\NETWOR~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[07/08/2008|10:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> AD ON Multimedia
[13/11/2008|02:23] C:\DOCUME~1\USER\APPLIC~1\<DIR> Adobe
[13/12/2008|12:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Apple Computer
[02/07/2008|12:00] C:\DOCUME~1\USER\APPLIC~1\<DIR> ArcSoft
[03/05/2008|09:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> ATI
[25/09/2008|09:14] C:\DOCUME~1\USER\APPLIC~1\<DIR> com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[08/11/2008|05:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[28/07/2008|11:27] C:\DOCUME~1\USER\APPLIC~1\<DIR> CyberLink
[27/10/2008|03:28] C:\DOCUME~1\USER\APPLIC~1\<DIR> DAEMON Tools
[15/04/2009|08:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> DisplayTune
[05/08/2008|01:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> DivX
[16/01/2009|04:15] C:\DOCUME~1\USER\APPLIC~1\<DIR> dvdcss
[20/02/2009|04:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> Facebook
[17/05/2009|04:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Free Download Manager
[07/05/2008|08:30] C:\DOCUME~1\USER\APPLIC~1\<DIR> gslist
[19/08/2008|04:07] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQ
[06/05/2008|11:30] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQ Toolbar
[06/05/2008|11:21] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQLite
[03/05/2008|09:32] C:\DOCUME~1\USER\APPLIC~1\<DIR> Identities
[16/09/2008|09:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> ImTOO Software Studio
[08/11/2008|04:39] C:\DOCUME~1\USER\APPLIC~1\<DIR> InstallShield
[05/03/2009|08:09] C:\DOCUME~1\USER\APPLIC~1\<DIR> Leadertech
[19/03/2009|08:55] C:\DOCUME~1\USER\APPLIC~1\<DIR> LimeWire
[07/11/2008|11:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> Macromedia
[16/05/2009|03:20] C:\DOCUME~1\USER\APPLIC~1\<DIR> Malwarebytes
[25/09/2008|02:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> MAXON
[19/02/2009|01:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Media Player Classic
[25/09/2008|09:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> Microsoft
[04/09/2008|02:09] C:\DOCUME~1\USER\APPLIC~1\<DIR> Mozilla
[14/05/2009|11:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> Real
[08/11/2008|04:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> SecuROM
[05/03/2009|09:33] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sierra Entertainment
[13/05/2009|03:04] C:\DOCUME~1\USER\APPLIC~1\<DIR> skypePM
[23/04/2009|11:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> Software Informer
[10/11/2008|09:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sony
[20/07/2008|02:10] C:\DOCUME~1\USER\APPLIC~1\<DIR> streamripper
[02/07/2008|12:11] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sun
[17/07/2008|12:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> teamspeak2
[17/03/2009|03:41] C:\DOCUME~1\USER\APPLIC~1\<DIR> TeamViewer
[19/10/2008|08:27] C:\DOCUME~1\USER\APPLIC~1\<DIR> U3
[09/05/2008|02:48] C:\DOCUME~1\USER\APPLIC~1\<DIR> vlc
[07/05/2008|01:18] C:\DOCUME~1\USER\APPLIC~1\<DIR> WinRAR
[08/11/2008|11:07] C:\DOCUME~1\USER\APPLIC~1\<DIR> Xilisoft Corporation
[10/07/2008|11:06] C:\DOCUME~1\USER\APPLIC~1\<DIR> YuLeech
[0|€¨®œε˜] C:\DOCUME~1\USER\APPLIC~1\byte
[46|‰˜«αΆ¦š¦ ] C:\DOCUME~1\USER\APPLIC~1\› ˜Ÿβ© £˜ byte

--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks

[17/05/2009 04:34 ££][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 03:00 ££][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[13/11/2008|01:31] C:\Program Files\<DIR> Adobe
[08/07/2008|02:59] C:\Program Files\<DIR> Ahead
[16/07/2008|03:16] C:\Program Files\<DIR> AMD
[02/07/2008|11:59] C:\Program Files\<DIR> ArcSoft
[03/05/2008|09:43] C:\Program Files\<DIR> ATI Technologies
[13/08/2008|04:22] C:\Program Files\<DIR> AV Vcs 6.0 DIAMOND
[07/02/2009|06:04] C:\Program Files\<DIR> Avanquest update
[13/11/2008|01:32] C:\Program Files\<DIR> Bonjour
[16/05/2009|03:08] C:\Program Files\<DIR> CCleaner
[17/05/2009|03:56] C:\Program Files\<DIR> Common Files
[03/05/2008|09:25] C:\Program Files\<DIR> ComPlus Applications
[28/07/2008|11:25] C:\Program Files\<DIR> CyberLink
[27/10/2008|03:29] C:\Program Files\<DIR> DAEMON Tools Lite
[11/12/2008|04:58] C:\Program Files\<DIR> DaViDeo3professional
[25/03/2009|06:01] C:\Program Files\<DIR> DC++
[20/02/2009|04:03] C:\Program Files\<DIR> DivX
[19/07/2008|02:53] C:\Program Files\<DIR> DVDVideoSoft
[17/03/2009|06:53] C:\Program Files\<DIR> EA GAMES
[28/04/2009|05:08] C:\Program Files\<DIR> Electronic Arts
[15/03/2009|04:50] C:\Program Files\<DIR> Free Download Manager
[01/07/2008|11:23] C:\Program Files\<DIR> ICQ6Toolbar
[01/07/2008|11:23] C:\Program Files\<DIR> ICQLite
[14/05/2009|04:47] C:\Program Files\<DIR> InstallShield Installation Information
[14/05/2009|03:06] C:\Program Files\<DIR> Internet Explorer
[16/05/2009|08:54] C:\Program Files\<DIR> Java
[14/05/2009|02:17] C:\Program Files\<DIR> KalOnlineEng
[06/11/2008|11:28] C:\Program Files\<DIR> Kiwee Toolbar
[18/02/2009|03:22] C:\Program Files\<DIR> K-Lite Codec Pack
[13/05/2009|09:15] C:\Program Files\<DIR> LucasArts
[16/05/2009|03:20] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[15/08/2008|03:02] C:\Program Files\<DIR> Messenger
[16/05/2009|11:28] C:\Program Files\<DIR> Microsoft
[03/05/2008|09:29] C:\Program Files\<DIR> microsoft frontpage
[25/09/2008|09:16] C:\Program Files\<DIR> Microsoft Office
[03/05/2008|09:26] C:\Program Files\<DIR> Movie Maker
[17/05/2009|04:44] C:\Program Files\<DIR> Mozilla Firefox
[15/12/2008|09:03] C:\Program Files\<DIR> MSBuild
[03/05/2008|09:25] C:\Program Files\<DIR> MSN Gaming Zone
[28/10/2008|04:00] C:\Program Files\<DIR> MSXML 4.0
[15/12/2008|09:01] C:\Program Files\<DIR> MSXML 6.0
[03/05/2008|09:26] C:\Program Files\<DIR> NetMeeting
[20/07/2008|02:01] C:\Program Files\<DIR> Online Services
[14/03/2009|03:10] C:\Program Files\<DIR> OpenAL
[09/05/2008|11:09] C:\Program Files\<DIR> Outlook Express
[15/04/2009|08:23] C:\Program Files\<DIR> Portrait Displays
[10/11/2008|09:21] C:\Program Files\<DIR> QuickTime
[03/05/2008|09:47] C:\Program Files\<DIR> Realtek
[15/12/2008|09:02] C:\Program Files\<DIR> Reference Assemblies
[14/01/2009|03:33] C:\Program Files\<DIR> SHOUTcast
[30/10/2008|08:23] C:\Program Files\<DIR> Software Informer
[10/11/2008|09:21] C:\Program Files\<DIR> Sony
[10/11/2008|11:45] C:\Program Files\<DIR> Sony Ericsson
[14/05/2009|11:26] C:\Program Files\<DIR> Steam
[17/09/2008|01:36] C:\Program Files\<DIR> Sun
[06/05/2008|07:10] C:\Program Files\<DIR> Teamspeak2_RC2
[17/03/2009|03:41] C:\Program Files\<DIR> TeamViewer
[20/07/2008|01:39] C:\Program Files\<DIR> TGTSoft
[15/05/2009|03:25] C:\Program Files\<DIR> Trend Micro
[02/07/2008|11:57] C:\Program Files\<DIR> Trust
[03/05/2008|09:32] C:\Program Files\<DIR> Uninstall Information
[16/05/2009|08:57] C:\Program Files\<DIR> VideoLAN
[14/01/2009|03:34] C:\Program Files\<DIR> Winamp
[16/05/2009|11:28] C:\Program Files\<DIR> Windows Live
[16/05/2009|11:28] C:\Program Files\<DIR> Windows Live SkyDrive
[09/10/2008|02:41] C:\Program Files\<DIR> Windows Media Connect 2
[09/10/2008|02:41] C:\Program Files\<DIR> Windows Media Player
[03/05/2008|09:25] C:\Program Files\<DIR> Windows NT
[03/05/2008|09:27] C:\Program Files\<DIR> WindowsUpdate
[15/05/2009|09:11] C:\Program Files\<DIR> WinRAR
[03/05/2008|09:29] C:\Program Files\<DIR> xerox
[0|€¨®œε˜] C:\Program Files\byte
[72|‰˜«αΆ¦š¦ ] C:\Program Files\› ˜Ÿβ© £˜ byte

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[13/11/2008|01:32] C:\Program Files\Common Files\<DIR> Adobe
[08/07/2008|02:59] C:\Program Files\Common Files\<DIR> Ahead
[02/07/2008|11:59] C:\Program Files\Common Files\<DIR> ArcSoft
[03/05/2008|09:41] C:\Program Files\Common Files\<DIR> ATI Technologies
[11/11/2008|12:17] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[13/05/2008|03:43] C:\Program Files\Common Files\<DIR> INCA Shared
[22/09/2008|01:37] C:\Program Files\Common Files\<DIR> InstallShield
[13/11/2008|01:22] C:\Program Files\Common Files\<DIR> Macrovision Shared
[16/05/2009|11:28] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/05/2008|09:26] C:\Program Files\Common Files\<DIR> MSSoap
[20/07/2008|04:06] C:\Program Files\Common Files\<DIR> NSV
[04/05/2008|12:12] C:\Program Files\Common Files\<DIR> ODBC
[02/07/2008|11:57] C:\Program Files\Common Files\<DIR> PCCamera
[15/04/2009|08:23] C:\Program Files\Common Files\<DIR> Portrait Displays
[03/05/2008|09:26] C:\Program Files\Common Files\<DIR> Services
[04/05/2008|12:12] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/05/2008|11:09] C:\Program Files\Common Files\<DIR> System
[16/05/2009|11:25] C:\Program Files\Common Files\<DIR> Windows Live
[06/05/2008|11:27] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[0|€¨®œε˜] C:\Program Files\Common Files\byte
[21|‰˜«αΆ¦š¦ ] C:\Program Files\Common Files\› ˜Ÿβ© £˜ byte

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER

--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:48:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen

Kein anderen Infektionen gefunden !

[F:1][D:3]-> C:\DOCUME~1\USER\LOCALS~1\Temp
[F:30][D:0]-> C:\DOCUME~1\USER\Cookies
[F:2][D:0]-> C:\DOCUME~1\USER\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ‰¬¨ 17/05/2009|16:49 - Option : [1]

--------------------\\ Scan beendet um 16:49:17

john.doe · 17.05.2009, 15:14

Und wieder einer für die Liste, die wird immer länger.

Zitat:

2008-11-12 22:21 . 2007-04-28 12:44 53760 ----a-w c:\downloads\Adobe_Photoshop_CS3_Extended\KeyGen + Crack\Keygen.exe

Spätestens als angeblich das Filelisting nicht funktionierte, wußte ich, dass du mich anlügst und das nehme ich dir übel.

Du hast wohl die ganzen Keygens, Cracks und Patches gesehen, die es gefunden hat. Das du im Log von LopSD editiert hast, weiß ich.

Wann lernt ihr endlich die Hände von geklauter Software zu lassen?

Da hilft jetzt nur noch eins: http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
Andreas

Winrar crc fehler + und pc absturz virus??

Log-Analyse und Auswertung: Winrar crc fehler + und pc absturz virus??