Winrar crc fehler + und pc absturz virus??

Niralei · 17.05.2009, 04:20

guten morgen was mir noch eingefallen ist ein freund schickt mir schon tage immer links ueber msn 1 mal bin ich drauf da solte ich mein msn pw und id ein geben was ich aber nicht gemacht habe das komische ist er geht on sendet den link und ist off koennte es was mit meinen problem zutun haben ??? und vielen dank fuer deine hilfe mfg aus dem sonnigen griechenland

john.doe · 17.05.2009, 07:04

Zitat:

koennte es was mit meinen problem zutun haben ???

Wieso befolgt ihr eigentlich alle meine Anleitung? Lies Regel 1 und 8.

http://www.trojaner-board.de/396401-post22.html

Informiere deinen Freund, dass er schnellstmöglich sein MSN-Kennwort ändern soll.

Das Combofix-Log ist nicht vollständig.
Start => Ausführen => c:\combofix.txt => OK

Das 2. Log von RSIT fehlt.
Start => Ausführen => c:\rsit\info.txt => OK

ciao, andreas

Niralei · 17.05.2009, 10:39

ComboFix 09-05-16.05 - USER 17/05/2009 1:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.30.1032.18.2046.1625 [GMT 3:00]
Running from: c:\documents and settings\USER\Επιφάνεια εργασίας\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_C902.ini
c:\windows\system32\tmp70.tmp
c:\windows\system32\tmp71.tmp
c:\windows\system32\tmp80.tmp
c:\windows\system32\tmp81.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 20:34 . 2009-05-16 22:03 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 20:29 . 2009-05-16 20:29 -------- d-----w c:\documents and settings\USER\Tracing
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Microsoft
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 20:27 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live
2009-05-16 20:25 . 2009-05-16 20:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\USER\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 12:20 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 12:08 . 2009-05-16 12:08 -------- d-----w c:\program files\CCleaner
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Trend Micro
2009-05-14 01:54 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-13 10:34 . 2009-05-13 10:34 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\PunkBuster
2009-05-07 16:15 . 2009-05-13 18:15 -------- d-----w c:\program files\LucasArts
2009-04-23 20:56 . 2009-04-23 20:56 -------- d-----w c:\documents and settings\USER\Application Data\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:29 . 2008-05-03 18:45 14464 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 17:58 . 2008-05-06 20:28 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-16 17:57 . 2008-05-08 23:46 -------- d-----w c:\program files\VideoLAN
2009-05-16 17:54 . 2008-05-07 19:39 -------- d-----w c:\program files\Java
2009-05-15 19:45 . 2008-05-06 18:00 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 19:45 . 2008-05-06 18:00 189472 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-14 20:26 . 2009-03-06 19:35 -------- d-----w c:\program files\Steam
2009-05-14 11:17 . 2008-05-06 20:11 -------- d-----w c:\program files\KalOnlineEng
2009-05-14 01:58 . 2008-05-06 20:21 -------- d-----w c:\program files\ICQToolbar
2009-05-14 01:51 . 2006-03-02 12:00 95336 ----a-w c:\windows\system32\perfc008.dat
2009-05-14 01:51 . 2006-03-02 12:00 551152 ----a-w c:\windows\system32\perfh008.dat
2009-05-14 01:47 . 2008-05-03 18:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:34 . 2008-05-06 17:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-28 14:08 . 2008-10-17 19:08 -------- d-----w c:\program files\Electronic Arts
2009-04-23 16:14 . 2009-01-19 17:49 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 16:14 . 2009-01-19 17:49 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Common Files\Portrait Displays
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Portrait Displays
2009-03-25 15:01 . 2008-07-03 11:32 -------- d-----w c:\program files\DC++
2009-03-06 14:45 . 2006-03-02 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 01:04 . 2009-02-28 00:45 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-02-28 01:04 . 2009-02-28 00:45 17212 ----atw c:\windows\system32\SIntf32.dll
2009-02-28 01:04 . 2009-02-28 00:45 12067 ----atw c:\windows\system32\SIntf16.dll
2009-02-27 19:46 . 2009-02-27 19:46 58 ----a-w c:\windows\wininit.tmp
2009-02-27 16:39 . 2008-10-30 18:10 533 ----a-w c:\windows\eReg.dat
2009-02-20 17:10 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-12-17 22:34 . 2009-05-14 20:47 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:34 . 2009-05-14 20:47 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:34 . 2009-05-14 20:47 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:34 . 2009-05-14 20:47 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:34 . 2009-05-14 20:47 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\DivX\\DivX Player\\DivX Player.exe"=
"c:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\pbsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:TCP"= 8000:TCP:LimeWire
"8000:UDP"= 8000:UDP:LireWire
"8001:TCP"= 8001:TCP:Winamp
"8001:UDP"= 8001:UDP:Winamp

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/2/2005 12:29 μμ 162176]
S3 aaudstum;aaudstum;\??\c:\docume~1\USER\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\USER\LOCALS~1\Temp\aaudstum.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/5/2009 3:20 μμ 38496]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/11/2008 4:40 μμ 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/11/2008 4:40 μμ 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/11/2008 4:40 μμ 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/11/2008 4:40 μμ 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/11/2008 4:40 μμ 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/11/2008 4:40 μμ 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/11/2008 4:40 μμ 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{979BAA16-96A0-4538-996D-A9809E1733F2}]
c:\documents and settings\USER\Application Data\UpdateInstaller.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\whabd7an.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 01:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1767777339-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,91,b7,55,cf,ac,e2,d1,1b,29,45,2b,41,2d,e5,63,9d,51,8e,3f,6c,d1,f4,
8f,98,1c,c0,df,36,06,1c,53,b8,d5,fd,f6,0b,b5,8f,42,66,fd,4f,77,b2,63,3b,31,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05

[HKEY_USERS\S-1-5-21-1078081533-1767777339-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:40,98,c2,9e,e8,4d,23,87,6e,11,5e,47,40,75,d2,b5,ed,b1,94,d6,c9,
0b,69,20,ab,8c,66,b2,45,59,d7,c1,19,6b,84,40,6c,23,00,78,90,71,fa,11,86,79,\
"rkeysecu"=hex:6c,ae,83,e3,1b,9d,04,b8,d2,10,21,3e,eb,0c,9c,c0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-16 1:29
ComboFix-quarantined-files.txt 2009-05-16 22:29

Pre-Run: 16 Κατάλογοι 179.265.236.992 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 179.306.000.384 διαθέσιμα byte

176

Niralei · 17.05.2009, 10:43

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-05-17 12:41:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 170 GB (71%) free of 239 GB
Total RAM: 2046 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:48 μμ, on 17/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7214 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*

isabled

C++"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:Enabled

ivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:Enabled

ivX EKG"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe"="C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe:*:Enabled

bsetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*

isabled:Free Download Manager"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

Niralei · 17.05.2009, 10:44

2009-05-17 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-05-17 01:44:39 ----SHD---- C:\RECYCLER
2009-05-17 01:32:34 ----D---- C:\rsit
2009-05-17 01:29:54 ----D---- C:\WINDOWS\temp
2009-05-17 01:29:53 ----A---- C:\ComboFix.txt
2009-05-17 01:26:20 ----A---- C:\WINDOWS\zip.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\vFind.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWSC.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWREG.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\sed.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\grep.exe
2009-05-17 01:26:14 ----D---- C:\ComboFix
2009-05-17 01:22:59 ----D---- C:\WINDOWS\ERDNT
2009-05-17 01:22:52 ----D---- C:\Qoobox
2009-05-17 01:03:46 ----SHD---- C:\Config.Msi
2009-05-16 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 23:34:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-16 23:34:11 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 23:28:36 ----D---- C:\Program Files\Microsoft
2009-05-16 23:28:21 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 23:27:59 ----D---- C:\Program Files\Windows Live
2009-05-16 23:25:58 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-16 15:20:53 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-05-16 15:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 15:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-16 15:08:03 ----D---- C:\Program Files\CCleaner
2009-05-15 03:25:37 ----D---- C:\Program Files\Trend Micro
2009-05-14 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-14 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-14 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-14 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-14 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 19:15:45 ----D---- C:\Program Files\LucasArts
2009-04-23 23:56:28 ----D---- C:\Documents and Settings\USER\Application Data\Software Informer

======List of files/folders modified in the last 1 months======

2009-05-17 12:26:50 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 06:49:53 ----D---- C:\WINDOWS\Prefetch
2009-05-17 06:12:23 ----D---- C:\Documents and Settings\USER\Application Data\Free Download Manager
2009-05-17 06:02:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-17 04:51:42 ----D---- C:\Downloads
2009-05-17 04:06:01 ----D---- C:\WINDOWS
2009-05-17 04:05:20 ----D---- C:\WINDOWS\system32
2009-05-17 04:04:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 03:00:34 ----HD---- C:\WINDOWS\inf
2009-05-17 03:00:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-17 02:33:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-17 02:13:15 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 02:13:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-17 01:28:39 ----A---- C:\WINDOWS\system.ini
2009-05-17 01:27:55 ----D---- C:\WINDOWS\AppPatch
2009-05-17 01:27:51 ----D---- C:\Program Files\Common Files
2009-05-17 01:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 01:26:19 ----SHD---- C:\System Volume Information
2009-05-17 01:26:19 ----D---- C:\WINDOWS\system32\Restore
2009-05-17 01:03:47 ----SHD---- C:\WINDOWS\Installer
2009-05-17 00:53:59 ----RD---- C:\Program Files
2009-05-16 23:28:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-16 23:28:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 23:25:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 23:15:48 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:58:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-05-16 20:58:18 ----SD---- C:\WINDOWS\Tasks
2009-05-16 20:57:42 ----D---- C:\Program Files\VideoLAN
2009-05-16 20:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-16 20:54:26 ----D---- C:\Program Files\Java
2009-05-16 15:10:16 ----D---- C:\WINDOWS\Debug
2009-05-16 03:58:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-15 22:45:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-15 21:11:51 ----D---- C:\Program Files\WinRAR
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-14 23:37:55 ----D---- C:\Documents and Settings\USER\Application Data\Real
2009-05-14 23:26:30 ----D---- C:\Program Files\Steam
2009-05-14 14:17:51 ----D---- C:\Program Files\KalOnlineEng
2009-05-14 04:58:55 ----D---- C:\Program Files\ICQToolbar
2009-05-14 04:51:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-14 04:50:10 ----D---- C:\WINDOWS\WinSxS
2009-05-14 04:47:07 ----D---- C:\WINDOWS\system32\wbem
2009-05-14 04:47:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 03:06:55 ----D---- C:\WINDOWS\system32\el-gr
2009-05-14 03:06:55 ----D---- C:\Program Files\Internet Explorer
2009-05-13 21:01:41 ----A---- C:\WINDOWS\win.ini
2009-05-13 15:04:34 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2009-05-13 13:34:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-10 02:48:43 ----D---- C:\WINDOWS\Help
2009-05-07 02:50:28 ----D---- C:\DaViDeo3.PRO
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 19:50:03 ----D---- C:\download
2009-05-01 01:36:36 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-05-01 01:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 17:08:08 ----D---- C:\Program Files\Electronic Arts
2009-04-23 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-23 19:14:12 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Πρόγραμμα οδήγησης πληκτρολογίου HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-04 14976]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-04 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-04 25416]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-05-13 9632]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Πρόγραμμα οδήγησης τυπικού διανομέα USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys []
S3 ajxgvgxd;ajxgvgxd; C:\WINDOWS\system32\drivers\ajxgvgxd.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Αποκωδικοποιητής κωδικοποιημένων υπότιτλων; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Σύνδεση τηλεόρασης/βίντεο της Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-11-06 49152]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-15 189472]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-01-30 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 WMPNetworkSvc;Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 922112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Niralei · 17.05.2009, 10:46

ich hab ihn schon angerufen hoffe die logs sind jetzt richtig
sende ich jetzt auch solche links an meine msn kontakte ??

Niralei · 17.05.2009, 12:14

sind die logs ok so??

john.doe · 17.05.2009, 12:56

Nicht drängeln, es ist nicht gerade leicht, diese Logs zu lesen, das dauert eine Weile.

Du kannst in der Zwischenzeit folgende Dateien bei uns hochladen:

Code:

ATTFilter

C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys
C:\WINDOWS\system32\drivers\EagleNT.sys
C:\WINDOWS\system32\DRIVERS\ENTECH.sys

Die Dateien sind nicht sichtbar. Markiere jeweils eine Zeile in der Box, [Strg]c, wechsel in den Uploadchannel, klicke in eines der drei oberen weißen Felder, [Strg]v

ciao, andreas

Niralei · 17.05.2009, 12:57

kommt sofort

john.doe · 17.05.2009, 13:24

Erstelle ein Filelisting.

Lade die Datei File-Upload.net - listing0.bat auf deinen Desktop
Doppelklicke auf listing0.bat
Am Ende befindet sich eine Datei listing.txt auf dem Desktop. Die bei einem Filehoster (z.B. Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de) hochladen und hier den Link posten.

ciao, andreas

Niralei · 17.05.2009, 13:37

wenn ich auf die datei klicke oeffnet sich ein schwarzes da steht er kann den pfad nicht finden oder so mein win ist auf griechisch und die listing.txt text datei ist auch leer

john.doe · 17.05.2009, 13:49

Zitat:

wenn ich auf die datei klicke oeffnet sich ein schwarzes da steht er kann den pfad nicht finden oder so mein win ist auf griechisch und die listing.txt text datei ist auch leer

1.) Lade diese Datei hoch:

c:\documents and settings\USER\Application Data\UpdateInstaller.exe
C:\WINDOWS\system32\UAService7.exe

2.) Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

ATTFilter

KILLALL::

Driver::
aaudstum
ajxgvgxd
catchme
EagleNT
ENTECH
mbr

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
"MSMSGS"=-
"Sony Ericsson PC Suite"=-
"msnmsgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"RTHDCPL"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:TCP"=-
"8000:UDP"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bonjour\mDNSResponder.exe"=-

Folder::
C:\rsit
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\program files\SUPERAntiSpyware
c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
c:\program files\Windows Live Toolbar
c:\program files\ICQToolbar

File::
c:\windows\system32\perfc008.dat
c:\windows\system32\perfh008.dat
c:\windows\wininit.tmp
c:\windows\kerlib.dll
c:\windows\system32\clacatex.dll
c:\windows\system32\clipaed.exe 

DirLook::
c:\program files\DC++
C:\download
C:\Downloads

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten ohne zu editieren (es sei denn, dein voller Name ist ersichtlich)

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

Niralei · 17.05.2009, 14:12

hier ist der link der log habs hochgeladen weils zu gross ist um es hier zu posten
mfg nira

Niralei · 17.05.2009, 14:13

http://rapidshare.com/files/234004738/ComboFix.txt.html

john.doe · 17.05.2009, 14:44

Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche)
Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen)

(Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Entf um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein)

ciao, andreas

Winrar crc fehler + und pc absturz virus??

Log-Analyse und Auswertung: Winrar crc fehler + und pc absturz virus??