Winrar crc fehler + und pc absturz virus??
 

Hallo leute ich habe jetzt 2 tage das problem das wen ich win rar dateien endpacke kommt immer ein crc fehler und wen ich spybot laufen lasse startet der pc immer neu und bei spielen kommt es auch vor das er neu startet ich hatte vor ein paar monaten das selbe problem es war ein virus der im task manager zu finden war das problem konnte ich beheben aber jetzt komm ich leider nicht mehr weiter ich poste mal meine hijackthis log in der hoffnung das ihr mir weiter helfen koennt mfg Nira


Scan saved at 1:05:10 μμ, on 16/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Library Update] C:\WINDOWS\system32\clipaed.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Hallo Niralei und :hallo:

1.) Starte HJT => Do a system scan only => Markiere:
=> Fix checked => Neustart

2.) Lade bitte die Datei:
gemäß folgender Anleitung bei uns hoch.

3.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

also wenn ich fix checked mache kommt
fix 1 selected items ? this will permanently delete and /or repair what you selected soll ich auf ok dann neustart und hier hochladen ??? sry ich bin in sowas nicht grade der beste

Ja. :)
Ja. :)
Ja. Das Fixen entfernt nur einen Eintrag in der Registry, die Datei ist weiterhin vorhanden. Durch den Neustart wird die Datei nicht mehr geladen und ist erstmal wirkungslos.

ciao, andreas

also ich hab jetzt versucht die datei im sys32 odner zu finden um es hier hoch zu laden find es aber nicht im sys32 odner ??

Dann suche es nicht sondern markiere die Zeile in der Box:
, drücke [Strg]c, dann wechsel zum Uploadchannel, klicke in das erste weiße Feld, so dass die Schreibmarke blinkt, drücke [Strg]v.

ciao, andreas

laden erfolgrreich aber ich sehe es hier nicht o_O

Du hast mittlerweile schon dreimal hochgeladen, aber die hat immer die Größe 0 KB und das heißt, sie ist noch aktiv. :(

Mache jetzt weiter mit der Liste Punkt 2 ("Für alle Neuen").

ciao, andreas

liste punkt 2 fertig und was jetzt ???

Wenn du fertig bist, sehe ich hier ein Log von Malwarebytes, ein neues von HJT und die Programmliste von HJT.

Tipp gebe: Wenn du auf "Für alle Neuen" geklickt hast, dann rolle doch mal etwas nach unten. :)

ciao, andreas

bei malware startet der pc immer neu hat es aber fast bis zum ende geschafft und null infizierte objekte ich poste mal die anderen logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:21 μμ, on 16/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9649 bytes



uninstall list

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Allied Intent Xtended 2.0
ArcSoft VideoImpression 2
ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
Avanquest update
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
CCleaner (remove only)
Command & Conquer 3
DaViDeo 3 professional
DC++ 0.706
DivX Codec
DivX Player
DivX Web Player
Dual-Core Optimizer
Free Download Manager 3.0
Garry's Mod
Half-Life 2: Deathmatch
Hervorhebe-Funktion (Windows Live Toolbar)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP My Display
ICQ Toolbar
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KalOnlineEng
K-Lite Mega Codec Pack 4.6.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 6 Ultra Edition
OpenAL
OpenOffice.org Installer 1.0
PDF Settings
PowerDVD
QuickTime
Realtek High Definition Audio Driver
SDK
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Software Informer 1.0 BETA
Sony Ericsson Media Manager 1.1
Sony Ericsson PC Suite 4.010.00
Sony Ericsson Themes Creator 3.29
Spybot - Search & Destroy
Steam
TeamSpeak 2 RC2
TeamViewer 4
Trust WB-1400T Webcam
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.2
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites fur Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR
Άμεση επιδιόρθωση για Windows XP - KB873339
Άμεση επιδιόρθωση για Windows XP - KB885835
Άμεση επιδιόρθωση για Windows XP - KB885836
Άμεση επιδιόρθωση για Windows XP - KB886185
Άμεση επιδιόρθωση για Windows XP - KB887472
Άμεση επιδιόρθωση για Windows XP - KB888302
Άμεση επιδιόρθωση για Windows XP - KB890859
Άμεση επιδιόρθωση για Windows XP - KB891781
Βοηθός εισόδου του Windows Live
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB954154)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB944533)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB953838)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB956390)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows XP (KB890046)
Ενημέρωση ασφαλείας για Windows XP (KB893756)
Ενημέρωση ασφαλείας για Windows XP (KB896358)
Ενημέρωση ασφαλείας για Windows XP (KB896423)
Ενημέρωση ασφαλείας για Windows XP (KB896428)
Ενημέρωση ασφαλείας για Windows XP (KB899587)
Ενημέρωση ασφαλείας για Windows XP (KB899591)
Ενημέρωση ασφαλείας για Windows XP (KB900725)
Ενημέρωση ασφαλείας για Windows XP (KB901017)
Ενημέρωση ασφαλείας για Windows XP (KB901214)
Ενημέρωση ασφαλείας για Windows XP (KB902400)
Ενημέρωση ασφαλείας για Windows XP (KB905414)
Ενημέρωση ασφαλείας για Windows XP (KB905749)
Ενημέρωση ασφαλείας για Windows XP (KB908519)
Ενημέρωση ασφαλείας για Windows XP (KB911562)
Ενημέρωση ασφαλείας για Windows XP (KB911927)
Ενημέρωση ασφαλείας για Windows XP (KB913580)
Ενημέρωση ασφαλείας για Windows XP (KB914388)
Ενημέρωση ασφαλείας για Windows XP (KB914389)
Ενημέρωση ασφαλείας για Windows XP (KB918118)
Ενημέρωση ασφαλείας για Windows XP (KB918439)
Ενημέρωση ασφαλείας για Windows XP (KB919007)
Ενημέρωση ασφαλείας για Windows XP (KB920213)
Ενημέρωση ασφαλείας για Windows XP (KB920670)
Ενημέρωση ασφαλείας για Windows XP (KB920683)
Ενημέρωση ασφαλείας για Windows XP (KB920685)
Ενημέρωση ασφαλείας για Windows XP (KB922819)
Ενημέρωση ασφαλείας για Windows XP (KB923191)
Ενημέρωση ασφαλείας για Windows XP (KB923414)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB923980)
Ενημέρωση ασφαλείας για Windows XP (KB924270)
Ενημέρωση ασφαλείας για Windows XP (KB924496)
Ενημέρωση ασφαλείας για Windows XP (KB924667)
Ενημέρωση ασφαλείας για Windows XP (KB925902)
Ενημέρωση ασφαλείας για Windows XP (KB926255)
Ενημέρωση ασφαλείας για Windows XP (KB926436)
Ενημέρωση ασφαλείας για Windows XP (KB927779)
Ενημέρωση ασφαλείας για Windows XP (KB927802)
Ενημέρωση ασφαλείας για Windows XP (KB928255)
Ενημέρωση ασφαλείας για Windows XP (KB929123)
Ενημέρωση ασφαλείας για Windows XP (KB930178)
Ενημέρωση ασφαλείας για Windows XP (KB931261)
Ενημέρωση ασφαλείας για Windows XP (KB931784)

das bringt dich leider auch nicht weiter oder??

Ich fürchte jeder Scanner wird abstürzen. Dann versuchen wir es anders.

1.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.
Nach Neustart kann sie wieder aktiviert werden.

2.) Deinstalliere:

• ICQ Toolbar
• Java(TM) 6 Update 2
• Java(TM) 6 Update 5
• Java(TM) 6 Update 7
• Skype™ 3.8
• Spybot - Search & Destroy
• VideoLAN VLC media player 0.8.2
• Windows Live Toolbar
• Windows Live Toolbar
• Windows Live Toolbar-Erweiterung (Windows Live Toolbar)

3.) http://www.trojaner-board.de/51464-a...-ccleaner.html

4.) Installiere (Toolbars immer abwählen, Haken weg):

• Skype herunterladen und kostenlose Skype-to-Skype Telefonate führen
• Java-Downloads für alle Betriebssysteme - Sun Microsystems
• VLC media player - Overview oder besser KMPlayer

5.) Mausklick rechts auf dein C:-Laufwerk => Eigenschaften => Karte: Extras => Fehlerüberprüfung: Jetzt prüfen => Beide Haken setzen => Starten => OK

6.) Versuche nochmal mit Malwarebytes einen Vollscan zu machen und poste anschliessend das Log.

ciao, andreas

ja eine datei bekommt der ccleaner nicht weg ich werde das jetzt mal versuchen
mit dem deinstallieren von icqtoolbar usw

Ich habe mir schon etwas dabei gedacht, dass ich erst deinstallieren und dann CCleaner einsetzen lasse. :)

ciao, andreas

ich habe alle punkte gemacht aber der pc bootet immer noch bei malwarebytes :(

aaah und ccleaner bekommt die eine datei auch nicht weg egal wie oft ich es versuche

Welche Datei ist es denn? Ich brauche den genauen Namen und den Pfad.

ciao, andreas

das ist die datei
{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

ich glaub die ist im HKEY CLASSES ROOT zu finden

Das ist keine Datei sondern ein Registryeintrag, der wurde von Avira angelegt, geschützt und lässt sich deshalb nicht löschen. Das ist schon in Ordnung so. :)

Poste bitte nochmal ein aktuelles HJT-Log.

Gleich im Anschluß: http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3 der Anleitung)

ciao, andreas

hier die neue log super anti spyware mach ich jetzt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:00 μμ, on 16/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7979 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2009 at 00:29 AM

Application Version : 4.26.1002

Core Rules Database Version : 3896
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 00:49:57

Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 4350
Registry threats detected : 0
File items scanned : 116090
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\USER\Cookies\user@atdmt[1].txt

Trojan.Agent/Gen-FSG
C:\EIGENE DATEIEN\PROGRAMME\NERO BURNING ROM\NERO_BURNING_ROM_V6.6.0.13

1.) Deinstalliere (falls möglich):

• SuperAntiSpyware
• Bonjour

2.) Stecke alles, das du jemals mit dem Computer verbunden hast, wie Kamera, Handy, Speicherkarten, Memorysticks, externe Laufwerke, ... vor dem nächsten Scan an.

ComboFix

Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  
  Sollte sich ComboFix nicht starten lassen, dann benenne es um in cf.com und versuche es nocheinmal.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

3.) Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

ciao, andreas

ich werde es versuchen aber noch eine frage
koennte es evtl am neuen antivir 9 liegen das ich am selben tag installiert habe wo die probleme angefangen haben und das neue mozilla hatte ich auch an dem tag installiert ???

Wäre möglich, aber es gibt Anzeichen auf einen Backdoor. Das halte ich dann doch für wahrscheinlicher.

ciao, andreas

oki ich werde den test jetzt machen nur das bonjour finde ich nicht

Macht nichts, den kriegen wir anders klein. :)

ciao, andreas

hier die neue log :)

ComboFix 09-05-16.05 - USER 17/05/2009 1:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.30.1032.18.2046.1625 [GMT 3:00]
Running from: c:\documents and settings\USER\Επιφάνεια εργασίας\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_C902.ini
c:\windows\system32\tmp70.tmp
c:\windows\system32\tmp71.tmp
c:\windows\system32\tmp80.tmp
c:\windows\system32\tmp81.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 20:34 . 2009-05-16 22:03 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 20:29 . 2009-05-16 20:29 -------- d-----w c:\documents and settings\USER\Tracing
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Microsoft
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 20:27 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live
2009-05-16 20:25 . 2009-05-16 20:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\USER\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 12:20 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 12:08 . 2009-05-16 12:08 -------- d-----w c:\program files\CCleaner
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Trend Micro
2009-05-14 01:54 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-13 10:34 . 2009-05-13 10:34 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\PunkBuster
2009-05-07 16:15 . 2009-05-13 18:15 -------- d-----w c:\program files\LucasArts
2009-04-23 20:56 . 2009-04-23 20:56 -------- d-----w c:\documents and settings\USER\Application Data\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:29 . 2008-05-03 18:45 14464 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 17:58 . 2008-05-06 20:28 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-16 17:57 . 2008-05-08 23:46 -------- d-----w c:\program files\VideoLAN
2009-05-16 17:54 . 2008-05-07 19:39 -------- d-----w c:\program files\Java
2009-05-15 19:45 . 2008-05-06 18:00 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 19:45 . 2008-05-06 18:00 189472 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-14 20:26 . 2009-03-06 19:35 -------- d-----w c:\program files\Steam
2009-05-14 11:17 . 2008-05-06 20:11 -------- d-----w c:\program files\KalOnlineEng
2009-05-14 01:58 . 2008-05-06 20:21 -------- d-----w c:\program files\ICQToolbar
2009-05-14 01:51 . 2006-03-02 12:00 95336 ----a-w c:\windows\system32\perfc008.dat
2009-05-14 01:51 . 2006-03-02 12:00 551152 ----a-w c:\windows\system32\perfh008.dat
2009-05-14 01:47 . 2008-05-03 18:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:34 . 2008-05-06 17:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-28 14:08 . 2008-10-17 19:08 -------- d-----w c:\program files\Electronic Arts
2009-04-23 16:14 . 2009-01-19 17:49 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 16:14 . 2009-01-19 17:49 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Common Files\Portrait Displays
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Portrait Displays
2009-03-25 15:01 . 2008-07-03 11:32 -------- d-----w c:\program files\DC++
2009-03-06 14:45 . 2006-03-02 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 01:04 . 2009-02-28 00:45 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-02-28 01:04 . 2009-02-28 00:45 17212 ----atw c:\windows\system32\SIntf32.dll
2009-02-28 01:04 . 2009-02-28 00:45 12067 ----atw c:\windows\system32\SIntf16.dll
2009-02-27 19:46 . 2009-02-27 19:46 58 ----a-w c:\windows\wininit.tmp
2009-02-27 16:39 . 2008-10-30 18:10 533 ----a-w c:\windows\eReg.dat
2009-02-20 17:10 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-12-17 22:34 . 2009-05-14 20:47 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:34 . 2009-05-14 20:47 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:34 . 2009-05-14 20:47 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:34 . 2009-05-14 20:47 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:34 . 2009-05-14 20:47 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-05-17 01:37:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 171 GB (71%) free of 239 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:38 πμ, on 17/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7193 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:Enabled:DivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:Enabled:DivX EKG"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe"="C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe:*:Enabled:pbsetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 2 months======

2009-05-17 01:32:34 ----D---- C:\rsit
2009-05-17 01:29:54 ----D---- C:\WINDOWS\temp
2009-05-17 01:29:53 ----A---- C:\ComboFix.txt
2009-05-17 01:26:20 ----A---- C:\WINDOWS\zip.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\vFind.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWSC.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWREG.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\sed.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\grep.exe
2009-05-17 01:26:14 ----D---- C:\ComboFix
2009-05-17 01:22:59 ----D---- C:\WINDOWS\ERDNT
2009-05-17 01:22:52 ----D---- C:\Qoobox
2009-05-17 01:03:46 ----SHD---- C:\Config.Msi
2009-05-16 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 23:34:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-16 23:34:11 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 23:28:36 ----D---- C:\Program Files\Microsoft
2009-05-16 23:28:21 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 23:27:59 ----D---- C:\Program Files\Windows Live
2009-05-16 23:25:58 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-16 15:20:53 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-05-16 15:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 15:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-16 15:08:03 ----D---- C:\Program Files\CCleaner
2009-05-15 03:25:37 ----D---- C:\Program Files\Trend Micro
2009-05-14 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-14 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-14 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-14 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-14 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 19:15:45 ----D---- C:\Program Files\LucasArts
2009-04-23 23:56:28 ----D---- C:\Documents and Settings\USER\Application Data\Software Informer
2009-04-15 20:24:27 ----D---- C:\Documents and Settings\USER\Application Data\DisplayTune
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcr70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvcp70.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\msvbvm60.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfcm80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80u.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc80.dll
2009-04-15 20:23:45 ----A---- C:\WINDOWS\mfc70.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcp80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\msvcm80.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\ijl15.dll
2009-04-15 20:23:44 ----A---- C:\WINDOWS\atl80.dll
2009-04-15 20:23:42 ----D---- C:\Program Files\Portrait Displays
2009-04-15 20:23:42 ----D---- C:\Program Files\Common Files\Portrait Displays
2009-04-05 03:22:08 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-05 03:22:06 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 2 months======

2009-05-17 01:32:48 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 01:31:45 ----D---- C:\Documents and Settings\USER\Application Data\Free Download Manager
2009-05-17 01:29:55 ----D---- C:\WINDOWS\system32
2009-05-17 01:29:54 ----D---- C:\WINDOWS
2009-05-17 01:28:39 ----A---- C:\WINDOWS\system.ini
2009-05-17 01:27:55 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 01:27:55 ----D---- C:\WINDOWS\AppPatch
2009-05-17 01:27:51 ----D---- C:\Program Files\Common Files
2009-05-17 01:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 01:26:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 01:26:25 ----D---- C:\WINDOWS\Prefetch
2009-05-17 01:26:19 ----SHD---- C:\System Volume Information
2009-05-17 01:26:19 ----D---- C:\WINDOWS\system32\Restore
2009-05-17 01:17:11 ----D---- C:\Downloads
2009-05-17 01:03:47 ----SHD---- C:\WINDOWS\Installer
2009-05-17 00:53:59 ----RD---- C:\Program Files
2009-05-16 23:28:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-16 23:28:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 23:27:47 ----HD---- C:\WINDOWS\inf
2009-05-16 23:25:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 23:15:48 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:58:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-05-16 20:58:18 ----SD---- C:\WINDOWS\Tasks
2009-05-16 20:57:42 ----D---- C:\Program Files\VideoLAN
2009-05-16 20:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-16 20:54:26 ----D---- C:\Program Files\Java
2009-05-16 16:14:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-16 15:10:16 ----D---- C:\WINDOWS\Debug
2009-05-16 03:58:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-15 22:45:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-15 21:11:51 ----D---- C:\Program Files\WinRAR
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-14 23:37:55 ----D---- C:\Documents and Settings\USER\Application Data\Real
2009-05-14 23:26:30 ----D---- C:\Program Files\Steam
2009-05-14 14:17:51 ----D---- C:\Program Files\KalOnlineEng
2009-05-14 04:58:55 ----D---- C:\Program Files\ICQToolbar
2009-05-14 04:51:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-14 04:50:10 ----D---- C:\WINDOWS\WinSxS
2009-05-14 04:47:07 ----D---- C:\WINDOWS\system32\wbem
2009-05-14 04:47:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 03:07:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-14 03:06:55 ----D---- C:\WINDOWS\system32\el-gr
2009-05-14 03:06:55 ----D---- C:\Program Files\Internet Explorer
2009-05-14 03:05:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-13 21:01:41 ----A---- C:\WINDOWS\win.ini
2009-05-13 15:04:34 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2009-05-13 13:34:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-10 02:48:43 ----D---- C:\WINDOWS\Help
2009-05-07 15:09:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-07 02:50:28 ----D---- C:\DaViDeo3.PRO
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 19:50:03 ----D---- C:\download
2009-05-01 01:36:36 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-05-01 01:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 17:08:08 ----D---- C:\Program Files\Electronic Arts
2009-04-23 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-23 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-04-07 13:38:32 ----RD---- C:\eigene dateien
2009-03-25 18:01:02 ----D---- C:\Program Files\DC++
2009-03-21 17:18:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 20:55:12 ----D---- C:\Documents and Settings\USER\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Πρόγραμμα οδήγησης πληκτρολογίου HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-04 14976]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-04 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-04 25416]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-05-13 9632]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Πρόγραμμα οδήγησης τυπικού διανομέα USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys []
S3 aci25k6t;aci25k6t; C:\WINDOWS\system32\drivers\aci25k6t.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Αποκωδικοποιητής κωδικοποιημένων υπότιτλων; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Σύνδεση τηλεόρασης/βίντεο της Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-15 189472]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-01-30 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-11-06 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 WMPNetworkSvc;Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 922112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

guten morgen was mir noch eingefallen ist ein freund schickt mir schon tage immer links ueber msn 1 mal bin ich drauf da solte ich mein msn pw und id ein geben was ich aber nicht gemacht habe das komische ist er geht on sendet den link und ist off koennte es was mit meinen problem zutun haben ??? und vielen dank fuer deine hilfe mfg aus dem sonnigen griechenland :)

:lach: Wieso befolgt ihr eigentlich alle meine Anleitung? Lies Regel 1 und 8. :)
http://www.trojaner-board.de/396401-post22.html

Informiere deinen Freund, dass er schnellstmöglich sein MSN-Kennwort ändern soll.

Das Combofix-Log ist nicht vollständig.
Start => Ausführen => c:\combofix.txt => OK

Das 2. Log von RSIT fehlt.
Start => Ausführen => c:\rsit\info.txt => OK

ciao, andreas

ComboFix 09-05-16.05 - USER 17/05/2009 1:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.30.1032.18.2046.1625 [GMT 3:00]
Running from: c:\documents and settings\USER\Επιφάνεια εργασίας\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_C902.ini
c:\windows\system32\tmp70.tmp
c:\windows\system32\tmp71.tmp
c:\windows\system32\tmp80.tmp
c:\windows\system32\tmp81.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 20:34 . 2009-05-16 22:03 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 20:34 . 2009-05-16 20:34 -------- d-----w c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 20:29 . 2009-05-16 20:29 -------- d-----w c:\documents and settings\USER\Tracing
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Microsoft
2009-05-16 20:28 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 20:27 . 2009-05-16 20:28 -------- d-----w c:\program files\Windows Live
2009-05-16 20:25 . 2009-05-16 20:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\USER\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 12:20 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 12:20 . 2009-05-16 12:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 12:08 . 2009-05-16 12:08 -------- d-----w c:\program files\CCleaner
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Trend Micro
2009-05-14 01:54 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-13 10:34 . 2009-05-13 10:34 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\PunkBuster
2009-05-07 16:15 . 2009-05-13 18:15 -------- d-----w c:\program files\LucasArts
2009-04-23 20:56 . 2009-04-23 20:56 -------- d-----w c:\documents and settings\USER\Application Data\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:29 . 2008-05-03 18:45 14464 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 17:58 . 2008-05-06 20:28 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-16 17:57 . 2008-05-08 23:46 -------- d-----w c:\program files\VideoLAN
2009-05-16 17:54 . 2008-05-07 19:39 -------- d-----w c:\program files\Java
2009-05-15 19:45 . 2008-05-06 18:00 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 19:45 . 2008-05-06 18:00 189472 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-14 20:26 . 2009-03-06 19:35 -------- d-----w c:\program files\Steam
2009-05-14 11:17 . 2008-05-06 20:11 -------- d-----w c:\program files\KalOnlineEng
2009-05-14 01:58 . 2008-05-06 20:21 -------- d-----w c:\program files\ICQToolbar
2009-05-14 01:51 . 2006-03-02 12:00 95336 ----a-w c:\windows\system32\perfc008.dat
2009-05-14 01:51 . 2006-03-02 12:00 551152 ----a-w c:\windows\system32\perfh008.dat
2009-05-14 01:47 . 2008-05-03 18:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:34 . 2008-05-06 17:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-28 14:08 . 2008-10-17 19:08 -------- d-----w c:\program files\Electronic Arts
2009-04-23 16:14 . 2009-01-19 17:49 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 16:14 . 2009-01-19 17:49 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Common Files\Portrait Displays
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\Portrait Displays
2009-03-25 15:01 . 2008-07-03 11:32 -------- d-----w c:\program files\DC++
2009-03-06 14:45 . 2006-03-02 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 01:04 . 2009-02-28 00:45 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-02-28 01:04 . 2009-02-28 00:45 17212 ----atw c:\windows\system32\SIntf32.dll
2009-02-28 01:04 . 2009-02-28 00:45 12067 ----atw c:\windows\system32\SIntf16.dll
2009-02-27 19:46 . 2009-02-27 19:46 58 ----a-w c:\windows\wininit.tmp
2009-02-27 16:39 . 2008-10-30 18:10 533 ----a-w c:\windows\eReg.dat
2009-02-20 17:10 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-12-17 22:34 . 2009-05-14 20:47 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:34 . 2009-05-14 20:47 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:34 . 2009-05-14 20:47 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:34 . 2009-05-14 20:47 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:34 . 2009-05-14 20:47 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\DivX\\DivX Player\\DivX Player.exe"=
"c:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\pbsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:TCP"= 8000:TCP:LimeWire
"8000:UDP"= 8000:UDP:LireWire
"8001:TCP"= 8001:TCP:Winamp
"8001:UDP"= 8001:UDP:Winamp

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/2/2005 12:29 μμ 162176]
S3 aaudstum;aaudstum;\??\c:\docume~1\USER\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\USER\LOCALS~1\Temp\aaudstum.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/5/2009 3:20 μμ 38496]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8/11/2008 4:40 μμ 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8/11/2008 4:40 μμ 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8/11/2008 4:40 μμ 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8/11/2008 4:40 μμ 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8/11/2008 4:40 μμ 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8/11/2008 4:40 μμ 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8/11/2008 4:40 μμ 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{979BAA16-96A0-4538-996D-A9809E1733F2}]
c:\documents and settings\USER\Application Data\UpdateInstaller.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\whabd7an.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 01:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1767777339-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,91,b7,55,cf,ac,e2,d1,1b,29,45,2b,41,2d,e5,63,9d,51,8e,3f,6c,d1,f4,
8f,98,1c,c0,df,36,06,1c,53,b8,d5,fd,f6,0b,b5,8f,42,66,fd,4f,77,b2,63,3b,31,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05

[HKEY_USERS\S-1-5-21-1078081533-1767777339-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:40,98,c2,9e,e8,4d,23,87,6e,11,5e,47,40,75,d2,b5,ed,b1,94,d6,c9,
0b,69,20,ab,8c,66,b2,45,59,d7,c1,19,6b,84,40,6c,23,00,78,90,71,fa,11,86,79,\
"rkeysecu"=hex:6c,ae,83,e3,1b,9d,04,b8,d2,10,21,3e,eb,0c,9c,c0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-16 1:29
ComboFix-quarantined-files.txt 2009-05-16 22:29

Pre-Run: 16 Κατάλογοι 179.265.236.992 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 179.306.000.384 διαθέσιμα byte

176

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-05-17 12:41:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 170 GB (71%) free of 239 GB
Total RAM: 2046 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:48 μμ, on 17/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7214 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:Enabled:DivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:Enabled:DivX EKG"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe"="C:\Program Files\EA GAMES\Battlefield 2\pb\pbsetup.exe:*:Enabled:pbsetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-05-17 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-05-17 01:44:39 ----SHD---- C:\RECYCLER
2009-05-17 01:32:34 ----D---- C:\rsit
2009-05-17 01:29:54 ----D---- C:\WINDOWS\temp
2009-05-17 01:29:53 ----A---- C:\ComboFix.txt
2009-05-17 01:26:20 ----A---- C:\WINDOWS\zip.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\vFind.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWSC.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\SWREG.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\sed.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-17 01:26:20 ----A---- C:\WINDOWS\grep.exe
2009-05-17 01:26:14 ----D---- C:\ComboFix
2009-05-17 01:22:59 ----D---- C:\WINDOWS\ERDNT
2009-05-17 01:22:52 ----D---- C:\Qoobox
2009-05-17 01:03:46 ----SHD---- C:\Config.Msi
2009-05-16 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-16 23:34:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-16 23:34:11 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-05-16 23:28:36 ----D---- C:\Program Files\Microsoft
2009-05-16 23:28:21 ----D---- C:\Program Files\Windows Live SkyDrive
2009-05-16 23:27:59 ----D---- C:\Program Files\Windows Live
2009-05-16 23:25:58 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-16 15:20:53 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2009-05-16 15:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 15:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-16 15:08:03 ----D---- C:\Program Files\CCleaner
2009-05-15 03:25:37 ----D---- C:\Program Files\Trend Micro
2009-05-14 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-14 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-14 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-14 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-14 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 19:15:45 ----D---- C:\Program Files\LucasArts
2009-04-23 23:56:28 ----D---- C:\Documents and Settings\USER\Application Data\Software Informer

======List of files/folders modified in the last 1 months======

2009-05-17 12:26:50 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 06:49:53 ----D---- C:\WINDOWS\Prefetch
2009-05-17 06:12:23 ----D---- C:\Documents and Settings\USER\Application Data\Free Download Manager
2009-05-17 06:02:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-17 04:51:42 ----D---- C:\Downloads
2009-05-17 04:06:01 ----D---- C:\WINDOWS
2009-05-17 04:05:20 ----D---- C:\WINDOWS\system32
2009-05-17 04:04:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 03:00:34 ----HD---- C:\WINDOWS\inf
2009-05-17 03:00:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-17 02:33:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-17 02:13:15 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 02:13:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-17 01:28:39 ----A---- C:\WINDOWS\system.ini
2009-05-17 01:27:55 ----D---- C:\WINDOWS\AppPatch
2009-05-17 01:27:51 ----D---- C:\Program Files\Common Files
2009-05-17 01:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 01:26:19 ----SHD---- C:\System Volume Information
2009-05-17 01:26:19 ----D---- C:\WINDOWS\system32\Restore
2009-05-17 01:03:47 ----SHD---- C:\WINDOWS\Installer
2009-05-17 00:53:59 ----RD---- C:\Program Files
2009-05-16 23:28:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-16 23:28:05 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 23:25:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 23:15:48 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:58:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-05-16 20:58:18 ----SD---- C:\WINDOWS\Tasks
2009-05-16 20:57:42 ----D---- C:\Program Files\VideoLAN
2009-05-16 20:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-16 20:54:26 ----D---- C:\Program Files\Java
2009-05-16 15:10:16 ----D---- C:\WINDOWS\Debug
2009-05-16 03:58:03 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-15 22:45:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-15 21:11:51 ----D---- C:\Program Files\WinRAR
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-15 08:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-14 23:37:55 ----D---- C:\Documents and Settings\USER\Application Data\Real
2009-05-14 23:26:30 ----D---- C:\Program Files\Steam
2009-05-14 14:17:51 ----D---- C:\Program Files\KalOnlineEng
2009-05-14 04:58:55 ----D---- C:\Program Files\ICQToolbar
2009-05-14 04:51:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-14 04:50:10 ----D---- C:\WINDOWS\WinSxS
2009-05-14 04:47:07 ----D---- C:\WINDOWS\system32\wbem
2009-05-14 04:47:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 03:06:55 ----D---- C:\WINDOWS\system32\el-gr
2009-05-14 03:06:55 ----D---- C:\Program Files\Internet Explorer
2009-05-13 21:01:41 ----A---- C:\WINDOWS\win.ini
2009-05-13 15:04:34 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2009-05-13 13:34:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-10 02:48:43 ----D---- C:\WINDOWS\Help
2009-05-07 02:50:28 ----D---- C:\DaViDeo3.PRO
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 19:50:03 ----D---- C:\download
2009-05-01 01:36:36 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-05-01 01:34:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 17:08:08 ----D---- C:\Program Files\Electronic Arts
2009-04-23 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-23 19:14:29 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-23 19:14:12 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Πρόγραμμα οδήγησης πληκτρολογίου HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-04 14976]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-04 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-04 25416]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-05-13 9632]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Πρόγραμμα οδήγησης τυπικού διανομέα USB της Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\aaudstum.sys []
S3 ajxgvgxd;ajxgvgxd; C:\WINDOWS\system32\drivers\ajxgvgxd.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Αποκωδικοποιητής κωδικοποιημένων υπότιτλων; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Σύνδεση τηλεόρασης/βίντεο της Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-11-06 49152]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-15 189472]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-01-30 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
S3 WMPNetworkSvc;Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 922112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

ich hab ihn schon angerufen hoffe die logs sind jetzt richtig
sende ich jetzt auch solche links an meine msn kontakte ??

sind die logs ok so??

Nicht drängeln, es ist nicht gerade leicht, diese Logs zu lesen, das dauert eine Weile.

Du kannst in der Zwischenzeit folgende Dateien bei uns hochladen:
Die Dateien sind nicht sichtbar. Markiere jeweils eine Zeile in der Box, [Strg]c, wechsel in den Uploadchannel, klicke in eines der drei oberen weißen Felder, [Strg]v

ciao, andreas

kommt sofort :)

Erstelle ein Filelisting.

• Lade die Datei File-Upload.net - listing0.bat auf deinen Desktop
• Doppelklicke auf listing0.bat
• Am Ende befindet sich eine Datei listing.txt auf dem Desktop. Die bei einem Filehoster (z.B. Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de) hochladen und hier den Link posten.

ciao, andreas

wenn ich auf die datei klicke oeffnet sich ein schwarzes da steht er kann den pfad nicht finden oder so mein win ist auf griechisch und die listing.txt text datei ist auch leer

:schmoll:

1.) Lade diese Datei hoch:

• c:\documents and settings\USER\Application Data\UpdateInstaller.exe
• C:\WINDOWS\system32\UAService7.exe

2.) Scripten mit Combofix

• Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

• Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten ohne zu editieren (es sei denn, dein voller Name ist ersichtlich)

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

hier ist der link der log habs hochgeladen weils zu gross ist um es hier zu posten
mfg nira

http://rapidshare.com/files/234004738/ComboFix.txt.html

Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche)
Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen)

(Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Entf um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein)

ciao, andreas

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : USER ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:233 Go (Free:165 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( ‰¬¨ 17/05/2009|16:48 )

--------------------\\ Ordner Verzeichnis unter APPLIC~1

[03/05/2008|09:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\ADMINI~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[14/10/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[30/10/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[10/11/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/05/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[08/11/2008|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[01/05/2009|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Codemasters
[28/07/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[25/09/2008|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[20/02/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FreeDownloadManager.ORG
[01/07/2008|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ICQ
[22/09/2008|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[13/10/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[16/05/2009|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[16/05/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[18/02/2009|03:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[16/05/2009|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[10/11/2008|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[08/11/2008|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Ericsson
[16/05/2009|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[17/05/2009|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/03/2009|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/10/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/05/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[0|€¨®œε˜] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[25|‰˜«αΆ¦š¦ ] C:\DOCUME~1\ALLUSE~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[03/05/2008|09:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\DEFAUL~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[15/03/2009|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[25/09/2008|05:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> agi
[03/05/2008|09:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[5|‰˜«αΆ¦š¦ ] C:\DOCUME~1\LOCALS~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[11/02/2009|06:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[0|€¨®œε˜] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|‰˜«αΆ¦š¦ ] C:\DOCUME~1\NETWOR~1\APPLIC~1\› ˜Ÿβ© £˜ byte

[07/08/2008|10:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> AD ON Multimedia
[13/11/2008|02:23] C:\DOCUME~1\USER\APPLIC~1\<DIR> Adobe
[13/12/2008|12:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Apple Computer
[02/07/2008|12:00] C:\DOCUME~1\USER\APPLIC~1\<DIR> ArcSoft
[03/05/2008|09:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> ATI
[25/09/2008|09:14] C:\DOCUME~1\USER\APPLIC~1\<DIR> com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[08/11/2008|05:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[28/07/2008|11:27] C:\DOCUME~1\USER\APPLIC~1\<DIR> CyberLink
[27/10/2008|03:28] C:\DOCUME~1\USER\APPLIC~1\<DIR> DAEMON Tools
[15/04/2009|08:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> DisplayTune
[05/08/2008|01:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> DivX
[16/01/2009|04:15] C:\DOCUME~1\USER\APPLIC~1\<DIR> dvdcss
[20/02/2009|04:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> Facebook
[17/05/2009|04:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Free Download Manager
[07/05/2008|08:30] C:\DOCUME~1\USER\APPLIC~1\<DIR> gslist
[19/08/2008|04:07] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQ
[06/05/2008|11:30] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQ Toolbar
[06/05/2008|11:21] C:\DOCUME~1\USER\APPLIC~1\<DIR> ICQLite
[03/05/2008|09:32] C:\DOCUME~1\USER\APPLIC~1\<DIR> Identities
[16/09/2008|09:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> ImTOO Software Studio
[08/11/2008|04:39] C:\DOCUME~1\USER\APPLIC~1\<DIR> InstallShield
[05/03/2009|08:09] C:\DOCUME~1\USER\APPLIC~1\<DIR> Leadertech
[19/03/2009|08:55] C:\DOCUME~1\USER\APPLIC~1\<DIR> LimeWire
[07/11/2008|11:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> Macromedia
[16/05/2009|03:20] C:\DOCUME~1\USER\APPLIC~1\<DIR> Malwarebytes
[25/09/2008|02:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> MAXON
[19/02/2009|01:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Media Player Classic
[25/09/2008|09:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> Microsoft
[04/09/2008|02:09] C:\DOCUME~1\USER\APPLIC~1\<DIR> Mozilla
[14/05/2009|11:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> Real
[08/11/2008|04:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> SecuROM
[05/03/2009|09:33] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sierra Entertainment
[13/05/2009|03:04] C:\DOCUME~1\USER\APPLIC~1\<DIR> skypePM
[23/04/2009|11:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> Software Informer
[10/11/2008|09:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sony
[20/07/2008|02:10] C:\DOCUME~1\USER\APPLIC~1\<DIR> streamripper
[02/07/2008|12:11] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sun
[17/07/2008|12:56] C:\DOCUME~1\USER\APPLIC~1\<DIR> teamspeak2
[17/03/2009|03:41] C:\DOCUME~1\USER\APPLIC~1\<DIR> TeamViewer
[19/10/2008|08:27] C:\DOCUME~1\USER\APPLIC~1\<DIR> U3
[09/05/2008|02:48] C:\DOCUME~1\USER\APPLIC~1\<DIR> vlc
[07/05/2008|01:18] C:\DOCUME~1\USER\APPLIC~1\<DIR> WinRAR
[08/11/2008|11:07] C:\DOCUME~1\USER\APPLIC~1\<DIR> Xilisoft Corporation
[10/07/2008|11:06] C:\DOCUME~1\USER\APPLIC~1\<DIR> YuLeech
[0|€¨®œε˜] C:\DOCUME~1\USER\APPLIC~1\byte
[46|‰˜«αΆ¦š¦ ] C:\DOCUME~1\USER\APPLIC~1\› ˜Ÿβ© £˜ byte

--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks

[17/05/2009 04:34 ££][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 03:00 ££][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[13/11/2008|01:31] C:\Program Files\<DIR> Adobe
[08/07/2008|02:59] C:\Program Files\<DIR> Ahead
[16/07/2008|03:16] C:\Program Files\<DIR> AMD
[02/07/2008|11:59] C:\Program Files\<DIR> ArcSoft
[03/05/2008|09:43] C:\Program Files\<DIR> ATI Technologies
[13/08/2008|04:22] C:\Program Files\<DIR> AV Vcs 6.0 DIAMOND
[07/02/2009|06:04] C:\Program Files\<DIR> Avanquest update
[13/11/2008|01:32] C:\Program Files\<DIR> Bonjour
[16/05/2009|03:08] C:\Program Files\<DIR> CCleaner
[17/05/2009|03:56] C:\Program Files\<DIR> Common Files
[03/05/2008|09:25] C:\Program Files\<DIR> ComPlus Applications
[28/07/2008|11:25] C:\Program Files\<DIR> CyberLink
[27/10/2008|03:29] C:\Program Files\<DIR> DAEMON Tools Lite
[11/12/2008|04:58] C:\Program Files\<DIR> DaViDeo3professional
[25/03/2009|06:01] C:\Program Files\<DIR> DC++
[20/02/2009|04:03] C:\Program Files\<DIR> DivX
[19/07/2008|02:53] C:\Program Files\<DIR> DVDVideoSoft
[17/03/2009|06:53] C:\Program Files\<DIR> EA GAMES
[28/04/2009|05:08] C:\Program Files\<DIR> Electronic Arts
[15/03/2009|04:50] C:\Program Files\<DIR> Free Download Manager
[01/07/2008|11:23] C:\Program Files\<DIR> ICQ6Toolbar
[01/07/2008|11:23] C:\Program Files\<DIR> ICQLite
[14/05/2009|04:47] C:\Program Files\<DIR> InstallShield Installation Information
[14/05/2009|03:06] C:\Program Files\<DIR> Internet Explorer
[16/05/2009|08:54] C:\Program Files\<DIR> Java
[14/05/2009|02:17] C:\Program Files\<DIR> KalOnlineEng
[06/11/2008|11:28] C:\Program Files\<DIR> Kiwee Toolbar
[18/02/2009|03:22] C:\Program Files\<DIR> K-Lite Codec Pack
[13/05/2009|09:15] C:\Program Files\<DIR> LucasArts
[16/05/2009|03:20] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[15/08/2008|03:02] C:\Program Files\<DIR> Messenger
[16/05/2009|11:28] C:\Program Files\<DIR> Microsoft
[03/05/2008|09:29] C:\Program Files\<DIR> microsoft frontpage
[25/09/2008|09:16] C:\Program Files\<DIR> Microsoft Office
[03/05/2008|09:26] C:\Program Files\<DIR> Movie Maker
[17/05/2009|04:44] C:\Program Files\<DIR> Mozilla Firefox
[15/12/2008|09:03] C:\Program Files\<DIR> MSBuild
[03/05/2008|09:25] C:\Program Files\<DIR> MSN Gaming Zone
[28/10/2008|04:00] C:\Program Files\<DIR> MSXML 4.0
[15/12/2008|09:01] C:\Program Files\<DIR> MSXML 6.0
[03/05/2008|09:26] C:\Program Files\<DIR> NetMeeting
[20/07/2008|02:01] C:\Program Files\<DIR> Online Services
[14/03/2009|03:10] C:\Program Files\<DIR> OpenAL
[09/05/2008|11:09] C:\Program Files\<DIR> Outlook Express
[15/04/2009|08:23] C:\Program Files\<DIR> Portrait Displays
[10/11/2008|09:21] C:\Program Files\<DIR> QuickTime
[03/05/2008|09:47] C:\Program Files\<DIR> Realtek
[15/12/2008|09:02] C:\Program Files\<DIR> Reference Assemblies
[14/01/2009|03:33] C:\Program Files\<DIR> SHOUTcast
[30/10/2008|08:23] C:\Program Files\<DIR> Software Informer
[10/11/2008|09:21] C:\Program Files\<DIR> Sony
[10/11/2008|11:45] C:\Program Files\<DIR> Sony Ericsson
[14/05/2009|11:26] C:\Program Files\<DIR> Steam
[17/09/2008|01:36] C:\Program Files\<DIR> Sun
[06/05/2008|07:10] C:\Program Files\<DIR> Teamspeak2_RC2
[17/03/2009|03:41] C:\Program Files\<DIR> TeamViewer
[20/07/2008|01:39] C:\Program Files\<DIR> TGTSoft
[15/05/2009|03:25] C:\Program Files\<DIR> Trend Micro
[02/07/2008|11:57] C:\Program Files\<DIR> Trust
[03/05/2008|09:32] C:\Program Files\<DIR> Uninstall Information
[16/05/2009|08:57] C:\Program Files\<DIR> VideoLAN
[14/01/2009|03:34] C:\Program Files\<DIR> Winamp
[16/05/2009|11:28] C:\Program Files\<DIR> Windows Live
[16/05/2009|11:28] C:\Program Files\<DIR> Windows Live SkyDrive
[09/10/2008|02:41] C:\Program Files\<DIR> Windows Media Connect 2
[09/10/2008|02:41] C:\Program Files\<DIR> Windows Media Player
[03/05/2008|09:25] C:\Program Files\<DIR> Windows NT
[03/05/2008|09:27] C:\Program Files\<DIR> WindowsUpdate
[15/05/2009|09:11] C:\Program Files\<DIR> WinRAR
[03/05/2008|09:29] C:\Program Files\<DIR> xerox
[0|€¨®œε˜] C:\Program Files\byte
[72|‰˜«αΆ¦š¦ ] C:\Program Files\› ˜Ÿβ© £˜ byte

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[13/11/2008|01:32] C:\Program Files\Common Files\<DIR> Adobe
[08/07/2008|02:59] C:\Program Files\Common Files\<DIR> Ahead
[02/07/2008|11:59] C:\Program Files\Common Files\<DIR> ArcSoft
[03/05/2008|09:41] C:\Program Files\Common Files\<DIR> ATI Technologies
[11/11/2008|12:17] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[13/05/2008|03:43] C:\Program Files\Common Files\<DIR> INCA Shared
[22/09/2008|01:37] C:\Program Files\Common Files\<DIR> InstallShield
[13/11/2008|01:22] C:\Program Files\Common Files\<DIR> Macrovision Shared
[16/05/2009|11:28] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/05/2008|09:26] C:\Program Files\Common Files\<DIR> MSSoap
[20/07/2008|04:06] C:\Program Files\Common Files\<DIR> NSV
[04/05/2008|12:12] C:\Program Files\Common Files\<DIR> ODBC
[02/07/2008|11:57] C:\Program Files\Common Files\<DIR> PCCamera
[15/04/2009|08:23] C:\Program Files\Common Files\<DIR> Portrait Displays
[03/05/2008|09:26] C:\Program Files\Common Files\<DIR> Services
[04/05/2008|12:12] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/05/2008|11:09] C:\Program Files\Common Files\<DIR> System
[16/05/2009|11:25] C:\Program Files\Common Files\<DIR> Windows Live
[06/05/2008|11:27] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[0|€¨®œε˜] C:\Program Files\Common Files\byte
[21|‰˜«αΆ¦š¦ ] C:\Program Files\Common Files\› ˜Ÿβ© £˜ byte

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER


--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:48:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen


Kein anderen Infektionen gefunden !

[F:1][D:3]-> C:\DOCUME~1\USER\LOCALS~1\Temp
[F:30][D:0]-> C:\DOCUME~1\USER\Cookies
[F:2][D:0]-> C:\DOCUME~1\USER\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ‰¬¨ 17/05/2009|16:49 - Option : [1]

--------------------\\ Scan beendet um 16:49:17

:) Und wieder einer für die Liste, die wird immer länger. :D

Schau mal hier: YouTube - Effects of crack programs and keygens on your PC

Das hier könnte auch interessant sein:
http://www.trojaner-board.de/66340-c...ghlight=keygen
http://www.trojaner-board.de/66713-n...ghlight=keygen
http://www.trojaner-board.de/68495-j...ghlight=keygen
http://www.trojaner-board.de/68736-t...ghlight=keygen
http://www.trojaner-board.de/69023-h...ghlight=keygen
http://www.trojaner-board.de/69502-a...ghlight=keygen
http://www.trojaner-board.de/69843-r...ghlight=keygen
http://www.trojaner-board.de/69984-p...ghlight=keygen
http://www.trojaner-board.de/70680-t...ghlight=keygen
http://www.trojaner-board.de/70757-p...ghlight=keygen
http://www.trojaner-board.de/71838-t...ghlight=keygen
http://www.trojaner-board.de/71901-b...ghlight=keygen
http://www.trojaner-board.de/71914-g...ghlight=keygen
http://www.trojaner-board.de/72040-t...ghlight=keygen
http://www.trojaner-board.de/72171-w...ghlight=keygen
http://www.trojaner-board.de/72181-t...ghlight=keygen
http://www.trojaner-board.de/72319-h...ghlight=keygen
http://www.trojaner-board.de/72401-r...ghlight=keygen
http://www.trojaner-board.de/73187-w...ghlight=keygen

Falls du mir nicht glaubst, das sind die Statements von Kollegen. Alle sind Moderatoren auf anderen Boards, die sich auf Bereinigungen spezialisiert haben. Die wissen, wovon sie schreiben.
http://www.trojaner-board.de/71732-h...ghlight=keygen
http://www.trojaner-board.de/70225-4...ghlight=keygen
http://www.trojaner-board.de/59497-r...ghlight=keygen

Jetzt schauen wir doch mal bei dir:
Spätestens als angeblich das Filelisting nicht funktionierte, wußte ich, dass du mich anlügst und das nehme ich dir übel.

Du hast wohl die ganzen Keygens, Cracks und Patches gesehen, die es gefunden hat. Das du im Log von LopSD editiert hast, weiß ich.

Wann lernt ihr endlich die Hände von geklauter Software zu lassen? :schmoll:

Da hilft jetzt nur noch eins: http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
Andreas

Filelisting hats nicht getan ich hab kein grund hier zu luegen
und ich nutze den pc nicht alleine aber vielen dank fuer deine hilfe mfg nira