ComboFix 08-03-18.1 - Fabian 2008-03-20 13:22:51.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.1109 [GMT 1:00] ausgeführt von:: C:\Users\Fabian\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\Users\Fabian\AppData\Local\cxfbpm.dat C:\Users\Fabian\AppData\Local\cxfbpm.exe c:\Users\Fabian\AppData\Local\cxfbpm_nav.dat c:\Users\Fabian\AppData\Local\cxfbpm_navps.dat . ((((((((((((((((((((((( Dateien erstellt von 2008-02-20 bis 2008-03-20 )))))))))))))))))))))))))))))) . 2008-03-19 18:17 . 2008-03-19 18:18 d-------- C:\Program Files\SPYWAREfighter 2008-03-19 18:17 . 2008-03-19 18:17 d-------- C:\Program Files\Common Files\Application 2008-03-19 11:55 . 2008-03-19 12:09 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-03-19 11:55 . 2008-03-19 12:09 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-03-19 11:55 . 2008-03-19 11:55 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-19 10:07 . 2008-03-19 10:07 d-------- C:\Users\All Users\Avira 2008-03-19 10:07 . 2008-03-19 10:07 d-------- C:\ProgramData\Avira 2008-03-19 10:07 . 2008-03-19 10:07 d-------- C:\Program Files\Avira 2008-03-19 09:59 . 2008-03-19 10:06 d-------- C:\Users\All Users\Lavasoft 2008-03-19 09:59 . 2008-03-19 10:06 d-------- C:\ProgramData\Lavasoft 2008-03-19 09:59 . 2008-03-19 09:59 d-------- C:\Program Files\Lavasoft 2008-03-18 13:11 . 2008-03-18 13:23 127 --a------ C:\Notizen.rtf 2008-03-14 13:23 . 2008-03-14 13:23 17 --a------ C:\Windows\System32\' 2008-03-14 13:21 . 2008-03-14 13:23 d-------- C:\Program Files\UltraVNC 2008-03-12 10:01 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 10:01 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-10 15:20 . 2008-03-10 15:21 d-------- C:\Users\Fabian\AppData\Roaming\ICQ 2008-03-10 15:19 . 2008-03-10 15:21 d-------- C:\Program Files\ICQ6 2008-03-10 15:18 . 2008-03-10 15:18 d-------- C:\Users\Fabian\AppData\Roaming\InstallShield 2008-03-02 21:15 . 2008-03-02 21:15 d-------- C:\Users\Fabian\AppData\Roaming\tmp 2008-03-02 21:15 . 2008-03-02 21:15 d-------- C:\Users\Fabian\AppData\Roaming\Reallusion 2008-02-28 10:45 . 2008-02-28 11:02 d-------- C:\Users\Fabian\AppData\Roaming\Wireshark 2008-02-27 15:49 . 2008-02-27 15:49 d-------- C:\Program Files\Microsoft Silverlight 2008-02-27 15:33 . 2008-02-27 15:33 d-------- C:\Windows\System32\1033 2008-02-27 15:00 . 2008-02-27 15:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-27 11:36 . 2008-02-27 13:24 d-------- C:\Users\Fabian\AppData\Roaming\Dev-Cpp 2008-02-27 11:34 . 2008-02-27 11:37 d-------- C:\Program Files\Dev-Cpp 2008-02-27 10:50 . 2008-02-27 15:02 d-------- C:\Program Files\Microsoft SQL Server 2008-02-27 10:49 . 2008-02-27 10:49 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-02-27 10:49 . 2008-02-27 10:49 d-------- C:\Program Files\Microsoft Device Emulator 2008-02-27 10:46 . 2008-02-27 10:46 172 --a------ C:\Windows\ODBC.INI 2008-02-27 10:40 . 2008-02-27 10:40 d-------- C:\Windows\Symbols 2008-02-27 10:40 . 2008-02-27 10:40 d-------- C:\Users\All Users\PreEmptive Solutions 2008-02-27 10:40 . 2008-02-27 10:40 d-------- C:\ProgramData\PreEmptive Solutions 2008-02-27 10:40 . 2008-02-27 10:44 d-------- C:\Program Files\HTML Help Workshop 2008-02-27 10:40 . 2008-02-27 15:31 d-------- C:\Program Files\Common Files\Merge Modules 2008-02-27 10:40 . 2008-02-27 10:41 d-------- C:\Program Files\Common Files\Business Objects 2008-02-27 10:40 . 2008-02-27 10:40 d-------- C:\Program Files\CE Remote Tools 2008-02-26 22:29 . 2008-03-18 14:24 d-------- C:\Program Files\BEWERBUNGS-MASTER 2008-02-26 22:29 . 2008-03-18 14:24 167,936 --------- C:\Windows\Setup1.exe 2008-02-26 22:29 . 2008-03-18 14:24 74,752 --a------ C:\Windows\ST6UNST.EXE 2008-02-26 22:28 . 2008-03-18 14:57 d-------- C:\Users\All Users\BewerbungsMaster 2008-02-26 22:28 . 2008-03-18 14:57 d-------- C:\ProgramData\BewerbungsMaster 2008-02-26 22:27 . 2008-02-26 22:27 719 --a------ C:\Windows\ST6UNST.000 2008-02-25 14:19 . 2007-09-07 10:24 4,947,968 --a------ C:\Windows\System32\stacgui.cpl 2008-02-25 14:19 . 2007-04-10 18:02 1,601,536 --a------ C:\Windows\System32\stlang.dll 2008-02-25 14:19 . 2007-08-29 13:25 643,072 --a------ C:\Windows\System32\aestecap.dll 2008-02-25 14:19 . 2007-08-29 13:25 131,072 --a------ C:\Windows\System32\aestacap.dll 2008-02-25 14:19 . 2007-09-07 10:25 102,400 --a------ C:\Windows\System32\stacsv.exe 2008-02-25 14:19 . 2007-08-29 13:25 73,728 --a------ C:\Windows\System32\AEstSrv.exe 2008-02-25 14:18 . 2007-09-07 10:25 595,968 --a------ C:\Windows\System32\stapo.dll 2008-02-25 14:18 . 2007-09-07 10:25 328,704 --a------ C:\Windows\System32\stcplx.dll 2008-02-25 14:18 . 2007-09-07 10:23 299,520 --a------ C:\Windows\System32\stapi32.dll 2008-02-24 19:03 . 2008-03-19 17:42 d-------- C:\Users\Fabian\AppData\Roaming\Azureus 2008-02-24 19:03 . 2008-02-24 19:03 d-------- C:\Program Files\Azureus 2008-02-22 18:13 . 2008-02-22 18:20 d-------- C:\Program Files\LcdStudio 2008-02-22 15:03 . 2008-02-22 15:03 d-------- C:\Program Files\Lavalys 2008-02-22 14:54 . 2008-02-22 16:42 d-------- C:\Program Files\PC Wizard 2008 2008-02-22 14:53 . 2008-02-22 14:53 d-------- C:\Users\All Users\Logitech 2008-02-22 14:53 . 2008-02-22 14:53 d-------- C:\ProgramData\Logitech 2008-02-22 14:53 . 2008-02-22 14:53 d-------- C:\Program Files\Logitech 2008-02-22 14:39 . 2008-03-19 18:08 d-a------ C:\Users\All Users\TEMP 2008-02-22 14:39 . 2008-03-19 18:08 d-a------ C:\ProgramData\TEMP 2008-02-22 14:39 . 2008-02-22 20:57 d-------- C:\Fraps 2008-02-22 01:26 . 2008-02-22 01:26 d-------- C:\Users\Fabian\AppData\Roaming\Soldat 2008-02-22 00:44 . 2008-02-22 00:44 0 -ra------ C:\logwmemory.bin 2008-02-21 21:19 . 2008-03-18 14:18 69 --a------ C:\Windows\NeroDigital.ini 2008-02-21 18:27 . 2008-02-21 18:27 d-------- C:\Users\Fabian\AppData\Roaming\PeerNetworking 2008-02-21 16:46 . 2008-02-21 16:52 d-------- C:\Users\Fabian\AppData\Roaming\Command & Conquer 3 Tiberium Wars 2008-02-21 16:29 . 2008-02-21 16:29 d-------- C:\Program Files\Electronic Arts 2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\Windows\System32\_ISource30.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 17:56 --------- d-----w C:\Program Files\Steam 2008-03-19 17:00 63,630 ----a-w C:\Users\Fabian\AppData\Roaming\nvModes.dat 2008-03-19 16:59 --------- d-----w C:\Program Files\Common Files\Steam 2008-03-19 16:58 --------- d-----w C:\Users\Fabian\AppData\Roaming\Skype 2008-03-19 16:44 --------- d-----w C:\Users\Fabian\AppData\Roaming\skypePM 2008-03-19 12:11 --------- d-----w C:\Program Files\Warcraft III 2008-03-19 11:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-17 20:50 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-17 20:50 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-12 10:11 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 10:10 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-10 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-08 12:23 --------- d-----w C:\Program Files\The All-Seeing Eye 2008-03-03 16:39 --------- d-----w C:\ProgramData\NVIDIA 2008-03-02 20:17 --------- d-----w C:\Users\Fabian\AppData\Roaming\Hamachi 2008-02-28 09:44 --------- d-----w C:\Program Files\WinPcap 2008-02-27 20:57 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-27 09:58 --------- d-----w C:\Program Files\Unreal Tournament 3 (LG) 2008-02-27 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-25 12:13 --------- d-----w C:\Users\Fabian\AppData\Roaming\App Launcher Gadget 2008-02-21 14:58 --------- d-----w C:\Users\Fabian\AppData\Roaming\Winamp 2008-02-21 14:58 --------- d-----w C:\Program Files\WC3Banlist 2008-02-19 06:44 --------- d-----w C:\Users\Fabian\AppData\Roaming\dvdcss 2008-02-17 19:37 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-02-17 18:54 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-02-17 18:54 --------- d-----w C:\ProgramData\TuneUp Software 2008-02-17 18:54 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-02-17 18:20 --------- d-----w C:\Program Files\WinAVI Video Converter 2008-02-17 18:17 --------- d-----w C:\Users\Fabian\AppData\Roaming\DivX 2008-02-15 23:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-02-13 22:13 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 22:13 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 22:11 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 22:11 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 22:11 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 22:11 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 22:11 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 22:11 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 22:11 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 22:11 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 22:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 22:11 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 22:11 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-13 22:11 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 22:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 22:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 22:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 22:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 22:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 22:10 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 22:09 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 22:09 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 22:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 22:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 10:15 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-02-12 10:03 22,328 ----a-w C:\Users\Fabian\AppData\Roaming\PnkBstrK.sys 2008-02-06 21:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-04 23:35 --------- d-----w C:\Program Files\Smallvideosoft 2008-02-03 11:16 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-02-03 11:16 --------- d-----w C:\Program Files\Hamachi 2008-02-02 14:54 --------- d-----w C:\Program Files\DivX 2008-02-02 14:54 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-01-29 16:46 --------- d-----w C:\ProgramData\McAfee 2008-01-25 08:31 --------- d-----w C:\Program Files\Activision 2008-01-24 18:53 --------- d-----w C:\Program Files\AGEIA Technologies 2008-01-24 16:14 --------- d-----w C:\Users\Fabian\AppData\Roaming\vlc 2008-01-24 16:12 --------- d-----w C:\Program Files\VideoLAN 2008-01-24 15:55 --------- d-----w C:\Program Files\ffdshow 2008-01-23 11:28 233,888 ----a-w C:\Windows\System32\DreamScene.dll 2008-01-23 11:28 1,152,000 ----a-w C:\Windows\System32\themecpl.dll 2008-01-23 11:26 --------- d-----w C:\Program Files\BitLocker 2008-01-23 11:25 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll 2008-01-23 11:23 --------- d-----w C:\Program Files\Microsoft Games 2008-01-23 09:52 --------- d-----w C:\Program Files\Bonjour 2008-01-23 06:53 --------- d-----w C:\Program Files\Codemasters 2008-01-23 06:35 --------- d-----w C:\Users\Fabian\AppData\Roaming\Roxio 2008-01-22 20:32 --------- d-----w C:\Program Files\SigmaTel 2008-01-22 15:59 508,184 ----a-w C:\Users\Fabian\LLFsetup.2.36.1181.exe 2008-01-21 19:33 32 ----a-w C:\Users\All Users\ezsid.dat 2008-01-21 19:33 32 ----a-w C:\ProgramData\ezsid.dat 2008-01-21 19:31 --------- d-----w C:\ProgramData\Skype 2008-01-21 19:31 --------- d-----w C:\Program Files\Skype 2008-01-21 19:31 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-21 19:11 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-01-21 09:40 --------- d-----w C:\Users\Fabian\AppData\Roaming\Nero 2008-01-20 22:57 --------- d-----w C:\Program Files\Dell 2008-01-20 22:32 --------- d-----w C:\Users\Fabian\AppData\Roaming\CyberLink 2008-01-20 22:32 --------- d-----w C:\ProgramData\CyberLink 2008-01-20 22:23 --------- d-----w C:\Program Files\Microsoft Works 2008-01-20 20:08 --------- d-----w C:\Program Files\Unlocker 2008-01-20 20:07 --------- d-----w C:\Program Files\CCleaner 2008-01-20 19:30 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-01-18 21:10 139,264 ----a-w C:\Windows\War3Unin.exe 2008-01-18 18:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-01-18 18:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-01-18 18:31 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-01-18 18:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-01-18 18:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-01-18 18:31 299,008 ----a-w C:\Windows\System32\wlansec.dll 2008-01-18 18:31 289,280 ----a-w C:\Windows\System32\wlanmsm.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856] "ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 15:48 172280] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-15 23:05 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-23 06:34 857648] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-15 16:06 77824] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920] "Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 17:59 346648] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 10:23 405504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-12 22:37 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-12 22:37 8534560] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-12 22:37 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-11-12 22:37 86016] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 10:10 249896] "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-12 15:23 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-854503825-3508601188-2734145819-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{54978273-1D89-4D4D-A7E5-88CFE10BE121}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{5CB984A1-247E-441B-B2BB-FB5A373FE94B}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{5F5B5423-2905-461F-8CCE-6BA0F8674109}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{10462A3E-D69A-425D-A87A-E8334C9ADAE5}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{AA41F3A4-4164-4A28-B9E7-7CC775D2BC16}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{2AEC9DBC-E65C-4CC8-942E-1CA8344A1A1E}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{0A55CBF0-4C58-477F-9563-651E89D9F505}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{9CB78DA6-DB6E-4C40-B8E7-6BEE5FA7A7A0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9AA6F4BB-A93B-4FB5-95F1-B140697B0485}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0F8D4AC1-9A45-4955-9601-866DEEEE58B9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3D6504BF-4EAA-40CD-A9B9-BE68EF6AB304}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{22B54A30-E9C1-4BE7-95B3-4EF8A8144E2A}"= UDP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3 "{FA1A89C7-2167-4209-8B7B-994267609BE1}"= TCP:C:\Program Files\Unreal Tournament 3 (LG)\Binaries\UT3.exe:Unreal Tournament 3 "{B4DEECFA-4C61-4542-AAA0-92B93CA455C1}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{1E21129E-2B0C-4FC4-B9B3-73175824E752}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{4C5953A0-30ED-4C6E-996A-3E498C8E760F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{50E44746-D405-40AE-BFAE-C0E5D1BD6CF0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{0948283A-4225-4929-AC8D-15FB46F8CABD}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{B05DCFE5-82E6-4EB5-843E-99EF824A0343}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{7ADE5ACF-365E-407B-9626-8DF78B9E9EC1}C:\\users\\fabian\\desktop\\flatout\\flatout2.exe"= UDP:C:\users\fabian\desktop\flatout\flatout2.exe:flatout2.exe "UDP Query User{4CB3393C-EF69-4EAD-BBE5-AC9CB73608C1}C:\\users\\fabian\\desktop\\flatout\\flatout2.exe"= TCP:C:\users\fabian\desktop\flatout\flatout2.exe:flatout2.exe "TCP Query User{ABF3E595-B3D1-4BE5-A551-2CFD7A15273D}C:\\users\\fabian\\desktop\\quaze3arena an sven_laptop an playtec\\quake3.exe"= UDP:C:\users\fabian\desktop\quaze3arena an sven_laptop an playtec\quake3.exe:quake3.exe "UDP Query User{C86D9028-D725-4A5E-919B-8FD1F4144E82}C:\\users\\fabian\\desktop\\quaze3arena an sven_laptop an playtec\\quake3.exe"= TCP:C:\users\fabian\desktop\quaze3arena an sven_laptop an playtec\quake3.exe:quake3.exe "TCP Query User{F8C8DBE0-ABD4-46B9-A9A8-681561E2AEA1}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{916D7C27-6040-4244-B398-46308CF995D0}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{587854AA-E004-46CF-B72A-9FA7AAEFFF8F}C:\\users\\fabian\\desktop\\flatout\\flatout2.exe"= UDP:C:\users\fabian\desktop\flatout\flatout2.exe:flatout2.exe "UDP Query User{BFDD2C8F-041B-44A4-A884-BA2724DFA4ED}C:\\users\\fabian\\desktop\\flatout\\flatout2.exe"= TCP:C:\users\fabian\desktop\flatout\flatout2.exe:flatout2.exe "TCP Query User{405B4DD9-007A-4A60-A1FC-D9517AEA7E63}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{7AD11FAD-9147-4191-9AA2-4D7321262CF7}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{9582F474-1771-4F32-BBF6-4F27B3B4E7F1}C:\\program files\\steam\\steamapps\\fabian_stumpf\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\fabian_stumpf\counter-strike source\hl2.exe:hl2 "UDP Query User{DE17781B-88BA-4B14-AF76-4B4199FCAB03}C:\\program files\\steam\\steamapps\\fabian_stumpf\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\fabian_stumpf\counter-strike source\hl2.exe:hl2 "TCP Query User{B218F63B-8FDF-41E7-BFF6-7601388DB73E}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{1F528864-A99A-4A94-A808-C8A261EA834E}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{8FB03C58-1F1A-4476-8095-C1CF0DCC4942}C:\\program files\\steam\\steamapps\\fabian_stumpf\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\fabian_stumpf\counter-strike source\hl2.exe:hl2 "UDP Query User{ED626CD8-C560-488D-ACF9-7A08B22660F4}C:\\program files\\steam\\steamapps\\fabian_stumpf\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\fabian_stumpf\counter-strike source\hl2.exe:hl2 "TCP Query User{6782A0E5-7978-458C-A675-E43F142F5F67}C:\\users\\fabian\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\fabian\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "UDP Query User{59C2E8D3-1B33-4BC5-91D9-8FFE0E9096BE}C:\\users\\fabian\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\fabian\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "{57742183-F309-4FC4-9242-EDAE419756D0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0FFD73F2-DAAE-4220-B218-C11028C46580}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{668B073A-5666-4B01-A00D-6F8C5C8EAD8C}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "UDP Query User{2C98F006-D19B-4E17-A298-043A8528C0A6}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "TCP Query User{D092C4B8-FA2D-4385-BBBC-E17E4E5F5D46}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "UDP Query User{7AC3A275-84B2-4501-9BAC-EDAA45956226}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "TCP Query User{80690F1C-BDD2-4DF4-BF7A-EC737B43B982}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{7A914B40-AE54-4423-AC87-ACA89DBAEFAF}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "TCP Query User{A286DD19-BF48-4636-998E-250CEE9A0D33}C:\\users\\fabian\\documents\\flatout\\flatout2.exe"= UDP:C:\users\fabian\documents\flatout\flatout2.exe:flatout2.exe "UDP Query User{AF9762E7-0F93-46D7-87B4-475D9F4716CD}C:\\users\\fabian\\documents\\flatout\\flatout2.exe"= TCP:C:\users\fabian\documents\flatout\flatout2.exe:flatout2.exe "{5F9ED212-65A3-4D3B-8F4B-41CDDE47C456}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat:Command & Conquer 3 Tiberium Wars "TCP Query User{E6F07E6C-209D-4AAE-ABEF-1524E83609C1}C:\\users\\fabian\\desktop\\quaze3arena\\quake3.exe"= UDP:C:\users\fabian\desktop\quaze3arena\quake3.exe:quake3.exe "UDP Query User{B0D4580A-05E3-481D-97D1-541F22522D91}C:\\users\\fabian\\desktop\\quaze3arena\\quake3.exe"= TCP:C:\users\fabian\desktop\quaze3arena\quake3.exe:quake3.exe "TCP Query User{0D6BFF95-B21D-4F1E-9A10-D7160C4F664F}C:\\users\\fabian\\documents\\flatout\\flatout2.exe"= UDP:C:\users\fabian\documents\flatout\flatout2.exe:flatout2.exe "UDP Query User{C8083502-7556-41D3-B58C-82E9F389912C}C:\\users\\fabian\\documents\\flatout\\flatout2.exe"= TCP:C:\users\fabian\documents\flatout\flatout2.exe:flatout2.exe "TCP Query User{54AC621A-E913-48AE-9CC0-4CBC5F2C6F93}C:\\soldat\\soldat.exe"= UDP:C:\soldat\soldat.exe:Soldat "UDP Query User{3ED12D22-581A-46D9-B6CF-1E1E1395C0B6}C:\\soldat\\soldat.exe"= TCP:C:\soldat\soldat.exe:Soldat "TCP Query User{33890316-62E3-4A5F-AB91-50301015A578}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{0C572DE5-0A1B-41AD-91B1-9F3D9B6BA7CB}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "TCP Query User{5409912E-709F-4727-AA70-82F3DAD9810B}C:\\users\\fabian\\desktop\\soldat\\soldat.exe"= UDP:C:\users\fabian\desktop\soldat\soldat.exe:soldat.exe "UDP Query User{0CD3FD19-E521-4092-8D72-2970DE377667}C:\\users\\fabian\\desktop\\soldat\\soldat.exe"= TCP:C:\users\fabian\desktop\soldat\soldat.exe:soldat.exe "TCP Query User{AD3ECF36-8DDA-4F41-88D2-2FB2ED56228A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{4BAC2F92-6091-4FA9-9B1B-9C40712E571D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{EFAB2DB4-895A-46F8-BB42-4573AA5142FC}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{E1E049AA-F246-4B21-8B31-714B81FD6628}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "TCP Query User{5E831ED9-C2FE-4DD2-995E-F15882E9A7E5}C:\\program files\\unreal tournament 3 (lg)\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe:UT3 "UDP Query User{1033375C-1974-4F1D-84A1-A2F37EE6BCA3}C:\\program files\\unreal tournament 3 (lg)\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe:UT3 "TCP Query User{1311705C-1D4C-48EC-8656-0AF939365F21}C:\\users\\fabian\\documents\\chat\\chat mit protokoll\\server_visualc\\release\\server_visualc.exe"= UDP:C:\users\fabian\documents\chat\chat mit protokoll\server_visualc\release\server_visualc.exe:server_visualc.exe "UDP Query User{02B74A1D-9B3F-4166-922C-159815C57AA4}C:\\users\\fabian\\documents\\chat\\chat mit protokoll\\server_visualc\\release\\server_visualc.exe"= TCP:C:\users\fabian\documents\chat\chat mit protokoll\server_visualc\release\server_visualc.exe:server_visualc.exe "TCP Query User{6CC3AE52-F097-4F27-8D9E-928D09617451}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{79540A78-3873-4D1F-A007-6B720E625951}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{C898962F-AE21-4FDF-A6C6-C287AFF58715}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{BBCCB328-E628-4E0A-8285-EE3D5DA0E700}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "TCP Query User{742233CC-D271-4B86-BE82-9D92C1232A08}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{8D1392F4-CDAE-4A12-8302-66832E18A9E4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E6FEAA17-AD5F-47CB-A548-E7D351D7ECAE}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32 "UDP Query User{75CFF96E-A8BA-43A5-8B74-967CFFFE833D}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32 "TCP Query User{175DAFE0-A257-429A-BA25-B301CD800A5E}C:\\program files\\ultravnc\\vncviewer.exe"= UDP:C:\program files\ultravnc\vncviewer.exe:VNCViewer "UDP Query User{28FEE52B-3274-4609-B53B-B26852CCA55C}C:\\program files\\ultravnc\\vncviewer.exe"= TCP:C:\program files\ultravnc\vncviewer.exe:VNCViewer "TCP Query User{B312F10B-FF6E-4FF3-A0BA-EF3678793893}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "UDP Query User{2E3F410A-9041-4C78-B4A1-7A0BB996B1B6}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "TCP Query User{8EC7BD2B-0D94-4BB1-BF1F-9B2C00ADF32A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{B452CD9A-C68A-4BA0-BF34-50F1C7284674}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{AA2ED52B-F2F0-434C-9652-17661FC41449}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{89B38F8B-2D7D-4DD0-94A1-0338877BA074}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31] R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31] R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46] R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31] R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 14:30] R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Fabian\AppData\Local\Temp\EverestDriver.sys [2007-10-17 00:00] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 06:55] R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37] R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-19 17:45] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-02-17 19:54] S4 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 13:25] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f57b0ef-d933-11dc-b40f-0015c585355e}] \shell\verb1\command - desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6371f8c4-c98d-11dc-aa78-0015c585355e}] \shell\verb1\command - desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87c178ed-c979-11dc-bb40-0015c585355e}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9467d2a1-ce89-11dc-bf93-0015c585355e}] \shell\AutoRun\command - H:\setupSNK.exe *Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER *Newly Created Service* - EVERESTDRIVER . Inhalt des "geplante Tasks" Ordners "2008-03-07 16:21:00 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 13:26:12 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-03-20 13:26:48 . 2008-03-13 19:34:21 --- E O F ---