ComboFix 08-09-20.05 - Felix 2008-09-21 11:48:59.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1031.18.1194 [GMT 2:00]
ausgeführt von:: C:\Users\Felix\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((   Dateien erstellt von 2008-08-21 bis 2008-09-21  ))))))))))))))))))))))))))))))
.

2008-09-20 14:43 . 2008-09-20 14:43	<DIR>	d--------	C:\Users\Felix\AppData\Roaming\Malwarebytes
2008-09-20 14:43 . 2008-09-20 14:43	<DIR>	d--------	C:\Users\All Users\Malwarebytes
2008-09-20 14:43 . 2008-09-20 14:43	<DIR>	d--------	C:\ProgramData\Malwarebytes
2008-09-20 14:43 . 2008-09-20 14:43	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 14:43 . 2008-09-10 00:04	38,528	--a------	C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-20 14:43 . 2008-09-10 00:03	17,200	--a------	C:\Windows\System32\drivers\mbam.sys
2008-09-18 15:27 . 2008-09-18 15:27	<DIR>	d--------	C:\Users\Felix\AppData\Roaming\dvdcss
2008-09-16 17:26 . 2008-09-16 17:26	<DIR>	d--------	C:\Program Files\CleanUp!
2008-09-16 17:11 . 2008-09-16 17:11	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-16 16:16 . 2008-09-16 16:22	1,905	--a------	C:\Windows\diagwrn.xml
2008-09-16 16:16 . 2008-09-16 16:22	1,905	--a------	C:\Windows\diagerr.xml
2008-09-15 13:53 . 2008-09-19 16:54	<DIR>	d--------	C:\Program Files\SPYWAREfighter
2008-09-15 13:53 . 2008-09-15 13:53	<DIR>	d--------	C:\Program Files\Common Files\Application
2008-09-15 13:40 . 2008-09-15 13:40	0	--a------	C:\ARK3EA6.tmp
2008-09-15 12:59 . 2008-09-15 12:59	<DIR>	d--------	C:\Users\All Users\Avira
2008-09-15 12:59 . 2008-09-15 12:59	<DIR>	d--------	C:\ProgramData\Avira
2008-09-15 12:59 . 2008-09-15 12:59	<DIR>	d--------	C:\Program Files\Avira
2008-09-14 16:09 . 2008-09-14 16:09	434	--a------	C:\Windows\wininit.ini
2008-09-14 15:28 . 2008-09-15 12:48	<DIR>	d--------	C:\Users\All Users\Spybot - Search & Destroy
2008-09-14 15:28 . 2008-09-15 12:48	<DIR>	d--------	C:\ProgramData\Spybot - Search & Destroy
2008-09-14 15:28 . 2008-09-14 15:29	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-09-12 09:02 . 2008-09-12 09:02	<DIR>	d--------	C:\Users\All Users\WinZip
2008-09-12 09:02 . 2008-09-12 09:02	<DIR>	d--------	C:\ProgramData\WinZip
2008-09-11 02:37 . 2008-09-11 02:37	<DIR>	d--------	C:\Program Files\Intelore
2008-09-10 14:37 . 2008-09-10 14:37	219,480	--a------	C:\Users\Felix\AppData\Roaming\mdb.bin
2008-09-10 12:46 . 2008-09-10 12:46	<DIR>	d--------	C:\Program Files\Rossmann Fotoservice
2008-09-10 09:06 . 2008-08-02 03:01	625,152	--a------	C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 09:06 . 2008-06-26 05:29	565,248	--a------	C:\Windows\System32\emdmgmt.dll
2008-09-10 09:06 . 2008-06-26 05:29	303,616	--a------	C:\Windows\System32\wmpeffects.dll
2008-09-10 09:06 . 2008-05-08 21:21	211,968	--a------	C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 09:06 . 2008-05-20 04:07	148,480	--a------	C:\Windows\System32\drivers\nwifi.sys
2008-09-10 09:06 . 2008-06-26 05:29	45,056	--a------	C:\Windows\System32\dataclen.dll
2008-09-10 09:06 . 2008-08-02 05:26	36,864	--a------	C:\Windows\System32\cdd.dll
2008-09-06 12:24 . 2008-09-06 12:24	780,895	---h-----	C:\Windows\System32\~tmp21685.$$$
2008-09-05 15:01 . 2008-09-05 15:11	<DIR>	d--------	C:\Program Files\Soldier of Fortune II - Double Helix
2008-09-05 14:58 . 2001-06-19 18:53	266,293	--a------	C:\Windows\System32\temp.001
2008-09-05 14:58 . 2008-09-05 15:04	770	--a------	C:\Windows\Sof2.INI
2008-09-05 14:56 . 2008-09-05 14:56	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite
2008-09-04 19:49 . 2008-07-19 07:09	1,811,656	--a------	C:\Windows\System32\wuaueng.dll
2008-09-04 19:49 . 2008-07-19 05:44	1,524,736	--a------	C:\Windows\System32\wucltux.dll
2008-09-04 19:49 . 2008-07-19 07:09	563,912	--a------	C:\Windows\System32\wuapi.dll
2008-09-04 19:49 . 2008-07-19 05:44	83,456	--a------	C:\Windows\System32\wudriver.dll
2008-09-04 19:49 . 2008-07-19 07:10	53,448	--a------	C:\Windows\System32\wuauclt.exe
2008-09-04 19:49 . 2008-07-19 07:10	45,768	--a------	C:\Windows\System32\wups2.dll
2008-09-04 19:49 . 2008-07-19 07:10	36,552	--a------	C:\Windows\System32\wups.dll
2008-09-04 19:48 . 2008-07-18 22:08	163,904	--a------	C:\Windows\System32\wuwebv.dll
2008-09-04 19:48 . 2008-07-18 20:44	31,232	--a------	C:\Windows\System32\wuapp.exe
2008-08-24 16:57 . 2008-09-17 15:03	<DIR>	d--------	C:\Program Files\Valve
2008-08-24 13:20 . 2008-08-24 13:20	<DIR>	d--------	C:\Users\Felix\AppData\Roaming\DAEMON Tools
2008-08-24 13:20 . 2008-08-24 13:20	717,296	--a------	C:\Windows\System32\drivers\sptd.sys
2008-08-22 15:56 . 2008-08-22 15:56	<DIR>	d--------	C:\Program Files\Command & Conquer Collection

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 14:47	---------	d-----w	C:\Users\Felix\AppData\Roaming\Skype
2008-09-20 14:08	---------	d-----w	C:\Users\Felix\AppData\Roaming\skypePM
2008-09-20 11:07	260,394,234	----a-w	C:\Windows\DUMP4cb8.tmp
2008-09-19 20:43	151,603	----a-w	C:\Users\Felix\AppData\Roaming\nvModes.dat
2008-09-14 14:09	---------	d-----w	C:\Users\Felix\AppData\Roaming\RegClean
2008-09-14 14:09	---------	d-----w	C:\Program Files\RegClean
2008-09-14 12:36	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-11 12:54	---------	d-----w	C:\Program Files\iTunes
2008-09-11 12:52	---------	d-----w	C:\Program Files\ElcomSoft
2008-09-11 01:02	---------	d-----w	C:\ProgramData\Microsoft Help
2008-08-23 11:29	---------	d-----r	C:\Program Files\Counter-Strike Source
2008-08-22 13:31	---------	d-----w	C:\ProgramData\RapidSolution
2008-08-22 13:29	---------	d-----w	C:\ProgramData\Symantec
2008-08-22 13:28	---------	d-----w	C:\ProgramData\MAGIX
2008-08-22 13:28	---------	d-----w	C:\Program Files\MAGIX
2008-08-22 13:27	---------	d-----w	C:\Program Files\ICQToolbar
2008-08-22 13:19	---------	d-----w	C:\Program Files\Starcraft
2008-08-22 12:49	69,632	----a-w	C:\Windows\ScUnin.exe
2008-07-30 14:29	---------	d---a-w	C:\ProgramData\TEMP
2008-07-25 17:35	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-07-24 18:12	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2008-07-22 20:29	---------	d-----w	C:\ProgramData\DVD Shrink
2008-07-22 20:26	---------	d-----w	C:\Program Files\DVD Shrink
2008-07-16 14:49	56	---ha-w	C:\Users\All Users\ezsidmv.dat
2008-07-16 14:49	56	---ha-w	C:\ProgramData\ezsidmv.dat
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32\tzres.dll
2008-07-07 09:42	174	--sha-w	C:\Program Files\desktop.ini
2008-07-07 08:21	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-07-07 08:21	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-06-27 04:15	827,392	----a-w	C:\Windows\System32\wininet.dll
2008-06-26 03:29	801,280	----a-w	C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45	2,644,480	----a-w	C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45	12,240,896	----a-w	C:\Windows\System32\NlsLexicons0007.dll
2007-12-12 21:24	32	----a-w	C:\Users\All Users\ezsid.dat
2007-12-12 21:24	32	----a-w	C:\ProgramData\ezsid.dat
2007-10-30 19:39	94,208	----a-w	C:\Users\Felix\AppData\Roaming\ezplay.sys
2007-10-30 19:39	47,360	----a-w	C:\Users\Felix\AppData\Roaming\pcouffin.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-09-17_ 9.39.56.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 09:14:34	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-21 09:14:36	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-17 07:34:55	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-21 09:15:25	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-21 09:15:25	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-17 07:34:55	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-21 09:16:05	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-21 09:16:05	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-17 07:17:29	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-20 12:37:36	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-17 07:17:29	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-20 12:37:36	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-17 07:17:29	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-20 12:37:36	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-17 07:29:30	262,144	----a-w	C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-21 09:48:53	262,144	----a-w	C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-21 09:48:53	262,144	---ha-w	C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-09-17 07:23:55	122,648	----a-w	C:\Windows\System32\perfc007.dat
+ 2008-09-17 19:30:46	122,648	----a-w	C:\Windows\System32\perfc007.dat
- 2008-09-17 07:23:55	101,250	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-09-17 19:30:46	101,250	----a-w	C:\Windows\System32\perfc009.dat
- 2008-09-17 07:23:55	618,430	----a-w	C:\Windows\System32\perfh007.dat
+ 2008-09-17 19:30:46	618,430	----a-w	C:\Windows\System32\perfh007.dat
- 2008-09-17 07:23:55	587,178	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-09-17 19:30:46	587,178	----a-w	C:\Windows\System32\perfh009.dat
- 2008-09-16 14:21:14	6,291,456	----a-w	C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-20 12:23:44	6,291,456	----a-w	C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-16 15:35:29	17,346	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2356014261-55303425-3491018474-1000_UserData.bin
+ 2008-09-21 09:16:36	17,996	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2356014261-55303425-3491018474-1000_UserData.bin
- 2008-09-17 07:19:21	74,108	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-21 09:16:36	74,860	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-15 19:38:18	2,916	----a-w	C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-18 17:58:58	2,916	----a-w	C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-17 07:19:19	60,156	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-21 09:16:35	60,760	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 115344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-06-01 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=C:\Windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\Windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 21:24 8497696 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2007-10-04 21:24 86016 C:\Windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-10-04 21:24 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM04Mon.exe]
--a------ 2007-06-11 01:01 36864 C:\Windows\OEM04Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
--a------ 2008-02-21 15:37 115344 C:\Program Files\SPYWAREfighter\spftray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-18 16:31 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{292EC226-9DEB-4387-8203-C6AA3957446B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C83F4CC6-FA84-4D11-84AD-496D8BD35DD3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{407CAA87-7999-4B59-92D9-29629F070DA3}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{6F8378D1-D8E1-445F-AF61-7EB07278A17F}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A7460A1F-112E-470F-8071-5D1EBC8D4B96}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{77FD0C59-AFE0-4E02-84E3-BE61F7807793}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E061C2A6-ECDA-458D-B823-6625795D98CD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{48F8F55E-D1C9-4822-AC69-E78CF4A18162}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F1E095AF-56EF-4256-803F-3BD3E144E01B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{0D19A044-56B6-4231-9345-517664C6AE6E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{DA3C4455-E309-44FD-A768-31D6D195A140}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C3697FE3-B929-49CE-AE9F-170E50D28306}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DBECE197-0D11-4FA7-B73E-126CE6361050}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E9447B25-340B-4687-BD7D-AFC46AA61ECD}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A0842671-ED21-40E4-A80F-F26C03A647AE}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E1B1F818-57A3-4761-93CF-CDD024821BDA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{ECDA056D-0C8A-4B89-A454-B4DD5D3BD7E0}C:\\program files\\emule.de 0.48a v18\\emule.exe"= UDP:C:\program files\emule.de 0.48a v18\emule.exe:eMule
"UDP Query User{D90F0264-C010-47B1-AD90-CBF118D096A8}C:\\program files\\emule.de 0.48a v18\\emule.exe"= TCP:C:\program files\emule.de 0.48a v18\emule.exe:eMule
"TCP Query User{E3783D58-9B5A-49F4-818C-E9C7133770C6}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2E13B389-3275-45B9-8A67-4269049724F9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3254AD4E-43DF-44DD-9C9B-D69A282A195D}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{A757AA69-8AD5-4FEC-BFBE-E0565887FB35}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{76434EEF-A524-43ED-BE98-01D4B042E423}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{CB81EE91-DC40-4C28-8DE1-A95A62B53643}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{89A88F94-C2DE-4989-B7D2-38E4F89F3C2A}C:\\users\\felix\\desktop\\counter-strike source\\hl2.exe"= UDP:C:\users\felix\desktop\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{B7640599-1025-47CB-8DC9-FD42BB049B08}C:\\users\\felix\\desktop\\counter-strike source\\hl2.exe"= TCP:C:\users\felix\desktop\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{E71F8E14-C35F-4571-A15D-C886C868596D}C:\\sierra\\empire earth\\empire earth.exe"= UDP:C:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{3979FDE2-E5AE-4A61-8AE6-44CBD21CD853}C:\\sierra\\empire earth\\empire earth.exe"= TCP:C:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{63372F18-8419-4436-96FC-188646BD3B0B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{9791749F-456F-4A70-9C9C-E0AAE6924CD3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{7B4A0241-D05F-4FA6-8C29-271381F6DE81}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{01A6D328-A7CA-4751-AF15-673544CB43E7}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{E625DD5D-202C-4A3E-A418-AC8E44280E5B}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{7D3CA3DB-CEA6-4835-9FA1-1744D6F888F3}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{F3523D8B-F57E-401D-9030-F10A81B3465B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{000D4996-B8E8-4E59-928E-2D410B7C46B3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F769EA87-BF52-4290-85B8-6E1A6D6E10A4}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2A9157E1-C561-4BA5-8489-BC515508BB22}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C224424F-0410-4386-8184-9E252E816823}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{B74F4C25-A479-4AD4-81ED-2382DCB00613}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{1FB06422-D2A1-4BB6-A347-A3A5C41FBA9D}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{B99AA526-C9FB-4B10-92BA-27A74F799148}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{56E6A446-CA3B-40ED-85A0-08F97318CADA}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe: 
"UDP Query User{034795A5-3AF2-482C-A737-48FF6C45F91F}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe: 
"TCP Query User{C9276EFD-CAA5-40BE-9786-9E049D160680}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{57168D70-B91A-4B94-ABF5-C3A059D9F215}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{C596B694-4DAD-4E28-A3B3-490B18611675}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe: 
"UDP Query User{173FF4AB-EFAC-468E-8678-223B5EC2CEB4}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe: 
"TCP Query User{BC61A188-710D-4A64-8856-579D8BA0B53B}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{2A550D83-15F8-439B-B66D-20704810AF58}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{DB22B72D-FA45-473E-91D8-0BA759FB0750}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{37B432A1-066C-46FA-A975-FEA4956D457F}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{DDDEBD6B-CE9D-4FA5-A0C6-70F8806C706A}C:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= UDP:C:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"UDP Query User{AA9F0163-1E93-401A-B071-8098F9078CD1}C:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= TCP:C:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"TCP Query User{AA836F7C-1105-4353-95EE-419BBC4BEE33}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{4E276CE7-A728-47E7-A20F-C3636DE9710E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{2FE417E2-B63E-4F88-91F0-150CED9142FC}C:\\users\\felix\\desktop\\neuer ordner\\mirc.exe"= UDP:C:\users\felix\desktop\neuer ordner\mirc.exe:mirc.exe
"UDP Query User{163FA809-D2C2-42AD-B6BA-3F2B8E128546}C:\\users\\felix\\desktop\\neuer ordner\\mirc.exe"= TCP:C:\users\felix\desktop\neuer ordner\mirc.exe:mirc.exe

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;C:\Windows\system32\DRIVERS\OEM04Vid.sys [2007-10-10 234720]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 8336]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program Files\SPYWAREfighter\spfprc.exe [2008-02-21 406160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-<NO NAME> - (no file)


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]cb7382o.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.studivz.net/
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 11:51:46
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-21 11:53:53
ComboFix-quarantined-files.txt  2008-09-21 09:53:33
ComboFix2.txt  2008-09-17 07:41:05

Vor Suchlauf: 7.910.916.096 Bytes frei
Nach Suchlauf: 9,285,111,808 Bytes frei

308	--- E O F ---	2008-09-17 11:46:22