ComboFix 08-11-24.03 - Franz 2008-11-25 18:42:51.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1128 [GMT 1:00] ausgeführt von:: c:\users\Franz\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Franz\FAVORI~1\Games.url c:\users\Franz\Favorites\Games.url E:\install.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-10-25 bis 2008-11-25 )))))))))))))))))))))))))))))) . 2008-11-25 18:26 . 2008-11-25 18:26 d-------- c:\users\Franz\AppData\Roaming\Malwarebytes 2008-11-25 18:26 . 2008-11-25 18:26 d-------- c:\users\All Users\Malwarebytes 2008-11-25 18:26 . 2008-11-25 18:26 d-------- c:\programdata\Malwarebytes 2008-11-25 18:26 . 2008-11-25 18:26 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-25 18:26 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-25 18:26 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-25 18:14 . 2008-11-25 18:15 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 18:14 . 2008-11-25 18:15 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 18:14 . 2008-11-25 18:15 d-------- c:\program files\iTunes 2008-11-25 18:14 . 2008-11-25 18:14 d-------- c:\program files\iPod 2008-11-25 18:13 . 2008-11-25 18:13 d-------- c:\program files\QuickTime 2008-11-25 17:48 . 2008-11-25 17:50 d-------- c:\users\All Users\AntiSpyInfo 2008-11-25 17:48 . 2008-11-25 17:50 d-------- c:\programdata\AntiSpyInfo 2008-11-25 17:48 . 2008-11-25 17:48 d-------- c:\program files\Anti-Spy.Info 2008-11-25 15:47 . 2008-11-25 15:47 d-------- c:\program files\WMA-MP3.com 2008-11-25 15:47 . 2008-06-30 23:16 18,912 --a------ c:\windows\System32\drivers\lmvac.sys 2008-11-23 07:58 . 2008-11-23 07:58 1,296,700 --a------ c:\windows\Luxury Liner Tycoon Uninstaller.exe 2008-11-23 07:56 . 2008-11-23 07:56 d-------- c:\program files\Global Star Software 2008-11-18 14:36 . 2008-11-25 16:16 d-a------ c:\users\All Users\TEMP 2008-11-18 14:36 . 2008-11-25 16:16 d-a------ c:\programdata\TEMP 2008-11-18 14:35 . 2008-11-18 14:35 d-------- c:\users\Franz\AppData\Roaming\Simply Super Software 2008-11-18 14:35 . 2008-11-18 14:35 d-------- c:\users\All Users\Simply Super Software 2008-11-18 14:35 . 2008-11-18 14:35 d-------- c:\programdata\Simply Super Software 2008-11-18 14:35 . 2008-11-18 14:35 d-------- c:\program files\Trojan Remover 2008-11-18 14:35 . 2006-05-25 15:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll 2008-11-18 14:35 . 2003-02-02 20:06 153,088 --a------ c:\windows\System32\UNRAR3.dll 2008-11-18 14:35 . 2005-08-26 01:50 77,312 --a------ c:\windows\System32\ztvunace26.dll 2008-11-18 14:35 . 2002-03-06 01:00 75,264 --a------ c:\windows\System32\unacev2.dll 2008-11-18 14:35 . 2006-06-19 13:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll 2008-11-17 15:49 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-17 15:49 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-17 15:49 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-17 15:49 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-17 15:49 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-17 15:49 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-17 15:49 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-17 15:49 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-17 15:49 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-14 14:12 . 2008-11-14 14:12 d-------- c:\program files\Microsoft Games for Windows - LIVE 2008-11-13 17:33 . 2008-11-13 17:33 d-------- c:\users\Franz\AppData\Roaming\Activision 2008-11-13 17:33 . 2008-11-13 17:33 d-------- c:\users\All Users\Activision 2008-11-13 17:33 . 2008-11-13 17:33 d-------- c:\programdata\Activision 2008-11-13 17:30 . 2008-11-13 17:30 d-------- c:\windows\System32\xlive 2008-11-13 17:30 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll 2008-11-13 17:30 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll 2008-11-13 17:30 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\System32\D3DCompiler_33.dll 2008-11-13 17:30 . 2007-03-15 16:57 443,752 --a------ c:\windows\System32\d3dx10_33.dll 2008-11-13 17:30 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll 2008-11-13 17:16 . 2008-11-13 17:16 d-------- c:\program files\Activision 2008-11-12 19:28 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll 2008-11-12 19:28 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll 2008-11-12 19:28 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 19:28 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll 2008-11-12 19:28 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll 2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx 2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts 2008-10-29 14:04 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll 2008-10-29 14:04 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll 2008-10-28 16:29 . 2008-10-28 16:29 d-------- c:\program files\sixteen tons entertainment 2008-10-26 13:26 . 2002-09-10 14:22 40,960 --a------ c:\windows\enigma.dll 2008-10-26 13:26 . 2008-10-26 13:26 9 --a------ c:\windows\system.snk 2008-10-26 13:21 . 2008-10-26 13:21 d-------- c:\program files\PointSoft 2008-10-26 13:20 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-10-26 12:33 . 2008-10-26 12:33 d-------- c:\users\All Users\Xerox 2008-10-26 12:33 . 2008-10-26 12:33 d-------- c:\programdata\Xerox . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 17:14 --------- d-----w c:\program files\Common Files\Apple 2008-11-25 16:50 --------- d-----w c:\program files\photoposcomtbr 2008-11-25 16:45 --------- d-----w c:\program files\Steam 2008-11-23 17:32 --------- d-----w c:\programdata\TrackMania 2008-11-23 14:46 201,352 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-23 14:46 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-23 06:40 --------- d-----w c:\program files\Common Files\Steam 2008-11-21 13:40 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-19 11:51 --------- d-----w c:\program files\WarRock 2008-11-14 12:27 --------- d-----w c:\users\Franz\AppData\Roaming\Apple Computer 2008-11-09 12:08 --------- d-----w c:\program files\EA GAMES 2008-10-22 14:20 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-10-22 04:29 14,303,392 ----a-w c:\windows\System32\xlive.dll 2008-10-22 04:29 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll 2008-10-17 14:31 --------- d-----w c:\programdata\WinZip 2008-10-16 17:34 --------- d-----w c:\programdata\NVIDIA 2008-10-16 16:30 --------- d-----w c:\program files\Windows Mail 2008-10-13 17:58 316 ----a-w c:\users\Franz\AppData\Roaming\wklnhst.dat 2008-10-13 14:39 --------- d-----w c:\users\Franz\AppData\Roaming\SPORE 2008-10-08 13:29 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-10-08 13:15 --------- d-----w c:\program files\Ubisoft 2008-10-06 15:57 --------- d-----w c:\program files\Bonjour 2008-10-06 15:50 --------- d-----w c:\programdata\Electronic Arts 2008-10-06 15:50 --------- d-----w c:\program files\Electronic Arts 2008-10-06 15:33 13,324 ----a-w c:\windows\System32\ealregsnapshot1.reg 2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe 2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-30 15:38 --------- d-----w c:\users\Franz\AppData\Roaming\InstallShield 2008-09-27 07:45 --------- d-----w c:\program files\Tobit ClipInc 2008-09-27 07:00 --------- d-----w c:\program files\Klett 2008-09-26 14:11 --------- d-----w c:\program files\Sweet Home 3D 2008-09-26 12:10 --------- d-----w c:\programdata\MumboJumbo 2008-09-24 17:32 418,480 ----a-w c:\windows\System32\wrap_oal.dll 2008-09-24 17:32 115,432 ----a-w c:\windows\System32\OpenAL32.dll 2008-09-23 17:56 122,331 ----a-w c:\windows\Pos Free Photo Editor Uninstaller.exe 2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys 2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-07-10 18:01 174 --sha-w c:\program files\desktop.ini 2008-05-08 11:31 22,328 ----a-w c:\users\Franz\AppData\Roaming\PnkBstrK.sys 2008-04-20 05:27 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-20 05:27 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-20 05:27 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488] "Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-18 1233800] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ p6_19_erinnerung.lnk - c:\program files\phase6\phase6_19_download\WinStart\p6erinnerung.exe [2007-02-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= c:\windows\system32\l3codecp.acm "msacm.l3codec"= c:\windows\system32\l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CCF9D2BB-33B7-401B-ABA3-E6917078B175}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9E0960E2-6E0F-416C-B5A4-6550BBE3FCCB}c:\\program files\\atari\\boiling point\\xenus.exe"= UDP:c:\program files\atari\boiling point\xenus.exe:Xenus "UDP Query User{4E57DF04-FEB1-4A7E-BF70-A0EE4A32FEC0}c:\\program files\\atari\\boiling point\\xenus.exe"= TCP:c:\program files\atari\boiling point\xenus.exe:Xenus "{15A7F723-A5B4-489C-87E7-7BF918116BFD}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{471E1D40-8EE3-4850-AD41-D2CA95E455A2}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{0B61DA2F-4C55-42B2-B8A9-613B63B11611}c:\\program files\\steam\\steamapps\\franz95\\the ship\\ship.exe"= UDP:c:\program files\steam\steamapps\franz95\the ship\ship.exe:ship "UDP Query User{36EFA089-70EF-4137-9854-418304297A3E}c:\\program files\\steam\\steamapps\\franz95\\the ship\\ship.exe"= TCP:c:\program files\steam\steamapps\franz95\the ship\ship.exe:ship "TCP Query User{B0DA141D-B307-41BF-8A67-40406A5D2478}c:\\program files\\steam\\steamapps\\common\\enemy territory quake wars demo 2\\etqw.exe"= UDP:c:\program files\steam\steamapps\common\enemy territory quake wars demo 2\etqw.exe:Enemy Territory: QUAKE Wars "UDP Query User{02B6FE00-12D7-4E19-BA25-2E8FBE6D8514}c:\\program files\\steam\\steamapps\\common\\enemy territory quake wars demo 2\\etqw.exe"= TCP:c:\program files\steam\steamapps\common\enemy territory quake wars demo 2\etqw.exe:Enemy Territory: QUAKE Wars "{BFA89DCD-CFE2-4254-A519-81FD6DFF3D40}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{2DA4B3DB-9AB8-4AA8-BC54-46638C690921}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{7E0C51A3-E603-4888-AEA9-C490B3F0AE08}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{2B9E3C4B-9559-478B-AE7E-8753954AEC12}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{FA502793-2DF9-4A4B-906B-4E2F1F86373C}c:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= UDP:c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield "UDP Query User{F0080DEA-4916-4FD1-9364-3749876A1571}c:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= TCP:c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield "TCP Query User{31C88F18-5EA8-4D6B-9A19-96D558F7395D}c:\\program files\\ubi.com\\core\\gs4.exe"= UDP:c:\program files\ubi.com\core\gs4.exe:ubi.com Game Service "UDP Query User{DA725E00-D528-4AA4-A855-15D76BF121CC}c:\\program files\\ubi.com\\core\\gs4.exe"= TCP:c:\program files\ubi.com\core\gs4.exe:ubi.com Game Service "TCP Query User{48F598D3-181C-47DB-B672-116224EB9CFC}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora "UDP Query User{3FE2C13C-443C-4334-B654-4A9F9B2ECCFB}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora "TCP Query User{778511A0-D5E2-4624-A94C-917BA8216FDE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{78C3443A-25C3-4C95-AEDB-26CC26A10DAA}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "{633F1672-E43B-4E91-83E4-A18B1CA93045}"= UDP:c:\program files\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe:DIE SIEDLER - Aufstieg eines Königreichs "{21E929CD-8662-46EF-840D-07051AF3CD3F}"= TCP:c:\program files\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe:DIE SIEDLER - Aufstieg eines Königreichs "TCP Query User{0BE0931F-525D-4DBD-805D-A432823DD52D}c:\\program files\\buddyw\\buddyw.exe"= UDP:c:\program files\buddyw\buddyw.exe:BuddyW "UDP Query User{C95F6CF5-6051-4EE0-B421-88D42125EDCF}c:\\program files\\buddyw\\buddyw.exe"= TCP:c:\program files\buddyw\buddyw.exe:BuddyW "{C559C27C-E358-4F67-9B4D-FA28C670220A}"= UDP:c:\users\Franz\Desktop\pbsetup_3.2.exe:pbsetup_3.2 "{091E146C-7130-48A6-A656-A517DCFC39EA}"= TCP:c:\users\Franz\Desktop\pbsetup_3.2.exe:pbsetup_3.2 "{F4CF3F2F-EFF8-46DB-89EF-AADDB490C85E}"= UDP:c:\program files\WarRock\System\pb\PnkBstrB.exe:PnkBstrB "{66B5B13A-33F7-4788-BACB-0C255F125B6A}"= TCP:c:\program files\WarRock\System\pb\PnkBstrB.exe:PnkBstrB "{923084C3-CD0B-4CEA-9CC1-1D22B418BBC7}"= UDP:c:\program files\WarRock\System\WarRock.exe:WarRock "{01284D78-C79C-43F4-9E28-0AD92D0D6327}"= TCP:c:\program files\WarRock\System\WarRock.exe:WarRock "{2D263A20-15F6-432E-92DE-63CA34580BA3}"= UDP:c:\program files\WarRock\WRUpdater.exe:Launch WRUpdater.exe "{BFE7C661-F9C7-4EBD-BAAF-4A2E8EDD17CE}"= TCP:c:\program files\WarRock\WRUpdater.exe:Launch WRUpdater.exe "TCP Query User{1572B399-8AB2-4865-A6D8-F3196C81B7BD}c:\\program files\\steam\\steamapps\\franz95\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\franz95\diprip warm up\hl2.exe:hl2 "UDP Query User{B4E54834-0154-4046-9886-263E4B6DE98E}c:\\program files\\steam\\steamapps\\franz95\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\franz95\diprip warm up\hl2.exe:hl2 "TCP Query User{949E21FB-3B32-4F59-9B5C-861276EF9F81}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{0DE3B9FE-2320-4563-8D6C-F31507F28F89}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "{97AE9340-74DF-4929-BB66-3CFFF82BC94E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{BEFDBD10-2993-424F-BDF3-CCD3AF717542}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{A3020452-810F-41E6-AFC0-476E8E2AB809}c:\\program files\\steam\\steamapps\\franz95\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\franz95\insurgency\hl2.exe:hl2 "UDP Query User{54D3B14E-9CF4-405B-AD52-271346D5B92B}c:\\program files\\steam\\steamapps\\franz95\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\franz95\insurgency\hl2.exe:hl2 "TCP Query User{A01D2B16-743C-4D8C-8FC1-85DB05A11147}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{BE3DA837-CBB3-40E9-9F1D-47F5D4A5FC96}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{E4597244-8292-464D-940F-00AA7067AC2E}c:\\program files\\steam\\steamapps\\franz1995\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\franz1995\diprip warm up\hl2.exe:hl2 "UDP Query User{78BB8693-EDAC-4BDE-89CD-B21183C995B1}c:\\program files\\steam\\steamapps\\franz1995\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\franz1995\diprip warm up\hl2.exe:hl2 "{BAECF829-BCC3-4CDF-BA4F-95861A89992E}"= UDP:c:\program files\Activision\Ein Quantum Trost(TM)\JB_LiveEngine_s.exe:Ein Quantum Trost "{C4B9C39F-4187-4CEA-9233-9CCD2B805BC6}"= TCP:c:\program files\Activision\Ein Quantum Trost(TM)\JB_LiveEngine_s.exe:Ein Quantum Trost "{066E955B-1F78-4524-951A-316D48DB4187}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{E760AD43-CCAD-4FD8-968E-6B51939D76FD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-11-25 18912] S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2007-10-20 104944] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b0124b4-7e71-11dc-a066-806e6f6e6963}] \shell\AutoRun\command - F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a629374e-7ed4-11dc-a6f8-00192124950c}] \shell\AutoRun\command - L:\setupSNK.exe *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners 2008-11-25 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-11-25 c:\windows\Tasks\User_Feed_Synchronization-{4B61AA56-094A-47FB-A6A6-51405376CEC4}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 10:45] 2008-11-25 c:\windows\Tasks\User_Feed_Synchronization-{9B042BE9-0898-4C62-B530-76B0B348EEE6}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 10:45] . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - (no file) . ------- Zusätzlicher Suchlauf ------- . FireFox -: Profile - c:\users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\7j1jckvl.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.the-west.de/ FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 18:46:09 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-11-25 18:47:28 ComboFix-quarantined-files.txt 2008-11-25 17:47:26 Vor Suchlauf: 37 Verzeichnis(se), 29,770,272,768 Bytes frei Nach Suchlauf: 37 Verzeichnis(se), 42,164,330,496 Bytes frei 257 --- E O F --- 2008-11-25 13:40:24