ComboFix 09-06-01.03 - Viktor 03.06.2009 15:49.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1790.1113 [GMT 2:00] ausgeführt von:: c:\users\Viktor\Desktop\ComboFix.exe SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2009-05-03 bis 2009-06-03 )))))))))))))))))))))))))))))) . 2009-06-03 13:52 . 2009-06-03 13:52 -------- d-----w- c:\users\Viktor\AppData\Local\temp 2009-06-02 23:21 . 2009-06-02 23:21 -------- d-----w- c:\users\Viktor\AppData\Roaming\Malwarebytes 2009-06-02 23:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-02 23:20 . 2009-06-02 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-02 23:20 . 2009-06-02 23:20 -------- d-----w- c:\programdata\Malwarebytes 2009-06-02 23:20 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-02 22:22 . 2009-06-02 22:22 -------- d-----w- c:\program files\iXi Tools 2009-06-02 21:32 . 2006-11-22 13:48 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.dat 2009-06-02 21:31 . 2006-11-30 19:38 1655464 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2009-06-02 21:31 . 2006-11-24 01:58 14336 ----a-w- c:\windows\system32\RtkCoInst.dll 2009-06-02 21:31 . 2006-11-12 19:07 1183744 ----a-w- c:\windows\RtlUpd.exe 2009-06-02 21:31 . 2006-10-31 22:07 284160 ----a-w- c:\windows\system32\RtkPgExt.dll 2009-06-02 21:31 . 2006-11-06 16:34 1766912 ----a-w- c:\windows\system32\RtkAPO.dll 2009-06-02 21:31 . 2009-06-02 21:31 -------- d-----w- c:\program files\Realtek 2009-06-02 21:31 . 2006-11-30 19:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe 2009-06-02 21:31 . 2006-09-11 20:34 499712 ----a-w- c:\windows\RtlExUpd.dll 2009-06-02 18:51 . 2009-06-02 18:51 -------- d-----w- c:\program files\trend micro 2009-06-02 18:51 . 2009-06-02 18:51 -------- d-----w- C:\rsit 2009-06-01 15:38 . 2009-06-02 19:03 -------- d-----w- c:\program files\Postal2STP 2009-06-01 15:13 . 2009-03-27 06:14 453152 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-01 13:52 . 2009-04-02 02:22 9794272 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-06-01 13:52 . 2009-04-02 02:22 3118080 ----a-w- c:\windows\system32\nvwgf2um.dll 2009-06-01 13:52 . 2009-04-02 02:22 7458816 ----a-w- c:\windows\system32\nvd3dum.dll 2009-06-01 13:52 . 2009-04-02 02:22 659456 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-01 13:52 . 2009-04-02 02:22 453152 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-01 13:52 . 2009-04-02 02:22 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-01 13:52 . 2009-04-02 02:22 139264 ----a-w- c:\windows\system32\nvcod141.dll 2009-06-01 13:52 . 2009-04-02 02:22 139264 ----a-w- c:\windows\system32\nvcod.dll 2009-06-01 13:52 . 2009-04-02 02:22 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-01 13:52 . 2009-04-02 02:22 10313728 ----a-w- c:\windows\system32\nvoglv32.dll 2009-06-01 13:52 . 2009-04-02 02:22 795104 ----a-w- c:\windows\system32\dpinst.exe 2009-06-01 13:23 . 2009-06-01 13:24 -------- d-----w- c:\program files\SystemRequirementsLab 2009-06-01 08:49 . 2006-10-16 20:16 1227264 ----a-w- c:\windows\system32\dx8vb.dll 2009-06-01 08:48 . 2009-06-01 08:57 -------- d-----w- c:\program files\Pokemon World Online 2009-05-31 13:53 . 2009-06-01 09:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-05-31 13:46 . 2009-06-01 09:15 -------- d-----w- c:\program files\Lavasoft 2009-05-30 18:43 . 2009-05-30 18:43 -------- d-----w- c:\windows\Options 2009-05-30 18:43 . 2006-10-24 09:40 532992 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2009-05-30 18:43 . 2006-10-24 09:40 532992 ----a-w- c:\windows\system32\bcmwl6.sys 2009-05-30 18:42 . 2009-05-30 18:42 -------- d-----w- C:\temp 2009-05-30 18:42 . 2009-05-30 18:42 -------- d-----w- c:\users\Viktor\AppData\Roaming\InstallShield 2009-05-23 17:13 . 2009-05-31 00:39 -------- d-----w- c:\program files\VstPlugins 2009-05-23 17:13 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll 2009-05-23 17:12 . 2009-05-23 17:12 -------- d-----w- c:\program files\Outsim 2009-05-23 17:10 . 2009-06-02 21:09 -------- d-----w- c:\program files\Image-Line 2009-05-22 21:17 . 2009-05-22 23:41 -------- d-----w- c:\programdata\PopCap Games 2009-05-20 23:34 . 2009-05-20 23:34 52736 ----a-w- c:\windows\ipuninst.exe 2009-05-18 18:35 . 2009-05-18 18:35 -------- d-----w- c:\program files\WorldOfGoo 2009-05-18 14:48 . 2009-05-31 00:40 -------- d-----w- c:\program files\Telltale Games 2009-05-10 16:42 . 2009-05-10 16:42 -------- d-----w- c:\programdata\2DBoy 2009-05-10 16:42 . 2009-05-10 16:42 -------- d-----w- c:\program files\WorldOfGooDemo 2009-05-10 13:18 . 2009-05-10 13:18 528 ----a-w- c:\windows\eReg.dat 2009-05-10 13:18 . 2009-05-10 13:18 -------- d-----w- c:\program files\Maxis 2009-05-07 12:54 . 2009-05-07 12:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-03 13:52 . 2009-04-03 01:19 -------- d-----w- c:\users\Viktor\AppData\Roaming\Hamachi 2009-06-03 12:58 . 2008-07-29 15:06 -------- d-----w- c:\program files\Trillian 2009-06-03 04:03 . 2007-03-29 04:48 618442 ----a-w- c:\windows\system32\perfh007.dat 2009-06-03 04:03 . 2007-03-29 04:48 122648 ----a-w- c:\windows\system32\perfc007.dat 2009-06-03 03:58 . 2009-04-25 20:44 -------- d-----w- c:\users\Viktor\AppData\Roaming\Dropbox 2009-06-02 21:35 . 2007-03-22 08:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-02 21:31 . 2007-03-22 08:30 319984 ----a-w- c:\windows\DIFxAPI.dll 2009-06-02 21:30 . 2008-08-14 20:24 -------- d-----w- c:\users\Viktor\AppData\Roaming\teamspeak2 2009-06-02 19:30 . 2007-03-28 19:04 -------- d-----w- c:\program files\Common Files\NewTech Infosystems 2009-06-01 22:07 . 2008-12-27 19:05 -------- d-----w- c:\program files\EA GAMES 2009-06-01 13:54 . 2007-06-26 14:35 183044595 ----a-w- c:\windows\DUMP61ed.tmp 2009-06-01 11:03 . 2008-12-14 21:54 47820 ----a-w- c:\programdata\nvModes.dat 2009-06-01 09:16 . 2009-02-08 11:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-06-01 09:15 . 2009-02-08 10:30 -------- d-----w- c:\programdata\Lavasoft 2009-05-31 10:19 . 2008-10-26 11:27 -------- d-----w- c:\users\Viktor\AppData\Roaming\uTorrent 2009-05-31 00:01 . 2008-08-27 08:11 -------- d-----w- c:\users\Viktor\AppData\Roaming\OpenOffice.org2 2009-05-31 00:00 . 2008-08-27 08:12 1 ----a-w- c:\users\Viktor\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-05-30 23:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2009-05-13 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-11 13:26 . 2009-01-01 23:18 -------- d-----w- c:\program files\Project64 1.6 2009-05-06 20:23 . 2009-04-20 00:55 -------- d-----w- c:\program files\Hamachi 2009-05-04 12:40 . 2009-05-04 12:40 -------- d-----w- c:\users\Viktor\AppData\Roaming\Toribash 2009-04-25 22:27 . 2009-04-25 20:44 -------- d-----w- c:\program files\Dropbox 2009-04-25 20:39 . 2009-04-20 12:50 -------- d-----w- c:\users\Viktor\AppData\Roaming\vlc 2009-04-22 18:49 . 2009-04-22 13:49 86528 ----a-w- c:\windows\bnetunin.exe 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-20 12:37 . 2009-04-20 12:37 -------- d-----w- c:\program files\VideoLAN 2009-04-20 00:55 . 2009-04-20 00:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-04-20 00:51 . 2009-04-20 00:51 -------- d-----w- c:\program files\Croteam 2009-04-19 20:18 . 2009-04-19 20:18 -------- d-----w- c:\users\Viktor\AppData\Roaming\GarageGames 2009-04-17 14:58 . 2009-04-20 20:21 103424 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-04-17 14:58 . 2009-04-20 20:21 954368 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-04-17 14:58 . 2009-04-20 20:21 344064 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-04-17 14:58 . 2009-04-20 20:21 1161626 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll 2009-04-17 14:58 . 2009-04-20 20:21 71652 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\avutil-49.dll 2009-04-17 14:58 . 2009-04-20 20:21 65536 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-04-17 14:58 . 2009-04-20 20:21 4579328 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\cooliris18.dll 2009-04-17 14:58 . 2009-04-20 20:21 4534272 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-04-17 14:58 . 2009-04-20 20:21 131868 ----a-w- c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\libs\avformat-52.dll 2009-04-14 22:58 . 2009-04-14 22:58 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-04-10 22:01 . 2009-04-10 22:01 -------- d-----w- c:\program files\Creative 2009-04-08 15:50 . 2008-09-21 19:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-04-02 02:22 . 2007-06-26 23:33 970752 ----a-w- c:\windows\system32\nvapi.dll 2009-03-17 03:38 . 2009-04-15 13:22 13824 ----a-w- c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-15 13:22 24064 ----a-w- c:\windows\system32\amxread.dll 2009-03-05 21:34 . 2009-03-05 21:34 1080648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-03_00.02.47 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-28 18:53 . 2009-06-03 04:00 25846 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-06-03 04:00 70094 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2007-07-31 15:26 . 2009-06-02 23:32 10262 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1384212402-2293472367-522609190-1000_UserData.bin + 2007-07-31 15:26 . 2009-06-03 04:00 10262 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1384212402-2293472367-522609190-1000_UserData.bin - 2009-06-02 23:29 . 2009-06-02 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-06-03 03:58 . 2009-06-03 03:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-06-03 03:58 . 2009-06-03 03:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-06-02 23:29 . 2009-06-02 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-06-03 04:03 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-06-02 23:36 587178 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-06-03 04:03 101250 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-06-02 23:36 101250 c:\windows\System32\perfc009.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-30 4186112] c:\users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2009-4-9 25598505] hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-4-20 625952] MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-27 575488] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Citrus Alarm Clock.lnk - c:\program files\Citrus Alarm Clock\Citrus Alarm Clock.exe [2008-10-5 326656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{1BF672AC-13D8-4BEC-9998-9B2CE5DEA5D4}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian "UDP Query User{E312F884-EAC3-4B42-B75A-D8F47CB56871}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian "TCP Query User{813C68CF-8A32-4759-9307-DDFEBE41B346}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{77231C70-0A45-4B97-99FB-2AE28E158184}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "TCP Query User{9E8A9C8C-A2D7-4198-B3FC-46DB9087F6EE}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{449AE650-A710-450A-B767-C89EA2E251A3}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{A6CF82CB-805B-4DE2-B0DB-CBEF24E6F5D6}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III "UDP Query User{19F59475-6511-4743-8619-97BB3DF7613F}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III "TCP Query User{BE5D4E0B-6473-4638-8319-8D98E1D81FB5}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian "UDP Query User{33CBB183-6DB6-4276-82F1-C6C3E0968060}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian "TCP Query User{76BB2175-871A-4A4F-A8D7-2EAB0F5FCD2F}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{094E0886-316C-46B7-8F71-CB5145CB0B50}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{75470C78-51BD-484C-8F80-3ADA5E65A2B0}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{1711BC60-529C-4CA6-B022-633C2849927D}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "{83D1B922-962F-4D1A-A6AA-4E4BD69AF94E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B210B056-0526-4F87-859B-9E68298595CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5B18AE97-618E-41FC-BB82-EB7C01C1E5ED}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{FEBF8E9F-8235-4951-9EF5-07BB94399CA1}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{E9C2BF06-2E66-47D9-BD03-F6561B8D73F4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "TCP Query User{FC7D9407-F4A2-4BBE-BD0D-295EAA4ADDDF}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{1FDADC68-5C96-4786-88D3-BB6647668FBE}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "{1CAA8CDF-8F75-40EF-B511-5A8D8F6E77A5}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{22A24A8C-5F08-4AD5-BF36-7CA35BD4F00D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{9CA8DBE4-3A36-4EB8-AEE1-E04038A262D2}c:\\users\\viktor\\program files\\dna\\btdna.exe"= UDP:c:\users\viktor\program files\dna\btdna.exe:btdna.exe "UDP Query User{A62E48F0-F927-40D3-8097-1BCC977637D3}c:\\users\\viktor\\program files\\dna\\btdna.exe"= TCP:c:\users\viktor\program files\dna\btdna.exe:btdna.exe "{4EDA3024-3E55-4986-9521-A5CE1450C895}"= UDP:c:\users\Viktor\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe "{C1BAF645-24D7-4C74-B3E7-E4DFC4C832E1}"= TCP:c:\users\Viktor\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe "TCP Query User{FA0DA08A-C410-4842-A988-500EA4FC4CCD}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application "UDP Query User{B4125828-DBC3-4E06-BA42-E11FE1CA4F5F}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application "{0A76944A-D00C-4073-9C57-2280E427B815}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System "{639901A7-0EC5-4F1D-B027-A10F3EBB73A9}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System "TCP Query User{5D1078B3-E28B-4131-8E78-6068BE3FCB09}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{117848BA-A6E4-41D1-9ED0-D060CDFF66B0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{2EA71BD1-4FDF-4961-9E4A-46E10207BF1D}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III "UDP Query User{BE16E44A-EBD6-418D-BB57-925B9E64747B}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III "{E547F96E-3D2D-4F3E-9F09-8800A6E84764}"= UDP:d:\rockstar games social club\RGSCLauncher.exe:Rockstar Games Social Club "{CE4B9422-1A2B-45ED-BEDE-A3E484778F00}"= TCP:d:\rockstar games social club\RGSCLauncher.exe:Rockstar Games Social Club "{CBAB902B-368B-41EA-9844-DC370A44BD3E}"= UDP:d:\grand theft auto iv\LaunchGTAIV.exe:Grand Theft Auto IV "{A509A91A-3404-4B8A-BEB3-137ABFCA34C4}"= TCP:d:\grand theft auto iv\LaunchGTAIV.exe:Grand Theft Auto IV "TCP Query User{021FFEEF-D702-4424-AEB1-980F995B31BD}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ "UDP Query User{74092187-2DE6-4A11-A1B9-98A0AEAB1183}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ "TCP Query User{3B78C652-C7E3-4FEC-852B-0D02F7A5EF08}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ "UDP Query User{5DE48C87-92A5-4590-AD09-41ED93D43311}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ "TCP Query User{C6F68A1C-E080-4AD3-88AF-C590D92DB1E8}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex14.787\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= UDP:c:\users\viktor\appdata\local\temp\rar$ex14.787\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "UDP Query User{6A849C47-FE7C-4481-BAB8-2FC14003B1BC}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex14.787\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= TCP:c:\users\viktor\appdata\local\temp\rar$ex14.787\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "TCP Query User{9425E1CB-F5F1-43B1-AEBF-8668FBF7EC54}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex38.178\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= UDP:c:\users\viktor\appdata\local\temp\rar$ex38.178\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "UDP Query User{117FB8D3-E889-4F18-8E7B-EEFC1F6C4B99}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex38.178\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= TCP:c:\users\viktor\appdata\local\temp\rar$ex38.178\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "TCP Query User{F8B2CB4E-6DA4-4164-929C-124AA7A8ECF6}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex03.112\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= UDP:c:\users\viktor\appdata\local\temp\rar$ex03.112\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "UDP Query User{79F6C8F8-7EC1-4209-A52E-5E67F281CE61}c:\\users\\viktor\\appdata\\local\\temp\\rar$ex03.112\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"= TCP:c:\users\viktor\appdata\local\temp\rar$ex03.112\teeworlds-0.5.1-win32\teeworlds_srv.exe:teeworlds_srv.exe "TCP Query User{60D17B7D-00A5-479D-B09E-C20A77B11352}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{A19FB051-5BAF-4F23-AF0C-65B1F2DE878C}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "TCP Query User{278337F0-42C0-4D09-A2BC-66B18BC941C6}c:\\program files\\croteam\\serious sam - the second encounter\\bin\\serioussam.exe"= UDP:c:\program files\croteam\serious sam - the second encounter\bin\serioussam.exe:SeriousSam "UDP Query User{95FAEA6D-0441-4821-B474-5EA6113F0BFA}c:\\program files\\croteam\\serious sam - the second encounter\\bin\\serioussam.exe"= TCP:c:\program files\croteam\serious sam - the second encounter\bin\serioussam.exe:SeriousSam "TCP Query User{D18DB8F0-59CE-401F-B97E-5DF7BD4417F7}d:\\diablo\\diablo.exe"= UDP:d:\diablo\diablo.exe:Diablo "UDP Query User{DEFE4BB5-1A16-4B5B-93CF-58D52C159B01}d:\\diablo\\diablo.exe"= TCP:d:\diablo\diablo.exe:Diablo "{9A7D03CB-57F7-4213-99CB-4964FF619F19}"= UDP:d:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable "{91C4CE62-8C1B-419C-9530-2EEAECA40A13}"= TCP:d:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable "{07DE39A3-9FE0-4ABD-9E90-695AC6263616}"= UDP:c:\windows\System32\dpnsvr.exe:Microsoft DirectPlay8 Server "{88D6A820-D39B-4319-9A0E-F716843B4949}"= TCP:c:\windows\System32\dpnsvr.exe:Microsoft DirectPlay8 Server "{12C122A7-80DD-4AD5-ACC9-9621AFAD80B8}"= UDP:d:\2k games\Dungeon Siege 2 Broken World\DungeonSiege2.exe:Dungeon Siege II Game Executable "{BD010D43-688B-434D-BB33-58457B6C06F6}"= TCP:d:\2k games\Dungeon Siege 2 Broken World\DungeonSiege2.exe:Dungeon Siege II Game Executable "TCP Query User{0A46AB5C-2C9A-4CC8-9D4D-7E4D19BA090E}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{2BE151EE-EC06-46C7-B13A-3581106A6FB8}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{375AD23F-E05C-4C6C-923C-89179FA785BA}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo "UDP Query User{A03CE408-17E8-480F-88EB-215C09C80686}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo S3 PAC7302;SPEEDLINK SL-6825 Snappy Webcam;c:\windows\System32\drivers\PAC7302.SYS [10.09.2007 09:50 457984] S3 PAC7311;Trust Webcam 14839;c:\windows\System32\drivers\PA707UCM.SYS [18.10.2005 18:48 154752] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [21.04.2009 17:25 337920] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - sptd . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://de.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.net FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\9tfur62j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 15:52 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1384212402-2293472367-522609190-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:ec,8a,05,00,4f,6a,7c,10,72,14,db,48,19,5c,09,fc,55,d5,67,02,74, d4,b0,2c,ed,2b,8d,4b,57,48,7a,d8,bc,9a,06,43,8d,9a,9b,b1,10,a4,4b,0b,88,0c,\ "rkeysecu"=hex:39,19,c0,e7,4c,fe,f6,d7,0c,57,64,5d,42,93,50,fc [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(2328) c:\program files\Dropbox\DropboxExt.dll . Zeit der Fertigstellung: 2009-06-03 15:53 ComboFix-quarantined-files.txt 2009-06-03 13:53 ComboFix2.txt 2009-06-03 00:04 Vor Suchlauf: 19 Verzeichnis(se), 24.250.048.512 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 24.120.426.496 Bytes frei 310 --- E O F --- 2009-05-16 13:01