Umleitung auf fremde Seiten bei Google

ComboFix 09-05-04.04 - Marcel 05.05.2009 10:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.2091 [GMT 2:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Marcel\Desktop\cfscript.txt

FILE ::
c:\users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT
c:\windows\system32\perfc007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\TUProgSt.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\COMODO
c:\program files\Windows Live Toolbar
c:\program files\Windows Live Toolbar\UnInstall.log
c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}\{FB68628E-8FB9-41C2-BA55-D129249EE2AF}.msi
c:\programdata\eMule
c:\programdata\TuneUp Software
c:\programdata\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.tudb
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\rsit\zinfo.txt
c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}\{FB68628E-8FB9-41C2-BA55-D129249EE2AF}.msi
c:\users\All Users\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.tudb
c:\users\Marcel\AppData\Local\eMule
c:\users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT
c:\users\Marcel\AppData\Roaming\Comodo
c:\users\Marcel\AppData\Roaming\TuneUp Software
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000008.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000009.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000010.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000011.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000012.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups\00000013.rcb
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard\IntegratorStates.bin
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager\PreviousEntries.dat
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\_default.tbs
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache\_default.tbs.ini
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache\_default.tbs.l.bmp
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache\_default.tbs.s.bmp
c:\users\Marcel\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\_default.tla
c:\users\Marcel\AppData\Roaming\uTorrent
c:\users\Marcel\AppData\Roaming\uTorrent\dht.dat
c:\users\Marcel\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Marcel\AppData\Roaming\uTorrent\Eminem.-.Whats.Your.Nem.(2009).Mixtape.LanzamientosMp3.es.torrent
c:\users\Marcel\AppData\Roaming\uTorrent\Heroes.of.Might.And.Magic.V.Hammers.of.Fate-RELOADED.torrent
c:\users\Marcel\AppData\Roaming\uTorrent\resume.dat
c:\users\Marcel\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Marcel\AppData\Roaming\uTorrent\rss.dat
c:\users\Marcel\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Marcel\AppData\Roaming\uTorrent\settings.dat
c:\users\Marcel\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Marcel\AppData\Roaming\uTorrent\Spore [MULTI17][PCDVD][WwW.GamesTorrents.CoM].torrent
c:\users\Marcel\AppData\Roaming\uTorrent\VPPZJ.264.09-Depeche Mode-Sounds Of The Universe(2009)-(76MB)-(Synthpop,New Wave)-(192kbps).torrent
c:\users\Marcel\AppData\Roaming\uTorrent\www.bitreactor.to_Spore-RELOADED.torrent
c:\users\Marcel\AppData\Roaming\uTorrent\www.extrem-torrent.to...The.Elder.Scrolls.4.Oblivion.GERMAN-SiLENTGATE.torrent
c:\windows\system32\perfc007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\TUProgSt.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Legacy_KBDQMUCT
-------\Service_catchme
-------\Service_Inspect
-------\Service_kbdqmuct
-------\Service_usprserv


(((((((((((((((((((((((   Dateien erstellt von 2009-04-05 bis 2009-05-05  ))))))))))))))))))))))))))))))
.

2009-04-14 22:40 . 2009-03-17 03:38	13824	----a-w	c:\windows\system32\apilogen.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 14:32 . 2009-03-27 15:05	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-03-27 15:05	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-01 20:16 . 2008-11-29 12:08	--------	d-----w	c:\program files\Google
2009-04-01 20:16 . 2009-03-27 23:46	--------	d-----w	c:\program files\DivX
2009-04-01 19:56 . 2009-03-27 23:47	--------	d-----w	c:\program files\Common Files\PX Storage Engine
2009-04-01 19:25 . 2008-03-21 13:57	--------	d-----w	c:\program files\Acer GameZone
2009-04-01 19:24 . 2008-12-25 19:00	--------	d-----w	c:\program files\Common Files\DVDVideoSoft
2009-04-01 19:18 . 2008-03-21 13:33	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-04-01 19:15 . 2009-03-09 19:57	--------	d-----w	c:\program files\BestLogic
2009-04-01 19:07 . 2008-03-21 14:19	--------	d-----w	c:\program files\Common Files\Adobe
2009-04-01 18:02 . 2009-04-01 18:02	--------	d-----w	c:\program files\CCleaner
2009-03-31 17:37 . 2009-03-31 17:37	680	----a-w	c:\users\Marcel\AppData\Local\d3d9caps.dat
2009-03-31 11:00 . 2009-03-31 11:00	--------	d-----w	c:\program files\SlySoft
2009-03-31 10:51 . 2009-03-31 10:51	--------	d-----w	c:\program files\Elaborate Bytes
2009-03-29 19:21 . 2009-03-29 19:21	--------	d-----w	c:\program files\Bethesda Softworks
2009-03-29 19:14 . 2009-03-29 19:14	98304	----a-w	c:\windows\system32\CmdLineExt.dll
2009-03-29 19:01 . 2009-03-29 11:20	--------	d-----w	c:\program files\Ubisoft
2009-03-29 18:55 . 2008-11-29 16:59	--------	d-----w	c:\program files\Gothic III
2009-03-28 16:33 . 2009-02-05 19:03	--------	d-----w	c:\program files\EA GAMES
2009-03-27 23:46 . 2009-03-27 23:46	--------	d-----w	c:\program files\Common Files\DivX Shared
2009-03-27 15:06 . 2009-03-27 15:05	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-25 20:56 . 2009-03-21 20:54	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys
2009-03-23 20:52 . 2006-11-02 10:25	86016	----a-w	c:\windows\inf\infstor.dat
2009-03-23 20:52 . 2006-11-02 10:25	51200	----a-w	c:\windows\inf\infpub.dat
2009-03-23 20:52 . 2006-11-02 10:25	143360	----a-w	c:\windows\inf\infstrng.dat
2009-03-23 20:34 . 2009-03-23 20:34	--------	d-----w	c:\program files\DAEMON Tools Lite
2009-03-23 16:49 . 2009-03-23 16:49	717296	----a-w	c:\windows\system32\drivers\sptd.sys
2009-03-21 20:54 . 2009-03-21 20:54	--------	d-----w	c:\program files\Avira
2009-03-21 20:37 . 2009-03-21 20:37	--------	d-----w	c:\program files\Trend Micro
2009-03-17 03:38 . 2009-04-14 22:40	24064	----a-w	c:\windows\system32\amxread.dll
2009-03-09 03:53 . 2008-11-29 12:51	--------	d-----w	c:\program files\ICQ6.5
2009-03-03 04:46 . 2009-04-14 22:41	3599328	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 22:41	3547632	----a-w	c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 22:40	827392	----a-w	c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 22:41	183296	----a-w	c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 22:41	551424	----a-w	c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 22:41	26112	----a-w	c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 22:40	78336	----a-w	c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 22:41	98304	----a-w	c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 22:41	54784	----a-w	c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 22:41	44032	----a-w	c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 22:41	666624	----a-w	c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 22:41	17408	----a-w	c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 22:40	26624	----a-w	c:\windows\system32\ieUnatt.exe
2009-03-02 21:22 . 2009-03-02 21:22	0	----a-w	c:\users\Marcel\AppData\Roaming\wklnhst.dat
2009-02-24 19:34 . 2009-02-24 19:34	90112	----a-w	c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34	823296	----a-w	c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34	823296	----a-w	c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34	815104	----a-w	c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34	802816	----a-w	c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34	684032	----a-w	c:\windows\system32\DivX.dll
2009-02-17 17:11 . 2009-02-17 17:11	24232	----a-w	c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33	89256	----a-w	c:\windows\system32\ElbyCDIO.dll
2009-02-13 08:49 . 2009-04-14 22:41	72704	----a-w	c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 22:41	1255936	----a-w	c:\windows\system32\lsasrv.dll
2009-02-11 10:53 . 2009-02-05 16:00	50	----a-w	c:\windows\system32\bridf07a.dat
2009-02-09 03:10 . 2009-03-11 03:25	2033152	----a-w	c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50	174	--sha-w	c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-01_20.24.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-04-02 09:39	60156              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-02 09:39	95812              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-29 12:49 . 2009-04-02 09:39	9884              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2341673045-455386434-574352858-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-04-02 09:41	586980              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-01 20:23	586980              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-02 09:41	101052              c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-01 20:23	101052              c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EPSON Stylus DX4400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-09-28 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

c:\users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
 WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2008-12-24 303104]
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{C8366C07-2131-473C-BBED-D27222D02A87}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{35D53898-57BE-4F42-B36A-0743BE2F1468}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{ADD803B3-EA94-429E-9D35-C171FB967E51}"= UDP:c:\program files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:Die Schlacht um Mittelerde™ II
"{7F760B63-DDC1-40C0-A69D-90CB26370A60}"= TCP:c:\program files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:Die Schlacht um Mittelerde™ II
"{03250860-B9DF-418D-9FC6-138736C17BE0}"= UDP:c:\program files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"{C52DA8D9-6FAC-4A0E-8E13-74254FD75706}"= TCP:c:\program files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"{BB9F7DC8-6BC6-4C48-860E-B7F21199260F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F8A560A9-143C-4258-9B4B-65D6195783E3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{614DF757-05F6-4463-9DE0-BB1755E5F256}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{11624D3F-F589-492C-80F0-E849068BC24C}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{36DADA64-E6D4-4B8E-97DC-EB0BCFA79ABE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A9EA1404-942E-4461-91C9-69FADA26A4EE}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{5CCFB243-8602-4DCF-8171-4A96E46159A6}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{05FBF87D-607D-46BE-BCB4-1343A233C580}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{BCDFD5B4-B8D3-4989-933D-80ADFF8146D6}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{C3AED40B-376A-489F-BDE1-DBED09A453B6}c:\\program files\\ubisoft\\heroes of might and magic v\\bina1\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe:Heroes of Might and Magic V: Hammers of Fate
"UDP Query User{06D18C76-1072-4CBC-971A-0ACDC7410E41}c:\\program files\\ubisoft\\heroes of might and magic v\\bina1\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bina1\h5_game.exe:Heroes of Might and Magic V: Hammers of Fate
"{ACD13D07-F8D4-49E7-853B-0888B01BBB21}"= UDP:d:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{40B93D1F-DBE8-4052-9853-C20D7D08EE86}"= TCP:d:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{11E6931A-087A-470B-9E19-B3C1C9CA7D76}"= UDP:d:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C1C1F5CA-ED2D-4077-92D0-C3CAD109BD42}"= TCP:d:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{191EC8B5-3E94-4226-83D2-4AD7BFC2F85F}"= UDP:d:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{BA26E2F5-D167-45A6-95AD-6D1C7DF12B59}"= TCP:d:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0D37BFE0-6940-472F-80EF-1B7DFD86BA07}"= UDP:d:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{95046D84-E38B-48B8-B3E3-0BBD5C192DC2}"= TCP:d:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-25 108289]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0908&m=aspire_m5641
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0908&m=aspire_m5641
TCP: {2FC76DB2-719C-4570-9177-8E5A30E0FE49} = 192.168.2.1
FF - ProfilePath - 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 11:00
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2341673045-455386434-574352858-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:53,cf,7a,a5,52,9d,66,d1,6a,be,b0,9d,04,f9,dc,41,ae,4d,fe,4a,9a,ab,49,
   ac,b7,b7,46,9f,bb,1b,aa,15,62,91,80,fb,ed,20,59,77,80,6c,4e,33,e8,24,c1,31,\
"??"=hex:b7,49,61,df,86,dd,e0,f5,cd,b0,b1,e0,2b,74,11,fc

[HKEY_USERS\S-1-5-21-2341673045-455386434-574352858-1000\Software\SecuROM\License information*]
"datasecu"=hex:c8,46,7f,53,2a,42,a7,a0,7e,f3,a2,d1,e4,40,01,cc,e4,05,0a,28,65,
   fc,d3,77,32,6b,b2,f9,f1,8f,7d,b2,18,4c,3e,f4,d7,23,0f,57,bc,7c,7d,ca,ce,67,\
"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5632)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Avira\AntiVir Desktop\avnotify.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-05 11:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-05-05 09:02
ComboFix2.txt  2009-04-01 20:25

Vor Suchlauf: 22 Verzeichnis(se), 224.516.751.360 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 224.311.603.200 Bytes frei

284	--- E O F ---	2009-04-02 07:36