ComboFix 08-12-21.04 - Andreas 2008-12-22 15:19:36.1 - NTFSx86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.1.1031.18.3069.1989 [GMT 1:00]
ausgeführt von:: t:\misc\SOFTWARE\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andreas\AppData\Local\esciy.dat
c:\users\Andreas\AppData\Local\esciy.exe
c:\users\Andreas\AppData\Local\esciy_nav.dat
c:\users\Andreas\AppData\Local\esciy_navps.dat

.
(((((((((((((((((((((((   Dateien erstellt von 2008-11-22 bis 2008-12-22  ))))))))))))))))))))))))))))))
.

2008-12-22 13:35 . 2008-12-22 13:35	<DIR>	d--------	c:\users\Andreas\AppData\Roaming\Malwarebytes
2008-12-22 13:35 . 2008-12-22 13:35	<DIR>	d--------	c:\users\All Users\Malwarebytes
2008-12-22 13:35 . 2008-12-22 13:35	<DIR>	d--------	c:\programdata\Malwarebytes
2008-12-22 13:35 . 2008-12-22 13:35	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-22 13:35 . 2008-12-03 19:52	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-22 13:35 . 2008-12-03 19:52	15,504	--a------	c:\windows\System32\drivers\mbam.sys
2008-12-12 01:11 . 2008-10-22 02:22	2,048	--a------	c:\windows\System32\tzres.dll
2008-12-11 10:11 . 2008-11-01 02:21	4,240,384	--a------	c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 10:11 . 2008-10-21 06:25	296,960	--a------	c:\windows\System32\gdi32.dll
2008-12-11 10:11 . 2008-11-01 04:44	28,672	--a------	c:\windows\System32\Apphlpdm.dll
2008-12-11 10:10 . 2008-10-29 07:29	2,927,104	--a------	c:\windows\explorer.exe
2008-12-11 10:10 . 2008-10-16 05:47	827,392	--a------	c:\windows\System32\wininet.dll
2008-12-11 10:09 . 2008-06-23 02:59	2,868,736	--a------	c:\windows\System32\mf.dll
2008-12-11 10:09 . 2008-06-23 02:59	996,352	--a------	c:\windows\System32\WMNetMgr.dll
2008-12-11 10:09 . 2008-06-23 02:58	94,720	--a------	c:\windows\System32\logagent.exe
2008-12-09 18:36 . 2008-12-09 18:36	<DIR>	d--------	c:\windows\Sun
2008-12-09 18:29 . 2008-12-09 18:29	410,984	--a------	c:\windows\System32\deploytk.dll
2008-12-03 20:38 . 2008-12-03 20:38	<DIR>	d--------	C:\IDAPI
2008-11-27 17:17 . 2008-11-27 17:21	<DIR>	d--------	C:\DOS
2008-11-25 20:59 . 2008-10-21 06:25	1,645,568	--a------	c:\windows\System32\connect.dll
2008-11-25 20:59 . 2008-08-28 04:40	712,704	--a------	c:\windows\System32\WindowsCodecs.dll
2008-11-25 20:59 . 2008-08-28 04:40	425,472	--a------	c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 20:59 . 2008-08-28 04:40	347,136	--a------	c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 20:59 . 2008-10-22 04:57	241,152	--a------	c:\windows\System32\PortableDeviceApi.dll
2008-11-24 16:16 . 2008-10-16 22:13	1,809,944	--a------	c:\windows\System32\wuaueng.dll
2008-11-24 16:16 . 2008-10-16 21:56	1,524,736	--a------	c:\windows\System32\wucltux.dll
2008-11-24 16:16 . 2008-10-16 22:12	561,688	--a------	c:\windows\System32\wuapi.dll
2008-11-24 16:16 . 2008-10-16 14:08	162,064	--a------	c:\windows\System32\wuwebv.dll
2008-11-24 16:16 . 2008-10-16 21:55	83,456	--a------	c:\windows\System32\wudriver.dll
2008-11-24 16:16 . 2008-10-16 22:09	51,224	--a------	c:\windows\System32\wuauclt.exe
2008-11-24 16:16 . 2008-10-16 22:09	43,544	--a------	c:\windows\System32\wups2.dll
2008-11-24 16:16 . 2008-10-16 22:08	34,328	--a------	c:\windows\System32\wups.dll
2008-11-24 16:16 . 2008-10-16 13:56	31,232	--a------	c:\windows\System32\wuapp.exe
2008-11-22 11:07 . 2008-11-22 11:07	<DIR>	d--hs----	C:\$RECYCLE.BIN

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 14:32	352,615	---ha-w	c:\windows\system32\drivers\vsconfig.xml
2008-12-22 14:32	---------	d-----w	c:\users\Andreas\AppData\Roaming\Skype
2008-12-22 14:31	82,945	----a-w	c:\users\All Users\nvModes.dat
2008-12-22 14:31	82,945	----a-w	c:\programdata\nvModes.dat
2008-12-22 13:28	---------	d-----w	c:\users\Andreas\AppData\Roaming\skypePM
2008-12-22 08:37	---------	d-----w	c:\programdata\Google Updater
2008-12-15 14:48	---------	d-----w	c:\programdata\FreePDF
2008-12-12 10:29	---------	d-----w	c:\program files\Windows Mail
2008-12-09 17:29	---------	d-----w	c:\program files\Java
2008-11-27 16:16	---------	d-----w	c:\program files\Google
2008-11-20 02:39	---------	d-----w	c:\users\Andreas\AppData\Roaming\Azureus
2008-11-20 02:32	---------	d-----w	c:\program files\Vuze
2008-11-20 02:21	1,760,256	----a-w	c:\windows\Internet Logs\xDB8767.tmp
2008-11-20 01:48	---------	d-----w	c:\programdata\Azureus
2008-11-19 19:30	---------	d-----w	c:\users\Andreas\AppData\Roaming\tazti
2008-11-19 18:51	---------	d-----w	c:\program files\eMule
2008-11-12 20:09	---------	d-----w	c:\programdata\IsolatedStorage
2008-11-06 11:09	---------	d-----w	c:\program files\DAEMON Tools Lite
2008-11-01 03:44	541,696	----a-w	c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44	460,288	----a-w	c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44	2,154,496	----a-w	c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 20:56	---------	d-----w	c:\program files\Microsoft Silverlight
2008-10-06 13:35	3,007,905	----a-w	c:\windows\Internet Logs\tvDebug.zip
2008-09-30 15:43	1,286,152	----a-w	c:\windows\System32\msxml4.dll
2008-09-23 09:25	1,691,648	----a-w	c:\windows\Internet Logs\xDB96B3.tmp
2008-09-22 22:14	1,691,648	----a-w	c:\windows\Internet Logs\xDB931A.tmp
2008-07-17 21:28	56	---ha-w	c:\users\All Users\ezsidmv.dat
2008-07-17 21:28	56	---ha-w	c:\programdata\ezsidmv.dat
2008-06-23 09:29	174	--sha-w	c:\program files\desktop.ini
2008-06-13 14:55	61,224	----a-w	c:\users\Andreas\GoToAssistDownloadHelper.exe
2007-12-21 12:12	1,719,336	----a-w	c:\users\All Users\YugmaSE-Uninstaller.exe
2007-12-21 12:12	1,719,336	----a-w	c:\programdata\YugmaSE-Uninstaller.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-17 50528]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-09-06 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-05-07 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-13 110592]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-06-14 610304]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2008-06-13 794624]
QuickSet.lnk - c:\windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe [2008-06-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 14:20 73728 c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DD61E392-FE6D-4AE1-BB5C-DC52F3DBA9BA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B9FD44E-BB63-4D72-BEBB-FFDA76D9101A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{409C4AAC-FFB5-47AF-814F-C909C005976F}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{3EB0527D-E43A-4B2C-869E-4FCE3B9355BC}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{66F9A874-5506-47D3-A5FB-0B29963505F5}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{8777DB46-A667-4EE6-84BE-A2941AAB013A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{84F0B11D-9005-4F33-AA64-D517CF832107}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{46D04CF5-B924-41A7-A982-CF3BB436468C}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{6D03DD4E-583E-41E2-A36E-F7CA48CE9C95}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FFF15C36-04A5-4976-BBC1-15E384923FAC}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5DB116EB-802A-4895-A219-4CF27DCCA0CE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{207F3018-7AB2-4539-8D90-E707937FF8E6}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B28BC6CA-CA21-4206-AD15-33AAAB20FC1B}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B08A3634-890F-42EA-A194-86E904D6CEFB}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{34400F23-E805-4631-8C98-FC0FE98CAF46}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 LUMDriver;LUMDriver;\??\c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [2001-10-22 59520]
R2 BBDemon;Backbone Service;"c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service [2005-09-06 35840]
R2 BthFilterHelper;Bluetooth Feature Support;"c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe" [2006-11-07 127488]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75} [2006-11-02 7168]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 BTHFILT;Bluetooth-Befehlsfilter;c:\windows\system32\DRIVERS\BthFilt.sys [2008-06-13 13824]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\system32\drivers\A885VCap.sys [2008-06-14 707328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2008-06-17 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-12-21 c:\windows\Tasks\User_Feed_Synchronization-{FBF4646D-9357-4970-9228-A3333FA11A29}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKCU-Run-esciy - c:\users\andreas\appdata\local\esciy.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 15:32:25
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  AppInit_DLLs = acaptuser32.dll??? 

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(2892)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-22 15:43:17 - PC wurde neu gestartet [Andreas]
ComboFix-quarantined-files.txt  2008-12-22 14:43:04

Vor Suchlauf: 21 Verzeichnis(se), 22.542.123.008 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 20,742,225,920 Bytes frei

234	--- E O F ---	2008-12-18 16:36:46