ComboFix 09-01-19.05 - Iwan 2009-01-20 18:23:04.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3066.2033 [GMT 1:00] ausgeführt von:: c:\users\Iwan\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2008-12-20 bis 2009-01-20 )))))))))))))))))))))))))))))) . 2009-01-20 18:10 . 2009-01-20 18:15 d-------- C:\FixWareOut 2009-01-20 16:13 . 2009-01-20 16:13 d-------- c:\users\Iwan\AppData\Roaming\Malwarebytes 2009-01-20 16:13 . 2009-01-20 16:13 d-------- c:\users\All Users\Malwarebytes 2009-01-20 16:13 . 2009-01-20 16:13 d-------- c:\programdata\Malwarebytes 2009-01-20 16:13 . 2009-01-20 16:13 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-20 16:13 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-20 16:13 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-20 10:33 . 2009-01-20 10:33 d-------- c:\users\Iwan\AppData\Roaming\SUPERAntiSpyware.com 2009-01-20 10:33 . 2009-01-20 10:33 d-------- c:\users\All Users\SUPERAntiSpyware.com 2009-01-20 10:33 . 2009-01-20 10:33 d-------- c:\programdata\SUPERAntiSpyware.com 2009-01-20 10:33 . 2009-01-20 10:33 d-------- c:\program files\SUPERAntiSpyware 2009-01-20 10:33 . 2009-01-20 10:33 d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-19 23:55 . 2009-01-19 23:55 d-------- c:\program files\CCleaner 2009-01-19 23:31 . 2009-01-19 23:31 d-------- c:\program files\CleanUp! 2009-01-19 23:30 . 2009-01-19 23:30 d-------- c:\program files\Trend Micro 2009-01-19 22:53 . 2009-01-19 22:53 d-------- c:\program files\MagicDVDRipper 2009-01-19 13:56 . 2009-01-19 16:15 d-------- c:\program files\DVDx 2009-01-18 17:30 . 2009-01-18 17:30 d-------- c:\users\Iwan\AppData\Roaming\dvdcss 2009-01-18 17:30 . 2009-01-18 17:30 d-------- c:\program files\Xilisoft 2009-01-18 16:46 . 2009-01-19 23:48 d--h----- c:\users\Iwan\AppData\Roaming\drivers 2009-01-18 16:36 . 2009-01-19 21:53 d-------- c:\users\All Users\eMule 2009-01-18 16:36 . 2009-01-19 21:53 d-------- c:\programdata\eMule 2009-01-18 12:37 . 2009-01-18 12:46 d-------- c:\program files\BearShare 2009-01-18 12:37 . 2009-01-19 23:20 d-------- C:\My Downloads 2009-01-18 11:55 . 2009-01-18 11:55 d-------- c:\program files\Red Kawa 2009-01-18 11:54 . 2009-01-18 11:54 d-------- C:\OpenCandy 2009-01-18 11:44 . 2009-01-18 11:44 d-------- c:\program files\Gabest 2009-01-18 11:44 . 2009-01-18 11:44 d-------- c:\program files\AviSynth 2.5 2009-01-18 11:44 . 2009-01-18 11:44 43,698 --a------ c:\windows\System32\xvid-uninstall.exe 2009-01-18 11:08 . 2009-01-18 11:20 d-------- C:\ShrinkTo5_Movies 2009-01-18 11:08 . 2009-01-18 11:08 d-------- c:\program files\FoxBurnerPlugin 2009-01-17 00:28 . 2009-01-17 00:28 d-------- c:\program files\ConvertHelper 2009-01-16 21:37 . 2009-01-16 21:39 d-------- c:\program files\ICQ6.5 2009-01-15 20:41 . 2009-01-18 19:08 d-------- c:\users\Iwan\AppData\Roaming\Skype 2009-01-15 20:39 . 2009-01-15 20:39 d-------- c:\program files\Skype 2009-01-15 20:39 . 2009-01-15 20:39 d-------- c:\program files\Common Files\Skype 2009-01-14 16:34 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-11 20:28 . 2009-01-16 21:38 d-------- c:\users\All Users\ICQ 2009-01-11 20:28 . 2009-01-16 21:38 d-------- c:\programdata\ICQ 2009-01-11 20:28 . 2009-01-17 13:50 d-------- c:\program files\ICQ6Toolbar 2009-01-10 17:23 . 2009-01-11 00:38 d-------- c:\users\All Users\Google 2009-01-10 17:21 . 2009-01-10 17:21 d-------- c:\program files\Western Digital 2009-01-09 14:44 . 2009-01-09 14:46 d-------- c:\users\Iwan\dwhelper 2009-01-07 22:09 . 2009-01-07 22:09 d-------- c:\program files\Common Files\PX Storage Engine 2009-01-07 20:45 . 2009-01-18 12:34 d-------- c:\program files\Common Files\DVDVideoSoft 2009-01-07 20:45 . 2009-01-07 20:45 d-------- C:\DVDVideoSoft 2009-01-07 20:45 . 2002-01-05 14:37 344,064 --a------ c:\windows\System32\msvcr70.dll 2009-01-05 20:56 . 2009-01-11 21:20 d-------- c:\users\All Users\App4rTemp 2009-01-05 20:56 . 2009-01-11 21:20 d-------- c:\programdata\App4rTemp 2008-12-31 16:55 . 2009-01-18 12:22 d-------- c:\users\Iwan\AppData\Roaming\LimeWire 2008-12-30 22:17 . 2008-12-30 22:17 d-------- c:\users\All Users\Alawar Stargaze 2008-12-30 22:17 . 2008-12-30 22:17 d-------- c:\programdata\Alawar Stargaze 2008-12-30 14:13 . 2008-12-30 14:13 d-------- c:\program files\Rockstar Games 2008-12-30 14:13 . 2008-12-30 14:13 d-------- c:\program files\directx 2008-12-29 17:40 . 2008-12-29 17:40 d-------- c:\users\Iwan\AppData\Roaming\My Games 2008-12-29 17:40 . 2008-12-30 17:33 d-------- c:\users\All Users\AlawarWrapper 2008-12-29 17:40 . 2008-12-30 17:33 d-------- c:\programdata\AlawarWrapper 2008-12-29 17:39 . 2008-12-29 21:48 d-------- c:\program files\Games.Rambler.ru 2008-12-25 14:44 . 2009-01-18 18:56 d-------- c:\users\Iwan\AppData\Roaming\skypePM 2008-12-25 14:44 . 2008-12-25 14:44 56 --ah----- c:\windows\System32\ezsidmv.dat 2008-12-25 14:42 . 2009-01-15 20:39 d-------- c:\users\All Users\Skype 2008-12-25 14:42 . 2009-01-15 20:39 d-------- c:\programdata\Skype 2008-12-22 09:25 . 2008-12-22 09:25 dr------- c:\windows\System32\config\systemprofile\Music 2008-12-20 16:05 . 2008-12-20 16:05 d-------- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 17:15 54,932 ----a-w c:\users\All Users\nvModes.dat 2009-01-20 17:15 54,932 ----a-w c:\programdata\nvModes.dat 2009-01-20 09:45 --------- d-----w c:\programdata\Lx_cats 2009-01-18 15:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-18 15:10 --------- d-----w c:\program files\Samsung 2009-01-18 15:10 --------- d-----w c:\program files\DivX 2009-01-18 11:35 --------- d-----w c:\program files\CyberLink 2009-01-17 12:50 --------- d-----w c:\program files\Google 2009-01-15 16:33 --------- d-----w c:\program files\ICQ6 2009-01-14 18:12 --------- d-----w c:\program files\Windows Mail 2009-01-12 11:16 --------- d-----w c:\users\Iwan\AppData\Roaming\ICQ 2009-01-11 21:38 --------- d-----w c:\program files\Lexmark 3600-4600 Series 2009-01-10 16:22 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-03 00:41 --------- d-----w c:\users\Iwan\AppData\Roaming\Nero 2008-12-31 15:00 --------- d-----w c:\program files\Common Files\Adobe 2008-12-30 13:43 --------- d-----w c:\program files\The GodFather 2008-12-19 21:45 --------- d-----w c:\programdata\CyberLink 2008-12-13 23:39 603,904 ----a-w c:\windows\System32\TUProgSt.exe 2008-12-13 23:39 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe 2008-12-13 23:39 --------- d-----w c:\program files\TuneUp Utilities 2009 2008-12-13 22:53 --------- d-----w c:\users\Iwan\AppData\Roaming\NeroDigital(TM) 2008-12-13 22:47 --------- d-----w c:\programdata\Nero 2008-12-13 22:23 --------- d-----w c:\program files\Common Files\Nero 2008-12-13 22:06 --------- d-----w c:\program files\Nero 2008-12-13 21:47 --------- d-----w c:\program files\DAMN NFO Viewer 2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll 2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll 2008-12-10 16:42 --------- d-----w c:\users\Iwan\AppData\Roaming\CoSoSys 2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll 2008-12-07 22:28 4,300 ----a-w c:\windows\System32\MEMIO.SYS 2008-12-07 22:26 --------- d-----w c:\program files\Pixum 2008-11-30 11:36 --------- d-----w c:\users\Iwan\AppData\Roaming\diginet 2008-11-30 11:36 --------- d-----w c:\program files\Diginet 2008-11-30 10:20 130,208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe 2008-11-29 17:52 --------- d-----w c:\programdata\Elaborate Bytes 2008-11-29 17:50 --------- d-----w c:\programdata\SlySoft 2008-11-29 17:44 --------- d-----w c:\program files\Elaborate Bytes 2008-11-29 17:40 --------- d-----w c:\program files\SlySoft 2008-11-27 14:38 --------- d-----w c:\program files\Common Files\Remote Control Software Common 2008-11-27 14:37 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-11-27 14:37 --------- d-----w c:\program files\Logitech 2008-11-27 14:37 --------- d-----w c:\program files\Common Files\Remote Control USB Driver 2008-11-24 20:48 74,752 ----a-w c:\windows\ST6UNST.EXE 2008-11-24 20:48 290,816 ------w c:\windows\Setup1.exe 2008-11-24 18:28 65,024 ----a-w c:\windows\IFinst26.exe 2008-11-24 18:28 --------- d-----w c:\program files\Lame MP3 Codec 2008-11-24 18:00 --------- d-----w c:\program files\XviD 2008-11-24 17:59 --------- d-----w c:\users\Iwan\AppData\Roaming\DivX 2008-11-24 17:41 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-11-23 16:00 --------- d-----w c:\program files\MSXML 4.0 2008-11-21 19:42 --------- d-----w c:\users\Iwan\AppData\Roaming\SAMSUNG 2008-11-21 19:34 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-11-06 16:37 524,288 ----a-w c:\windows\System32\DivXsm.exe 2008-11-06 16:37 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll 2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx0c.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx07.dll 2008-11-06 16:33 815,104 ----a-w c:\windows\System32\divx_xx0a.dll 2008-11-06 16:33 802,816 ----a-w c:\windows\System32\divx_xx11.dll 2008-11-06 16:33 684,032 ----a-w c:\windows\System32\DivX.dll 2008-11-06 16:33 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-27 21:44 129,784 ------w c:\windows\System32\pxafs.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2009-01-19_23.49.15.17 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-19 22:44:34 2,484 ----a-w c:\windows\bthservsdp.dat + 2009-01-20 17:13:44 2,484 ----a-w c:\windows\bthservsdp.dat + 2009-01-20 09:33:38 34,304 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe - 2009-01-19 22:45:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-01-20 17:14:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-19 22:45:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-01-20 17:14:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-19 22:47:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-20 17:15:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-20 17:15:48 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-19 22:47:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-20 17:15:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-20 17:15:48 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-19 22:36:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-20 10:13:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-20 10:13:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012020090121\index.dat - 2009-01-19 22:36:19 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-20 10:13:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-19 22:36:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-20 10:13:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-19 22:43:40 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-01-20 17:22:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-01-20 17:22:57 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2009-01-19 22:41:41 146,368 ----a-w c:\windows\System32\perfc007.dat + 2009-01-20 17:19:39 146,368 ----a-w c:\windows\System32\perfc007.dat - 2009-01-19 22:41:41 118,594 ----a-w c:\windows\System32\perfc009.dat + 2009-01-20 17:19:39 118,772 ----a-w c:\windows\System32\perfc009.dat - 2009-01-19 22:41:41 675,412 ----a-w c:\windows\System32\perfh007.dat + 2009-01-20 17:19:39 675,412 ----a-w c:\windows\System32\perfh007.dat - 2009-01-19 22:41:41 633,708 ----a-w c:\windows\System32\perfh009.dat + 2009-01-20 17:19:39 633,886 ----a-w c:\windows\System32\perfh009.dat - 2009-01-19 20:49:34 9,254 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1591783733-875729873-1473577103-1003_UserData.bin + 2009-01-20 17:16:38 9,254 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1591783733-875729873-1473577103-1003_UserData.bin - 2009-01-19 20:49:33 84,986 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-20 17:16:38 85,474 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-19 22:47:38 65,046 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-01-20 17:16:37 65,258 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-22 178712] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SMSTray"=c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "BearShare"="c:\program files\BearShare\BearShare.exe" /pause [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1591783733-875729873-1473577103-1003] "EnableNotificationsRef"=dword:00000006 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{13D35495-8F06-4985-89FA-0A19536E6316}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F4DDC5E4-EFF6-41FF-A5C4-A64602CE080F}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{C00AD9E4-668E-4AE0-B467-18D9558FDB99}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System "{955827F5-5692-423E-B18B-FB064CB91515}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System "{4C32807E-7FD3-4EF7-9403-0FDC264CB662}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor "{8498F151-D82C-467C-9D67-B47250659A49}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor "{0363E733-F2FD-49CD-AF5F-B90C885BB1E0}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio "{F8A9247E-14F2-4C2C-B5A2-38041142551A}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio "{41F5004B-BA3B-450E-8352-555DF03EE1FA}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{41D66F80-11BB-40FB-A8E6-F98F5C7EBD38}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{12D5004D-DBFD-4C52-B648-AF2F0E5A701B}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor "{889F2679-E140-41F1-AE77-5EB205CBF6E7}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor "{0479A777-3A88-4C9F-96EF-A67511D923A6}"= UDP:c:\users\Iwan\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe: "{351E101E-992B-420C-B2AB-6B7104FBF8F7}"= TCP:c:\users\Iwan\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe: "{267CD053-6187-4C36-A303-8C56CA0DDB0C}"= UDP:c:\windows\System32\lxdxcfg.exe:Printer Communication System "{9FF9EE53-0A5B-4523-B3EC-F90801FBF6A3}"= TCP:c:\windows\System32\lxdxcfg.exe:Printer Communication System "{387A3C4E-721E-46F4-8BB4-BAE59B9FB1D1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface "{FA1912FC-1E86-4DED-98D6-367C62FB24E3}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface "{BD0FECAE-51DD-448C-9154-FFE18365F07A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable "{CB8A3B7A-C367-4D62-BF45-D48F0DF669B4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable "{91BDD603-E9D0-49EA-9AC3-5053E7C8DB96}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface "{CCC112AA-EA77-43DC-8E3B-4D4B691107B0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface "{2C2C84FA-0AA2-4271-99E7-F25DB27C404E}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{513C5FDC-4D9B-45A8-BAD0-83AB20F8D4FB}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "TCP Query User{933901F2-70FE-4C31-8035-A1772E2066F0}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor "UDP Query User{581ABDA2-8205-4EA8-BD30-D61BDFECB8CD}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor "TCP Query User{B8843A18-49A9-49F2-BB46-3A702F257AE3}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface "UDP Query User{5F9DAF08-54FC-4877-A311-36DEBC85C9B7}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface "{80051E35-2E93-4971-998E-BAA3C1B92433}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway "{0A47B09F-6C7A-4BBF-954F-9663A9F3ADCB}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway "TCP Query User{319F6077-9D78-4704-A805-2A6813BC5AC1}c:\\program files\\java\\jre1.5.0_01\\launch4j-tmp\\rkmediacenter.exe"= UDP:c:\program files\java\jre1.5.0_01\launch4j-tmp\rkmediacenter.exe:Java(TM) 2 Platform Standard Edition binary "UDP Query User{A9801755-864B-4519-916B-8A0C0E931738}c:\\program files\\java\\jre1.5.0_01\\launch4j-tmp\\rkmediacenter.exe"= TCP:c:\program files\java\jre1.5.0_01\launch4j-tmp\rkmediacenter.exe:Java(TM) 2 Platform Standard Edition binary "TCP Query User{95798958-BEE9-40CD-BEF2-111BAF6315E5}c:\\users\\iwan\\downloads\\pimpstreamerdlna12.exe"= UDP:c:\users\iwan\downloads\pimpstreamerdlna12.exe:pimpstreamerdlna12.exe "UDP Query User{CFAB8069-F7F5-4CEA-806C-D67B27414AAB}c:\\users\\iwan\\downloads\\pimpstreamerdlna12.exe"= TCP:c:\users\iwan\downloads\pimpstreamerdlna12.exe:pimpstreamerdlna12.exe "{3D7CE2E4-B8E4-4E3E-94B6-86306921F6D5}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player "{EEFD1AD3-72D2-4042-B12E-37E14C34AE62}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player "{AFCCB395-0200-4C2A-81A5-F4262453AA21}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{4C4BF2D3-E75B-4113-AE12-CAE8E3814BA0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D3FD1ED9-81C8-44DF-83C0-2C8881588934}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D8B04144-CDF2-49F0-A3C6-2FEF3A4543CF}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{60347AB5-7A70-4047-B8A9-CE893667F8A3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1EB83BAA-2EFB-46BE-ACDD-620FA98DFDB4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{4EAF85DE-8038-422E-A37D-43A72AC43495}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{B47C4E08-73D0-40E2-B2B3-D39310D711F9}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= UDP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application "UDP Query User{8011079D-C6F9-47A4-B794-3C9DC2060D5D}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= TCP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application "TCP Query User{12BC126D-D927-4252-B76F-F622E8EE8B18}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare "UDP Query User{5318CE24-74B3-4EDE-90CB-BF3F74BF93C2}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare "TCP Query User{C165ECA7-49E9-414B-BAA5-7B51B9052AC6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{51FC67EF-F49E-401C-82CE-67088F3C6411}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-06-25 226328] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-05-20 3663360] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-06 44576] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] R4 DOSMEMIO;MEMIO;c:\windows\System32\MEMIO.SYS [2008-12-07 4300] R4 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2008-06-25 13312] R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R4 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [2008-10-16 98984] R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-14 603904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2009-01-20 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:07] 2009-01-19 c:\windows\Tasks\NeroLiveEpgUpdate-Angela_Iwan.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51] 2009-01-20 c:\windows\Tasks\SupBackGroundTask.job - c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [] . . ------- Zusätzlicher Suchlauf ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://start.icq.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\users\Iwan\AppData\Roaming\Mozilla\Firefox\Profiles\wa74m6y2.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 18:24:40 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2009-01-20 18:26:42 ComboFix-quarantined-files.txt 2009-01-20 17:26:40 ComboFix2.txt 2009-01-19 22:50:41 Vor Suchlauf: 24 Verzeichnis(se), 103.794.597.888 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 103,865,675,776 Bytes frei 356 --- E O F --- 2009-01-20 09:24:11