ComboFix 08-06-10.5 - anna 2008-06-12 12:30:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1211 [GMT 2:00] ausgeführt von:: C:\Users\anna\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\AKUEeMoq.ini C:\Windows\System32\AKUEeMoq.ini2 C:\Windows\system32\egjjPqss.ini C:\Windows\System32\egjjPqss.ini2 C:\Windows\system32\fehrwmjn.ini C:\Windows\System32\fwogiagq.ini C:\Windows\system32\khfFUNHB.dll C:\Windows\system32\pmqcffyl.dll C:\Windows\System32\QAbKUvut.ini C:\Windows\System32\QAbKUvut.ini2 C:\Windows\system32\qgaigowf.dll C:\Windows\system32\qoMeEUKA.dll C:\Windows\system32\tuvUKbAQ.dll C:\Windows\system32\wogtbwik.dll C:\Windows\system32\x64 C:\Windows\system32\xxyvuvvS.dll C:\Windows\system32\xxywUKcc.dll . ((((((((((((((((((((((( Dateien erstellt von 2008-05-12 bis 2008-06-12 )))))))))))))))))))))))))))))) . Keine neuen Dateien erstellt in diesem Zeitraum . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 10:34 --------- d-----w C:\Users\anna\AppData\Roaming\Free Download Manager 2008-06-12 10:06 --------- d-----w C:\Users\anna\AppData\Roaming\Skype 2008-06-12 10:05 --------- d-----w C:\Users\anna\AppData\Roaming\OpenOffice.org2 2008-06-12 09:58 --------- d-----w C:\Users\anna\AppData\Roaming\skypePM 2008-06-12 09:44 --------- d-----w C:\Program Files\Panda Security 2008-06-12 09:15 --------- d-----w C:\Program Files\Trend Micro 2008-06-11 12:49 --------- d-----w C:\Program Files\CCleaner 2008-06-10 20:54 --------- d-----w C:\Users\anna\AppData\Roaming\Apple Computer 2008-06-10 19:02 605,184 ----a-w C:\Windows\System32\ssqPjjge.dll 2008-06-10 16:44 --------- d-----w C:\Users\anna\AppData\Roaming\Azureus 2008-06-09 22:01 --------- d-----w C:\Users\anna\AppData\Roaming\phonostar-Player 2008-06-09 17:08 --------- d-----w C:\ProgramData\FLEXnet 2008-06-09 16:41 58,880 ----a-w C:\Windows\System32\awtqqqnN.dll 2008-06-09 16:13 --------- d-----w C:\Program Files\Foxit Software 2008-05-25 21:57 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG 2008-05-25 21:57 --------- d-----w C:\Program Files\Free Download Manager 2008-05-22 22:46 --------- d-----w C:\Program Files\Canon 2008-05-22 22:45 --------- d-----w C:\Program Files\Common Files\Canon 2008-05-20 12:56 --------- d-----w C:\Program Files\Bonjour 2008-05-19 21:34 --------- d-----w C:\Program Files\Red Kawa 2008-05-19 21:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-15 15:59 --------- d-----w C:\Program Files\MODupRemover 2008-05-15 12:18 --------- d-----w C:\Program Files\Azureus 2008-05-14 01:03 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-13 21:29 --------- d-----w C:\Users\anna\AppData\Roaming\gtk-2.0 2008-05-13 19:03 --------- d-----w C:\Program Files\GIMP-2.0 2008-05-13 18:55 --------- d-----w C:\Program Files\Safari 2008-05-13 18:54 --------- d-----w C:\Program Files\Apple Software Update 2008-05-06 19:07 --------- d-----w C:\Program Files\Common Files\xing shared 2008-05-06 19:07 --------- d-----w C:\Program Files\Common Files\Real 2008-05-03 11:30 --------- d-----w C:\Program Files\VoipCheapCom 2008-05-03 11:25 --------- d-----w C:\Users\anna\AppData\Roaming\VoipCheapCom 2008-04-24 11:14 --------- d-----w C:\Users\anna\AppData\Roaming\Image Zone Express 2008-04-22 16:26 106,496 ----a-w C:\Windows\System32\HPSTDSoap.dll 2008-04-22 16:02 163,840 ----a-w C:\Windows\System32\hppatusg01.dll 2008-04-22 16:02 126,976 ----a-w C:\Windows\System32\HPDevEnm.dll 2008-04-13 17:13 --------- d-----w C:\ProgramData\ZoomBrowser 2008-04-12 08:34 --------- d-----w C:\Program Files\TweakVI 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-03-08 00:21 32 ----a-w C:\Users\All Users\ezsid.dat 2008-03-08 00:21 32 ----a-w C:\ProgramData\ezsid.dat 2007-09-15 10:41 0 ----a-w C:\Users\anna\AppData\Roaming\wklnhst.dat 2007-09-14 17:42 174 --sha-w C:\Program Files\desktop.ini . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:11 1232896] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [2007-12-05 17:10 98304] "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-12-05 17:14 126976] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [2007-02-20 14:23 7202360] "Simplify Media"="C:\Users\anna\AppData\Local\Simplify Media\SimplifyMedia.exe" [2008-05-16 11:47 11184136] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 10:05 106496] "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 10:02 81920] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 3772416 C:\Windows\RtHDVCpl.exe] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136] "KnexStarter"="C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728] "RunTasktray"="C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-17 08:54 12288] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 09:52 262401] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-26 11:53 492912] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 21:07 185896] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992] C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-09-14 19:34:29 967168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-12 18:51:48 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{75FE628A-0EA6-4E7D-B663-A724E377640D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F4DD84CE-E17A-4B85-A1FC-89B2F1AC2696}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4BDAD0C4-480A-4EED-820F-36D05F16A69D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{10526763-4111-453A-94E1-CD41D5BBF8F4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{98B96728-6812-44F6-ABD4-AC834EA74052}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1FBF5C60-29FE-4EED-BEFF-0E68502FE8A8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{198FD9A9-8D1C-437E-8934-02CE13FA261B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{2B3F9092-4D4B-463B-8A1F-CD9663F0CFE3}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{B90A9CC3-4E22-4495-BDC1-149042B05A25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{4208924E-746A-490D-B832-AAB5C480E9CF}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{C34F8FB0-B3EE-4AD8-AC3C-FBA121A3A399}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{BDFB26BF-A458-4D7F-B0E4-3E225BF0B3C4}C:\\users\\anna\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\anna\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{53B37A4F-78CF-41AB-B5BB-90CA3BAC4CAA}C:\\users\\anna\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\anna\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{6D139940-0319-46E6-8FA4-3B25777B2F66}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{D3EF685E-4C9F-454C-BB58-F728DB5891DB}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{72391A80-B41F-479C-BEA5-6751235BEAB6}"= UDP:14456:Azureus Ernesto "{7069354F-D9E1-4163-92C9-BF8185696B4A}"= UDP:990:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{B39B93FB-2FBE-441E-A769-9879B4AA8D4C}"= UDP:5721:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{2B89BADB-858F-4D87-B424-553326801DEC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{5402CB27-D5E3-4EA4-BC52-5FE3996D9700}"= UDP:5678:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{E72C1562-EC42-4E0D-A5CD-9C01B006B94A}"= UDP:999:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{DD78AB46-AEA1-4B5F-8687-8F32851F9DDE}"= UDP:26675:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{A8823093-17C5-4847-AC32-76E2AAEF28D4}"= UDP:990:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "TCP Query User{5EE102DD-77F2-4B13-96D6-C1D7B49FD5C9}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exe:ps_olect "UDP Query User{348F674C-BC6E-4FD1-8AC0-0A406D91F22C}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exe:ps_olect "{5BF24BF5-441A-468B-8DD2-4C36D44BD65B}"= UDP:50001:Azureus1 "{3E216593-E634-4675-A942-3DFA993F946C}"= TCP:50001:Azureus "TCP Query User{6433B0AC-5BE9-4CDA-A3DF-F084E6BD448B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B8C8451D-DCBE-40FE-B94B-E7E5AAE90545}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B45340CD-19A2-4919-982C-E2D658D2A78C}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exe:ps_olect "UDP Query User{D63AA736-5F00-4A83-98D7-474DC3F769A8}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exe:ps_olect "TCP Query User{4EBB9B60-90E1-4A74-9A92-3B0C317A529B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{239D9813-9FDE-4B1F-A9C0-27BF8CC2BA86}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{C032C1E6-5D79-451A-986C-9C2D52F62EDB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6B960225-2769-451E-A922-DDD3F47FF263}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{20690B30-AA11-47B0-9C5C-A45FECED7E46}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{62B8C8AA-33BB-431D-A304-BAAD09FE530A}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{8658AE57-944E-4D6E-A678-2C3BC776B3C3}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{66DEB1B8-47BA-40D1-A3C0-553362FDD4F5}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{B01F66D4-D01F-45F3-B68C-F2A15F193338}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "TCP Query User{9D7A1FC2-BF54-492B-81CD-AEEBAEFECA62}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{A768B4C9-BC45-4F77-A2A9-6DEA03E34A74}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9F490FD0-2012-4B63-AC48-151E4E5C6F22}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "UDP Query User{FBBE60F0-19F6-49F1-A578-A27B3BA739B5}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "{4DC66C16-0BCB-4707-92AD-CD318C6D2827}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{980D8D50-2739-49AD-B50C-EB00E087D09A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{1C86748D-F9BB-403B-A578-715E6AC616D9}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= UDP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "UDP Query User{A552AD9C-D0F6-4661-8B74-F3E7315ABC38}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= TCP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "TCP Query User{4B5B902A-6B86-46AB-AB60-CB020DCE5FC5}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= UDP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "UDP Query User{AD7D1EF4-64D9-467E-A071-C29AFEE84099}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= TCP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "TCP Query User{9B103C43-9B66-4DA3-BF6F-1F833E134B3A}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{C5B03868-DF33-4E23-9BE3-D1319963CF21}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{EEF9B25A-4034-4353-BA67-596D32905343}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{45A828D4-7499-481A-881A-C0433C391556}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 11:53] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 11:29] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 13:48] S3 Droppix Service;Droppix Service;"C:\Program Files\Common Files\Droppix\DxService.exe" [2007-04-05 18:00] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 13:20:18 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\conime.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.bin C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-06-12 13:26:46 - machine was rebooted [anna] ComboFix-quarantined-files.txt 2008-06-12 11:25:35 Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. Das System hat keinen Meldungstext fr die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. 263 --- E O F --- 2008-06-06 11:00:33