Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nochmal skype/facebook trojaner :( pc fast tot..

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2010, 20:08   #1
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



hallo

bin durch die googlesuche auf euer forum gestoßen
und dachte mir, ich versuche es dann einmal hier^^
es kann ja nur besser werden

vor etwa 2 *öhm* tagen habe ich netterweise im skype einen link erwischt
( de klassischen facebook, bla bla..) anstatt das fenster zu schließen. er lud *ohne abfrage* etwas runter und installierte es netterweise direkt.
ich ließ maleware durchlaufen, er fand nichts, alles ok dachte ich .. *dumm*

im gegensatz zu allen anderen, die das problem bisher hier hatten, verschickt er bei mir die links nicht weiter, leider spinnt jetzt aber der pc.. neuerdings massiv.
zuerst nur der skype, mittlerweile geht der mediaplayer, winamp, mailproggi und sonstiges nicht mehr. mein FF zickt auch rum, selenium geht gar nimmer, die anzeige der programme verändert sich und es wird recht nervtötend..

edit 19:45 : nun ist es so schlimm, dass mir weder programme noch ordner direkt geöffnet werden, ich bekomme generell nurnoch den geliebten ladekringel und die meldeung, das programm reagiert nicht.. etwa 5 min später öffnet sich dann der ordner.. programme wie windoof mail oder ff funktionieren gar nicht mehr

ich war dann mal so frei mir den tip von john.doe zu herzen zu nehmen..
also ab zu " für allen neuen" gelesen und punkt 2, alternative b abgearbeitet

edit 19:50
ordner schließen geht auch nicht mehr.. programm reagiert nicht, wenn er dann schließt, schließt er direkt den explorer mit.. nurnoch HG bild.. neu herstellen des desktops sieht nun auch komisch aus und anders (windows98 startleiste und nettes grau)
19:53.. desktopsymbole wieder da
rechtsklick auf otl bringt ladekringel, erneutes explorer regaiert nicht fenster, neu aufbau des desktops
______________________________________

ich nutze einen acer laptop.. dankenswerter weise mit windoof vista

OTL.Txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05/09/2010 19:55:53 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.howrse.de"
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 22:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 22:00:09 | 000,000,000 | ---D | M]
 
[2009/07/13 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions
[2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions
[2009/08/05 01:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010/05/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\FasterFox_Lite@BigRedBrent
[2009/10/26 22:21:40 | 000,003,915 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\je3qjhb6.default\searchplugins\sweetim.xml
[2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/02/20 14:58:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/02/20 14:58:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/02/20 14:58:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/02/20 14:58:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/02/20 14:58:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Konni Symbol Autostart] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/05 19:44:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2010/09/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/09/03 16:33:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/09/03 15:33:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/02 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2010/09/02 23:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/02 23:38:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/02 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/11 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Real
[2010/05/12 00:41:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe99B1.dll
[2009/06/14 04:12:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010/09/05 19:52:25 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT
[2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 16:14:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/05 16:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/05 16:14:07 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 16:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 16:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/05 16:12:47 | 003,513,796 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db
[2010/09/05 08:53:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job
[2010/09/04 21:53:20 | 000,005,756 | ---- | M] () -- C:\Windows\8324.exe
[2010/09/04 05:58:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job
[2010/09/03 23:17:08 | 000,083,100 | ---- | M] () -- E:\Anke_Wischer_Digitalfunk.htm
[2010/09/03 16:33:38 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 23:38:32 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 08:49:57 | 000,002,306 | ---- | M] () -- C:\Windows\mdll.dl
[2010/08/29 09:05:35 | 000,038,684 | ---- | M] () -- E:\246 bus alles.pdf
[2010/08/27 19:54:24 | 000,042,477 | ---- | M] () -- E:\184 bus.pdf
[2010/08/27 19:44:55 | 000,037,667 | ---- | M] () -- E:\246 bus.pdf
[2010/08/16 18:55:47 | 000,014,585 | ---- | M] () -- E:\ich neu.jpg
[2010/08/16 18:44:50 | 000,045,110 | ---- | M] () -- E:\Picture0015.jpg
[2010/08/16 18:44:48 | 000,045,128 | ---- | M] () -- E:\Picture0014.jpg
[2010/08/16 18:44:08 | 000,047,470 | ---- | M] () -- E:\Picture0013.jpg
[2010/08/16 18:43:05 | 000,047,890 | ---- | M] () -- E:\Picture0012.jpg
[2010/08/16 18:42:57 | 000,047,959 | ---- | M] () -- E:\Picture0011.jpg
[2010/08/16 18:42:22 | 000,047,671 | ---- | M] () -- E:\Picture0010.jpg
[2010/08/16 18:42:12 | 000,047,683 | ---- | M] () -- E:\Picture0009.jpg
[2010/08/16 18:41:58 | 000,048,419 | ---- | M] () -- E:\Picture0008.jpg
[2010/08/16 18:41:01 | 000,046,650 | ---- | M] () -- E:\Picture0007.jpg
[2010/08/16 18:40:52 | 000,046,832 | ---- | M] () -- E:\Picture0006.jpg
[2010/08/14 22:49:53 | 000,014,336 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 22:00:07 | 000,027,648 | ---- | M] () -- E:\Marathon_OV Nordwest.xls
[2010/08/14 02:07:20 | 000,089,480 | ---- | M] () -- C:\Users\Angie\Desktop\tauben.jpg
[2010/08/12 02:15:32 | 000,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/08/11 20:51:59 | 000,786,053 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00031.JPG
[2010/08/11 19:07:33 | 000,750,681 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00032.JPG
[2010/08/11 18:26:34 | 000,071,203 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg
[2010/08/11 18:24:43 | 000,059,925 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.39.jpg
[2010/08/11 18:21:42 | 000,039,957 | ---- | M] () -- E:\Photo on 2010-08-11 at 14.34.jpg
 
========== Files Created - No Company Name ==========
 
[2010/09/04 21:53:20 | 000,005,756 | ---- | C] () -- C:\Windows\8324.exe
[2010/09/03 23:17:07 | 000,083,100 | ---- | C] () -- E:\Anke_Wischer_Digitalfunk.htm
[2010/09/03 16:33:38 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 23:38:32 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 08:49:57 | 000,002,306 | ---- | C] () -- C:\Windows\mdll.dl
[2010/08/29 09:05:35 | 000,038,684 | ---- | C] () -- E:\246 bus alles.pdf
[2010/08/27 19:54:24 | 000,042,477 | ---- | C] () -- E:\184 bus.pdf
[2010/08/27 19:44:55 | 000,037,667 | ---- | C] () -- E:\246 bus.pdf
[2010/08/16 18:55:47 | 000,014,585 | ---- | C] () -- E:\ich neu.jpg
[2010/08/16 18:44:50 | 000,045,110 | ---- | C] () -- E:\Picture0015.jpg
[2010/08/16 18:44:48 | 000,045,128 | ---- | C] () -- E:\Picture0014.jpg
[2010/08/16 18:44:08 | 000,047,470 | ---- | C] () -- E:\Picture0013.jpg
[2010/08/16 18:43:05 | 000,047,890 | ---- | C] () -- E:\Picture0012.jpg
[2010/08/16 18:42:57 | 000,047,959 | ---- | C] () -- E:\Picture0011.jpg
[2010/08/16 18:42:22 | 000,047,671 | ---- | C] () -- E:\Picture0010.jpg
[2010/08/16 18:42:12 | 000,047,683 | ---- | C] () -- E:\Picture0009.jpg
[2010/08/16 18:41:57 | 000,048,419 | ---- | C] () -- E:\Picture0008.jpg
[2010/08/16 18:41:01 | 000,046,650 | ---- | C] () -- E:\Picture0007.jpg
[2010/08/16 18:40:52 | 000,046,832 | ---- | C] () -- E:\Picture0006.jpg
[2010/08/14 22:00:07 | 000,027,648 | ---- | C] () -- E:\Marathon_OV Nordwest.xls
[2010/08/14 02:07:19 | 000,089,480 | ---- | C] () -- C:\Users\Angie\Desktop\tauben.jpg
[2010/08/12 02:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/08/11 19:06:10 | 000,786,053 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00031.JPG
[2010/08/11 19:06:10 | 000,750,681 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00032.JPG
[2010/08/11 18:26:33 | 000,071,203 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg
[2010/08/11 18:24:42 | 000,059,925 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.39.jpg
[2010/08/11 18:21:41 | 000,039,957 | ---- | C] () -- E:\Photo on 2010-08-11 at 14.34.jpg
[2010/02/15 11:45:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/15 19:08:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 05:06:55 | 000,277,248 | ---- | C] () -- C:\Programme\kinginstaller.exe
[2009/08/06 14:35:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2009/08/04 06:10:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/04 05:19:04 | 000,014,336 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 16:59:07 | 000,006,836 | ---- | C] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat
[2009/07/08 23:56:11 | 000,000,000 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\wklnhst.dat
[2009/06/14 04:02:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/14 04:02:34 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/06/13 19:41:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/06/13 19:29:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/13 19:29:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/03/12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/02/11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009/07/08 23:49:11 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.#
[2009/03/12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Acer GameZone Console
[2010/02/15 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited
[2009/07/08 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eSobi
[2010/07/09 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ
[2009/07/08 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PowerCinema
[2010/06/30 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\RagTime
[2009/07/08 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftDMA
[2010/05/12 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony
[2010/05/12 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony Setup
[2009/07/08 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Template
[2010/09/05 16:34:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
< End of report >
         
--- --- ---




Extras.Txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05/09/2010 19:55:53 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002253FB-8111-493F-8D8C-4FE66B903955}" = rport=138 | protocol=17 | dir=out | app=system | 
"{19BD3B49-4960-46E2-BFDF-26630FA2FEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A5C067B-8408-48B3-BA04-97BDF48F64E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1A6EB95F-08A1-4B60-91A4-478E3E712762}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1C2EA5E6-527D-487A-AED6-6294BBA02018}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1FAEDC48-8C84-454C-9D6E-362F2A31CF19}" = rport=137 | protocol=17 | dir=out | app=system | 
"{205AA3E9-878C-42FD-A9C8-027C00994362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41A06BD5-2397-402A-9173-3A9252D0D841}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{46996488-4F91-4353-AE7A-257708BF6C23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{46EA0D08-1753-4C43-91E3-A4FC6DFB18A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B0B4E6C-CA7C-4279-9F94-27BBA5354CBC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{548CB954-9003-4906-9103-309F5F9CDEC8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{56ED778A-FCE6-42EF-ADB2-6F3B2E5AC918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5AC8DFF5-14F5-41EE-98A8-0C850DF292FE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{64C1142C-9E37-406E-ABAB-8ACCFCC91820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{65BC738A-B27D-4B97-B1CB-F4AB37E74E2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{67A9AC51-01DF-4C14-8C8F-EA54202531A1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74A61EEC-8F86-44CF-9BF8-E33B445B2CFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BF5F8B7-61E9-47C9-8D16-1E50F81DEA2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81794BB4-902C-4831-AB14-74DC7FB50E3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83A3F5F3-1877-46F2-BC12-5C5A5EAF93C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{870738C7-122C-48A8-9714-D8CCA4AB7F8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8C573BB4-FC4F-481C-BB91-344957B18386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A72222D-BB2B-4EB5-8E66-0C2F4A232D34}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0B5B23E-A394-4B78-95A0-1C6A7ECF8503}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0FC8839-3101-4A32-870A-5624DC32E59A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A463C226-CDB2-4BAF-8FD3-845CA09207B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C5C69A10-A922-44A1-AF2D-A2DEB45300DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE8E3522-7288-4F7F-B9E4-E558B7B7ED58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC8396A3-72E6-4CD7-8021-B0A954D6F312}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E54A7353-CB4B-4939-813E-330BB4618509}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6F1BC5F-C0D7-49FC-9988-497B96F1D87C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EF6CDA77-88FF-43FA-81C8-B843F5223134}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F268246E-4232-4F19-98D8-C94EF25708CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F731B571-7547-4C5C-A03F-D840FCC01763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00966F49-96FF-4F32-8B31-C9FCAE5AF1C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00AC1766-45AD-46AC-9A7E-901F9A6BEA7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01B01350-67C5-47C9-9383-5B94B3C26C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02DF2DB2-B260-4119-AB7E-C402FC9C4741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{038B6C9D-2A2E-4B5B-9666-27823ACB66DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05097973-C81F-47FD-88B0-9DF9417DBA98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06A089F2-2C10-4A88-AE04-10E7510B804C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06DEEC60-AD69-495F-A40F-90174896742C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0A1CB352-B9DF-48E7-9CD3-F4A49C081DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AE27C66-95C3-4C67-A571-0B9C3C6517B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B243332-640B-4B4F-B853-781D52482084}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C62C1FD-728F-4BEF-B023-27F3DEFB5505}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DB7E2A4-8B3F-4905-9661-E7E592570948}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E2510B3-80D4-4DF4-8B6A-07F5295AD4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0ECCC38C-D509-41D3-A302-7CCEE51EBABA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{0FC430C0-8271-4AD2-B1B4-58F8F824A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12BEEE10-E77C-4170-B738-23BB132485E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12FEA2B0-8080-43E6-9220-7E69341EACAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14796318-4573-4EC3-B6BF-AFEB1D92CCF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15179141-B0E4-48AF-902A-DBFB15E8B89E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{173EF7A9-C6B7-4989-AEA6-6A10EA8BB00B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1944BF22-ABD2-42C1-8E56-8160F95C6DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A20ABAF-42A3-40EF-94FE-D9C72FDA87FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1AFE5958-A700-4DEA-B42C-0DEDD4E0E664}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B558AEC-04CE-4D04-ACA4-718D96984345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20734789-895C-4A22-BD29-657B914554B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20A1B0A8-B20A-4267-AB0F-836FDC7573BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21911FFC-2D78-448F-B458-E0806B1C2AD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2209900A-1353-4D99-89CA-CD089F61FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23527E07-0245-4FCE-9266-8F2FCCB093FC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{23B5A813-957D-4C0F-B7BA-3AB9220AEEF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23C567C9-EA64-406B-AF35-26975A931C60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24F9BFE8-7715-4DA8-AC39-FE37229D5174}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{294F02E8-E669-4380-9262-A925034ADD7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A000E8D-D5A0-44EE-9136-24FF29B6A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2AAAA09B-2321-46E8-8F97-E8D5BC5B9D71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AB3F2AE-4DE5-466F-91A1-6F22A11DBC80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2B1685A2-E789-4488-A618-4E3EE05ECF78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B18465E-979D-47A0-BE1F-7F4F71FA1BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D1F2A62-674A-46EF-BF69-7D8732F37585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D2B0AC6-3697-4919-8DB8-0253D894878F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EE9D84E-4503-4FD3-ABC8-01BD3B9717E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3354CB6E-CA89-42D3-B283-46E435A1791D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33576203-4FE0-43B5-B04E-7325E7F30FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36E945EC-E1C5-4468-9D3D-F3210EB94393}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{372C6BDC-0E4A-4BE5-A1C5-CD024217FDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{399B34A0-9587-47E4-A833-EABD2C0BD8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AD901E8-BED7-4F36-BA43-09AEACAC923C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{3BB7ED2C-0C1F-426E-8CAB-9B81F68ABAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C909559-0330-48ED-BBEB-D210A5594911}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D31B782-6DA6-47F8-96E7-0551A6750C88}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EFAEBF1-9967-4030-AC39-14B7E35553E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F1E37A4-CB79-4693-9886-7C82504D2173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F25CD5F-6A5B-4924-B3B9-2240A8CA48D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F4E4B58-96D5-4A47-BF9C-7CCA950D5E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{410DA5AC-DB88-4EA1-AFFF-0259AEB21832}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{423C276C-BA6B-4517-8EF9-BB52B1302025}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{425463A4-5295-4567-8C76-BB194AC59E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43F9DE61-8C32-4167-9667-F20ECF7B512E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46CE3B86-AF71-4C98-ADEB-7979C4FB93F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{470F99BE-FD69-406B-AA07-74CDF177C678}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A28905B-25FD-4DE8-8158-C084C80D64FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AB8BD5A-DBD2-4C77-BAEE-A710F346E067}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AEFFE5E-ED7B-4195-8038-73324C8C94A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C5CE82B-0AB1-417E-949B-CAA93B4329B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4EF3B4FA-702D-41B0-B739-E3706471CA24}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4FA5AE56-3236-421E-8DFC-74B837509C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51E1832B-2233-414B-8653-CDBBA7AB3424}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5310B265-55B9-4429-BD19-6D46995988E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{540E9C19-CEAE-47E4-A021-5682D23CDCEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54C65328-84C7-4CAA-BE96-FDD855E8F087}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{555C9C64-5CEF-42FB-8CED-BC4E048A158F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55CFF8D5-768C-4406-AE55-FCDF4971D3B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55F47EF4-708D-4F70-9D06-7C5A0CDA6B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5AC5F67F-E889-4605-9018-DA5AEB346C54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D1D19F6-4586-4E99-855C-E0F0B06D148C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F85D6F9-075B-4188-B58E-A89A1EEB8CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6159FA66-6E24-483A-B1F0-1D5BC45A4E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61800C7F-E6B4-4985-8124-D5A8200D0443}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{619AE4B3-ACD5-47C2-A390-7E56063FA9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61E31FF2-FE76-48F9-BE5F-D2CFED3EFE23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61F2FBD8-65DC-4EC5-AE80-424F2D4530CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{663847B5-D5D5-468A-932C-56EC929BE32C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67E84425-56A5-4C22-9A2E-FACC85130568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67F51BDB-4B82-41B0-AB8F-9667D20E02AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{695054EB-2CB4-4BF0-BA51-CA3145E9ACAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A4BD658-B25F-4252-ABF7-C1E6F125A06D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A609438-6FDB-4A55-99F9-CA9BD7B64C01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C49262D-93A6-4D56-8F5F-7A917F7D7848}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D3D0CE4-9F42-483D-BB0E-0D57CB17C478}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D417D9D-AD11-4B5D-B80C-C4A433745C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6ED0606F-5CD0-468F-993B-A237B96F9682}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7072DD3C-366B-44C3-83C4-EACCF2E730F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72BF4C9F-B512-4E70-94A4-AB9FB74AFD6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{748C40C6-F247-4C3E-A84D-F3AFB0CC81BF}" = protocol=6 | dir=out | app=system | 
"{760C0A94-DB46-4F56-BBE0-2F948A3F1CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{790F72A1-1D05-4393-9961-DD760919E575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7CAA0DF9-432B-49EE-AB73-3A99D1BF12C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EFCE4E6-3EDB-4E81-9BC3-D2E87FE04E98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80BA43BB-2B6D-4123-AE41-CD37E97405BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81FA4485-370D-4BEC-9F93-C06EC7EE902C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82EA1A71-1048-4A8F-8623-C9CAB8601B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8402320C-F2B1-4124-BA73-BF947B24E803}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87095435-7B7E-4829-9E4F-6713BA7C89D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8744B6E1-B9BA-4D77-B73F-981915444355}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87D6A64B-FF41-4ED7-82F9-973BC1FE1DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88EA246D-FF7A-4C19-8DA3-6C0ED3B130EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B33C7A5-E952-4F93-9FCB-D0C373BC3293}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B795094-33A6-4BA4-BA81-FD24A040B1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{8D83B621-8E53-4832-80B0-81C75F1D06A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E32ED12-756E-4686-AF5F-7907E588BEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EF50985-CA3C-4C1A-BE87-D81B01BBD4D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F389412-BCC8-4D2E-9616-FD8FF4E63878}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FDD07C3-CEB6-4EA8-A6A4-356F43B65F96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92CF269B-6A09-48F0-89FA-D9D4FEDEA6E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{930DD5A3-A5DC-4760-9868-D095CA7AF750}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97BC41E2-F117-4EA5-813B-A4C89AF7DD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A027706-8028-4171-AC71-F42697BFEDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A88FDEA-6CEA-4F90-AA4F-266431D1E84F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B3E36F7-741D-4881-8470-52510F170302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B5D0C6A-CB1C-4417-ABED-874C32FE90EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C9111C7-479C-4E9C-8B04-4C3389ED945C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CEFCD46-5D70-4115-B3C9-9697177ACAA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4F1CFE-3F81-4E1F-9D6B-514E1DDCDED5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EB9CEBE-698B-4280-A2F8-97928CA8555B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F8D7A15-E3A9-40F4-94BB-9994737E03CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A00CCEFD-C8BD-48D3-946F-ACBE0A5B24C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A260D41F-DE29-44E8-B8CC-326E6E647175}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3FB3839-B73C-4D0A-80C3-82B94AE6ACB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8352E8B-9E48-4CE2-8A9C-4B10EF509705}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABF718D2-25BE-4FBB-8FD5-3615BD3A0A24}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACE0BE68-F64B-48A5-BD20-78A51C83DC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B0D0C236-E391-4091-AA8F-55A203AB488D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1F2FB23-5810-41BE-A48C-835BCB5285EF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B2807599-1B42-41EE-BB96-CE8029863816}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B28B1248-0E20-410A-BCA3-80C7152A4C60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B41FE0C8-4763-447A-B6E2-04DA1A23E31B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5A5CA62-4A34-41BB-89BA-2149E8103405}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8EDE7FF-97B8-40F5-96D8-21D356CA356A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B93E6D8B-3E54-4248-B90B-AE41DE84D512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B97364EC-ECE5-4AB6-B6EF-5352B072306A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9DB2248-4913-4D2E-B057-EC910A885275}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BA682CD8-3870-4BBD-9E4A-39C4859F5176}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB8E4DAE-7295-4B64-B3E0-BBC4086C8336}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD20BE07-1257-417C-B737-461CE4A265CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD72969E-0B48-4FDC-8075-BDC20E31CD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE373EBE-DC57-470B-BB8C-83162A987875}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C0EA2EE0-C701-42AB-B5F1-070F58AF0702}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C434F41E-D532-4396-B4E5-E04924ABB2AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6F0EF84-A30E-485C-ABCA-86D0FD43089A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7BFB823-DB3F-4F80-AD9B-544EF9B5714F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{CA37F058-3774-4EEE-A546-A0FA93BE704A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CABC44DD-281E-4BFA-8483-359A2321C620}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB4C0250-A5C9-485A-BD81-C3917247122F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBED2B53-8EE7-4722-A551-3BD26A360368}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBF61C91-2513-439E-83E4-DA615ECC87C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC4ABCCB-7956-4A42-8CAA-D5B2728A3616}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDEC9F74-8BFF-4E97-8810-58321BC52AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2914453-D1C6-4589-9D6C-AC975685692F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D603291E-E047-4562-A057-DA9361D2E174}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6F4CC75-F859-4F03-8E1A-1D5D4B61A09F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7BA6583-97F5-413D-A96B-ABE5417B4A68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA84622D-D6C8-412C-AC31-8EF4592E88BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAF02180-DEFF-442C-9C9E-ABE49146D8D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBA9A40C-5D9B-4C93-B6E1-8F9215BBB763}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDC5A573-E0FE-425F-9DE3-09B02BEC25D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDD53577-41B3-4983-A138-B990C82EC949}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFC12F3B-FBDF-40F3-9757-60B5450DE5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E019B3C0-38CA-4748-A1CD-6BCEC181BE29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E13C2D1A-72DF-422A-97BF-5B154218C7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E34A0187-0195-4BAA-891A-5BE92AAC9E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E71ABA41-55D5-4814-B9BC-A659EB35A81D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E8EC6E04-149E-4A25-AC78-9D2054A98577}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9ADE639-3444-4F18-8FD1-88F740605114}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9EBA9F8-ED13-44EF-AFE4-A3B2F7EBA0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA5283B1-06ED-4FA5-8330-79CE22AB856D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EDEDCB27-8BC5-4782-AF56-83E8DDB8782C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3968EB-2FF2-4F8D-A194-4222700CDE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0DD0882-94C9-47D7-9303-EF5F19A28C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1742235-836C-440C-A575-25E3F2A23B35}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9A4CAFE-55B0-4235-8D30-2F1611C09805}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA349256-62AB-4628-9D27-AF6A71CFB4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB478DF5-7EB7-471F-8265-37D5BA6247D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC697F3E-FB1B-4FB7-A6EF-DE7D8244F7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCA278E4-9FB8-4102-ABFB-6A686FB8ECE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDAA49D4-9EF1-4933-820C-A098BA9F903F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE6BDB79-B8E3-4018-AB09-DCEBE80D6778}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{452FA0D7-E6B5-490B-A114-138B076DDE60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{717575D6-7316-4A0A-A073-C6D3693018CD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8DE3DC45-72D3-4477-8388-BCAE7F396D40}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"TCP Query User{A4515D09-015C-4944-A1DF-AA369B565ACC}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"TCP Query User{A5977D0A-52F5-43C9-8957-D7332C5015B3}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"TCP Query User{C34A31D8-1D36-4E3A-B90A-9395A4A01D56}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D9558383-6142-4F64-AED2-5FB636A7335A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{EC12E8AC-B9A3-43E4-A573-4FD5CF0C0CAE}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{0EDF8570-E9FD-4AB1-8E07-B37F4F8C8C54}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3E8AEC1D-A00D-4A1F-808C-1F5D1F8BBA30}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{43A72232-85A2-41C5-84D8-7CC67B693088}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"UDP Query User{646FBF5E-DA06-4310-8284-D8A2FE0C01B8}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{AA1BE46D-0805-4C59-944D-A2EAD914B27A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{B22784E9-8714-497B-B27C-5BDBFDE88AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{D474BDE0-C138-463D-B907-0286696FA73E}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"UDP Query User{EA4F24EC-4C69-40FE-B387-F4EE69190DC1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B836CE46-F408-4DD4-9F65-0CE6937CF470}" = Dungeon Lords
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PicSizer" = PicSizer
"RagTime Privat" = RagTime Privat
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16/06/2010 08:40:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 17/06/2010 19:19:35 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/06/2010 07:56:08 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/06/2010 09:14:37 | Computer Name = angie-lappi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 0.0.0.0, Zeitstempel 0x4c05deaa,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x70263d65, Prozess-ID 0x12fc, Anwendungsstartzeit 01cb0edd5ac4b5b1.
 
Error - 22/06/2010 20:46:21 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/06/2010 09:14:41 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 24/06/2010 16:30:15 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 25/06/2010 08:20:31 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 25/06/2010 21:11:58 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 26/06/2010 04:28:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 20/11/2009 17:25:46 | Computer Name = angie-lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
 
 
[ System Events ]
Error - 05/09/2010 02:31:24 | Computer Name = angie-lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.09.2010 um 08:29:52 unerwartet heruntergefahren.
 
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05/09/2010 02:32:32 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description = 
 
Error - 05/09/2010 03:17:19 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
 
Error - 05/09/2010 10:15:38 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description = 
 
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05/09/2010 11:09:41 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
 
Error - 05/09/2010 13:50:22 | Computer Name = angie-lappi | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


das sieht grad mal ziemlich übel aus....
das seh sogar ich und ich werd den ersten post erstmal abschicken, da maleware selbst im quick-scan gute 7 min läuft und ich nicht weiß, ob mein lappi das überlebt..

vielen dank im voraus
teny

*malewarebytes report folgt*

Alt 05.09.2010, 20:13   #2
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



so, ich nochmal

das gleiche wie ich befürchtet habe.. im gegenzug zu dem, was da oben zu finden ist..
hier der mbam-log

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4550

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

05/09/2010 20:19:49
mbam-log-2010-09-05 (20-19-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133793
Laufzeit: 5 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ich lass dann doch einmal den full scan laufen

lg teny
__________________


Geändert von teny (05.09.2010 um 20:20 Uhr)

Alt 05.09.2010, 21:47   #3
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



und weil es so schön ist


hier noch einmal der mbam log vom full scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4550

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

05/09/2010 21:37:27
mbam-log-2010-09-05 (21-37-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 295819
Laufzeit: 1 Stunde(n), 9 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a8c7 (Backdoor.Bot) -> No action taken.
C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYNBO517\dcom32[1].exe (Rootkit.Dropper) -> No action taken.
C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNVM3FFZ\dcom32[1].exe (Rootkit.Dropper) -> No action taken.
C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[1].exe (Rootkit.Dropper) -> No action taken.
C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[2].exe (Rootkit.Dropper) -> No action taken.
C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDZ03FH0\dcom32[1].exe (Rootkit.Dropper) -> No action taken.


aktionen jeglicher art sind NICHT möglich,
da das programm wie immer.. den status "keine rückmeldung" hat

ich werde dann wohl mal ins bett gehen und beten, dass der laptop morgen noch lebt. von der arbeit aus werde ich mal rein schauen, ob sich jemand der herausforderung stellt mir zu helfen
ist halt mal nicht ganz so übersichtlich, wie bei den bisherigen skype-link-trojaner-problemen
*platt machen ist aktuell keine lösung^^ da ich keine system cd besitze... tja, vorinstalliert halt -.- *


lg teny
__________________

Alt 06.09.2010, 17:30   #4
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



huhu

also ein neustart brachte eher eine verbesserung...
aktuell sieht es wieder aus wie es sollte.. und funktioniert auch wieder
die frage ist nur wie lange?

zz findet mbam mal wieder nix in der suche

aber ich habe vertrauen in euch

angie

Alt 06.09.2010, 19:13   #5
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



hhm, editieren geht ja leider nimmer..

aktuell mein momentaner lieblingsfehler

hostprozess für windows-dienste funktioniert nicht mehr
Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: svchost.exe
Anwendungsversion: 6.0.6001.18000
Anwendungszeitstempel: 47918b89
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.0.6002.18005
Fehlermodulzeitstempel: 49e03821
Ausnahmecode: c000071b
Ausnahmeoffset: 000888f5
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 6153
Zusatzinformation 1: 0e02
Zusatzinformation 2: b21b56b606e7544720668ce364087082
Zusatzinformation 3: 0e02
Zusatzinformation 4: b21b56b606e7544720668ce364087082

solange ich das fenster offen lasse, und nicht auf beenden oder online lösung klicke geht der pc auch weiterhin
also lass ich sie einfach mal da.
weiß allerdings nicht, was das genau zu bedeuten hat

lg angie


Alt 07.09.2010, 08:37   #6
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



guten morgen

seit dem neustart heute blinkt alle 30 sekunden avira auf und meldet einen fund.
allerdings verschwindet das fenster nach dem piep und der meldung auch direkt wieder von alleine

melden tut er:

C:\Windows\Temp\cxvl.tmp\setup.exe
Trojanisches Pferd "TR/Dropper. Gen"

nun fiel mir auf.. er meldet nicht einen fund, er meldet alle 30 sekunden einen anderen. das fett gedruckte variiert..
insgesamt hat er 20 verschiedene gemeldet

mbam quick scan sagt 0
für den fullscan reicht die zeit leider nicht

lg angie

Alt 07.09.2010, 17:13   #7
john.doe
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



Hallo Angie und
Zitat:
er lud *ohne abfrage* etwas runter
Welchen Browser hast du benutzt? Ich sehe da MSIE, Firefox und Chrome.
Zitat:
ich ließ maleware durchlaufen, er fand nichts,
Die sind noch recht neu, es gibt sie in vielen Varianten, deshalb finden die meisten Scanner noch nichts.
Zitat:
platt machen ist aktuell keine lösung^^ da ich keine system cd besitze..
Ist auch nicht unbedingt notwendig. Fast alle Hersteller legen mittlerweile ein Image an, das nur zurückgespielt werden muss (dauert nur Minuten). Vorher aber unbedingt alle deine Daten auf externe Datenträger sichern, sonst sind die weg. Falls du mir die genaue Bezeichnung deines Rechners verrätst, dann kann ich in der Anleitung nachschauen.

Du hast da einen ganzen Haufen an Problemen und solltest du dich trotzdem für Bereinigung entscheiden, eines verspreche dir vorab: Das wird mehrere Tage dauern.

Zitat:
das sieht grad mal ziemlich übel aus....
Gut erkannt.

Die Einträge von Skype in der Firewall habe ich so noch nicht gesehen.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

1.) Lade die Datei
Zitat:
C:\Windows\8324.exe
bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

2.) Poste die Logs von RSIT => http://www.trojaner-board.de/74910-a...tion-tool.html

3.) Poste das Log von Avira mit folgenden Einstellungen => http://www.trojaner-board.de/54192-a...tellungen.html

4.) Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [Konni Symbol Autostart] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe"=-
:Files
E:\Downloads\Picture-0002927.JPGwww.facebook.exe
C:\Windows\nvsvc32.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

5.) Erstelle und poste neue Logs mit OTL.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 08.09.2010, 01:34   #8
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



huhu andreas

ach ja.. der browser^^
chrome.. da ff zu lahm ist und der ie ist nur drauf, weil er sich leider von mir nicht entfernen lassen will -.-

also die datei ist hochgeladen.. passt auch vom datum her -.-
*musste nur 3x neustarten, denn der hostprozess war immer schneller mit dem nicht mehr funktionieren, als ich mit dem hochladen... und sobald er nicht mehr will, bekomme ich nurnoch leere fenster..*


hier die zwei logs *juhu... ich hab begriffen, wie man die in so nen hübsches fenster packt =D *

log.txt
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:24:42, on 08/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mobile Partner Manager\UIExec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Angie\Desktop\RSIT.exe
C:\Program Files\trend micro\Angie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Mobile Partner Manager\UIExec.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Mobile Partner Manager\AssistantServices.exe

--
End of file - 8745 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-01-21 156968]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-01-21 202024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-10-24 237568]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-11 6957600]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-24 870920]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-12-26 173288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2007-01-02 520192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"UIExec"=C:\Program Files\Mobile Partner Manager\UIExec.exe [2010-01-13 133120]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Konni Symbol Autostart"= []
"Google Update"=C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-26 133104]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-09-16 772608]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-08 01:24:20 ----D---- C:\rsit
2010-09-08 01:24:20 ----D---- C:\Program Files\trend micro
2010-09-04 21:53:20 ----A---- C:\Windows\8324.exe
2010-09-03 16:33:38 ----D---- C:\Program Files\Common Files\Skype
2010-09-03 16:33:37 ----RD---- C:\Program Files\Skype
2010-09-03 15:33:55 ----SHD---- C:\Config.Msi
2010-09-02 23:38:47 ----D---- C:\Users\Angie\AppData\Roaming\Malwarebytes
2010-09-02 23:38:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-09-02 23:38:27 ----D---- C:\ProgramData\Malwarebytes
2010-09-02 23:38:27 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-09-02 23:38:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-12 02:15:32 ----A---- C:\Windows\cdplayer.ini
2010-08-11 23:27:06 ----D---- C:\ProgramData\Real
2010-08-11 23:27:06 ----D---- C:\Program Files\Common Files\Real
2010-08-11 23:27:05 ----D---- C:\Users\Angie\AppData\Roaming\Real

======List of files/folders modified in the last 1 months======

2010-09-08 01:24:32 ----D---- C:\Windows\Prefetch
2010-09-08 01:24:20 ----RD---- C:\Program Files
2010-09-08 01:23:18 ----D---- C:\Windows\Temp
2010-09-08 01:20:17 ----D---- C:\Users\Angie\AppData\Roaming\Skype
2010-09-08 00:40:56 ----D---- C:\Users\Angie\AppData\Roaming\skypePM
2010-09-07 00:44:26 ----D---- C:\Program Files\Mozilla Firefox
2010-09-05 16:50:32 ----D---- C:\Windows
2010-09-05 16:13:54 ----D---- C:\Windows\system32\drivers
2010-09-05 08:30:38 ----D---- C:\Windows\PCHEALTH
2010-09-03 20:53:55 ----SHD---- C:\System Volume Information
2010-09-03 16:33:44 ----SHD---- C:\Windows\Installer
2010-09-03 16:33:43 ----D---- C:\Windows\system32\Tasks
2010-09-03 16:33:38 ----D---- C:\Program Files\Common Files
2010-09-03 16:33:36 ----D---- C:\ProgramData\Skype
2010-09-03 15:33:42 ----D---- C:\Windows\System32
2010-09-03 15:32:53 ----D---- C:\Program Files\Common Files\microsoft shared
2010-09-02 23:54:32 ----D---- C:\Windows\Minidump
2010-09-02 23:38:27 ----HD---- C:\ProgramData
2010-08-19 00:00:20 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-12 329752]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 5120]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-09 958464]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-28 4303872]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-11 2338720]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-02-21 153952]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-12-08 41984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2009-10-29 9216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2009-10-29 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2009-10-29 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2009-10-29 105088]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-28 729088]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Mobile Partner Manager\AssistantServices.exe [2010-01-13 247296]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
         
info.txt
info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-09-08 01:24:43

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe"  -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Backup Manager-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0407
Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer Product Registration-->"C:\Program Files\InstallShield Installation Information\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ScreenSaver-->C:\Windows\Screensavers\Acer\Uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Agere Systems HDA Modem-->agrsmdel
AmIcoSingLun-->C:\Program Files\InstallShield Installation Information\{BF91B300-EEBC-4223-96F3-0FCBF7241B50}\setup.exe -runfromtemp -l0x0409
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom Gigabit NetLink Controller-->MsiExec.exe /X{9AF0B106-56F1-461B-A270-95BC1682E282}
Catalyst Control Center - Branding-->MsiExec.exe /I{E430067C-7254-40B6-A8F8-5EEF57A68F1A}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dungeon Lords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B836CE46-F408-4DD4-9F65-0CE6937CF470}\Setup.exe" -l0x7  -removeonly
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works 4 Converter-->MsiExec.exe /X{D18AF23E-AB28-4040-9396-28413B2C3B41}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mobile Partner Manager-->"C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0007 -removeonly
Mozilla Firefox (3.5.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyWinLocker-->MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
PicSizer-->C:\Windows\unvise32.exe C:\Program Files\AxiomX\PicSizer\uninstal.log
PlayStation(R)Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
PlayStation(R)Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RagTime Privat-->C:\Windows\IsUn0407.exe -f"C:\Program Files\RagTime Privat\Uninst.isu"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Samsung ML-2010 Series-->C:\Program Files\Samsung\Samsung ML-2010 Series\Install\Setup.exe /R
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Companion 1.60.00-->"C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten: 

Reparaturoption: Neue IP-Einstellungen für den Netzwerkadapter "LAN-Verbindung" automatisch ermitteln. 

Reparatur-GUID: {FD3DBBC9-877F-4B96-BB3B-0DC95D657057} 

Reparaturdauer in Sekunden: 63 

Erforderlicher Sicherheitskontext für Reparatur: 37
Record Number: 79333
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten: 

Reparaturoption: Ein Problem mit dem Netzwerkrouter oder Breitbandmodem verhindert möglicherweise eine Internetverbindung.

Schalten Sie das Modem aus, und ziehen Sie das Netzkabel heraus, falls es sich um ein Heimnetzwerk handelt. Warten Sie mindestens 10 Sekunden. Stecken Sie das Netzkabel wieder ein, und schalten Sie das Modem ein. Vergewissern Sie sich, dass das Modem an der Telefonbuchse angeschlossen ist, und versuchen Sie dann eine Verbindung herzustellen.

Wenden Sie sich an den Netzwerkadministrator, falls es sich um ein Arbeitsplatz- oder Schulnetzwerk handelt.
 

Reparatur-GUID: {9513CC1C-4A26-4CB8-BF89-0A82129BD105} 

Reparaturdauer in Sekunden: 63 

Erforderlicher Sicherheitskontext für Reparatur: 0
Record Number: 79332
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten: 

Reparaturoption: Verfügbare Drahtlosnetzwerke anzeigen
Sie können dann ein Netzwerk auswählen, eine Verbindung mit diesem Netzwerk herstellen und das Netzwerk in der Liste der bevorzugten Netzwerke speichern. 

Reparatur-GUID: {6AEFFF5C-B33E-4A07-9989-B2532A3DCB6A} 

Reparaturdauer in Sekunden: 300 

Erforderlicher Sicherheitskontext für Reparatur: 0
Record Number: 79331
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: angie-lappi
Event Code: 6100
Message: Hilfsklasse (AutoConfig Helper Class) Ereignis: 

Drahtlosdiagnose-Hilfsklassenereignis

Vollständige Informationen zu dieser Sitzung finden Sie im Drahtlosdiagnose-Informationsereignis.

Hilfsprogrammklasse: Automatische Konfiguration
 Initialisierungsstatus: Erfolg

Informationen zur Verbindung, die momentan diagnostiziert wird
 Schnittstellen-GUID: d661e63c-2385-4740-b77c-4ba6f8ae8eb3
 Schnittstellenname: Atheros AR5B91 Wireless Network Adapter
 Schnittstellentyp: Systemeigenes WiFi

Ergebnis der Diagnose: Problem ermittelt

Fehlerursache:
Sie müssen ein Drahtlosnetzwerk auswählen, zu dem eine Verbindung hergestellt werden soll.
Wenn Sie ein Netzwerk auswählen und den Computer mit diesem Netzwerk verbinden, kann dieser Computer in Zukunft automatisch eine Verbindung zu diesem Netzwerk herstellen.

Detaillierte Fehlerursache:
Die Liste der bevorzugten Netzwerke enthält keine Drahtlosnetzwerke (die Liste ist leer).

Wiederherstellungsoption:
Verfügbare Drahtlosnetzwerke anzeigen
Sie können dann ein Netzwerk auswählen, eine Verbindung mit diesem Netzwerk herstellen und das Netzwerk in der Liste der bevorzugten Netzwerke speichern.



Ereignisausführlichkeit:0
Record Number: 79330
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: angie-lappi
Event Code: 6100
Message: Hilfsklasse (AutoConfig Helper Class) Ereignis: 

Drahtlosdiagnose-Informationsereignis

Informationen zur Verbindung, die momentan diagnostiziert wird
 Schnittstellen-GUID: d661e63c-2385-4740-b77c-4ba6f8ae8eb3
 Schnittstellenname: Atheros AR5B91 Wireless Network Adapter
 Schnittstellentyp: Systemeigenes WiFi

Es wurde eine Verbindungsstörung diagnostiziert.
 ID für die automatische Konfiguration 1


Liste der sichtbaren Zugriffspunkte: 12 Element(e) insgesamt, 12 Element(e) angezeigt
        BSSID		BSS-Typ PHY	Signal(dB)	Kan./Freq.    SSID
-------------------------------------------------------------------------
00-1A-4F-97-32-DA	Infra	 g	-77		1	 FRITZ!Box Fon WLAN 7170
00-18-84-27-52-D6	Infra	 g	-74		3	 connyfon
00-18-84-27-52-D5	Infra	 g	-72		3	 FON_fueralle
00-1A-2B-1F-BE-B4	Infra	 <unbekannt>	-78		4	 WLAN-1FBE14
00-C0-A8-CD-CF-1D	Infra	 g	-76		6	 3210
00-23-69-26-15-B5	Infra	 g	-72		7	 GoawAy
00-1D-19-8B-E5-48	Infra	 g	-89		9	 ArcorWLAN
00-1C-4A-4E-AC-66	Infra	 g	-82		11	 WLAN-001C4A4EAC66
00-1A-2A-2A-06-A7	Infra	 g	-34		11	 
00-24-01-2A-13-A8	Infra	 <unbekannt>	-67		13	 Homem Aranha
00-25-BC-8A-82-0B	Infra	 <unbekannt>	-87		1	 Apple V
06-25-BC-8A-82-0B	Infra	 <unbekannt>	-85		1	 Vivians Gästenetzwerk

Verbindungsverlauf

 Informationen zur ID für die automatische Konfiguration 1

  Liste der sichtbaren Netzwerke: 12 Element(e) insgesamt, 12 Element(e) angezeigt
  BSS-Typ PHY	Sicherheit	Signal(RSSI)	Kompatibel	SSID
  ------------------------------------------------------------------------------
  Infra	 g	Ja		46	Ja		FRITZ!Box Fon WLAN 7170
  Infra	 g	Ja		52	Ja		connyfon
  Infra	 g	Nein		56	Ja		FON_fueralle
  Infra	 <unbekannt>	Ja		44	Ja		WLAN-1FBE14
  Infra	 g	Ja		48	Ja		3210
  Infra	 g	Ja		56	Ja		GoawAy
  Infra	 g	Ja		22	Ja		ArcorWLAN
  Infra	 g	Ja		36	Ja		WLAN-001C4A4EAC66
  Infra	 g	Ja		100	Ja		
  Infra	 <unbekannt>	Ja		66	Ja		Homem Aranha
  Infra	 <unbekannt>	Ja		26	Ja		Apple V
  Infra	 <unbekannt>	Ja		30	Ja		Vivians Gästenetzwerk

  Liste der bevorzugten Netzwerke: 0 Element(e)



Ereignisausführlichkeit:0
Record Number: 79329
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154112.626737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

=====Application event log=====

Computer Name: WIN-KN8H5TKTAMS
Event Code: 1530
Message: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  

 DETAIL - 
 16 user registry handles leaked from \Registry\User\S-1-5-21-2067210464-2756668132-75422373-500:
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\Root
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\trust
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\My
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\CA
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\Disallowed

Record Number: 1149
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090613174751.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-KN8H5TKTAMS
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 1148
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090613174751.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 1147
Source Name: Desktop Window Manager
Time Written: 20090613174751.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 103
Message: Windows (12) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 1146
Source Name: ESENT
Time Written: 20090613174607.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 1145
Source Name: Microsoft-Windows-Search
Time Written: 20090613174607.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: angie-lappi
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-7
	Kontoname:		ANONYMOUS-ANMELDUNG
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x22930

Anmeldetyp:			3

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 1325
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.803600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 4616
Message: Die Systemzeit wurde geändert.

Antragsteller:
	Sicherheits-ID:		S-1-5-19
	Kontoname:		LOKALER DIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e5

Prozessinformationen:
	Prozess-ID:	0x4d0
	Name:		C:\Windows\System32\svchost.exe

Vorherige Zeit:		19:47:51 13.06.2009
Neue Zeit:		19:47:51 13.06.2009

Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 1324
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.554000-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
	Sicherheits-ID:		S-1-5-21-2067210464-2756668132-75422373-500
	Kontoname:		Administrator
	Kontodomäne:		WIN-KN8H5TKTAMS
	Anmelde-ID:		0x2e6e4

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 1323
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.039683-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 1322
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090613174751.616400-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-KN8H5TKTAMS
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
	Sicherheits- ID:	S-1-5-21-2067210464-2756668132-75422373-500
	Kontoname:	Administrator
	Domänenname:	WIN-KN8H5TKTAMS
	Logon-ID:	0x2e6e4
Record Number: 1321
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090613174603.976883-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         
rest kommt gleich

Alt 08.09.2010, 03:11   #9
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



hhm.. der rest kommt eher doch nicht

hab mir streichhölzer in die augen gepackt.... die 90 min durchgehalten die avira brauchte zum scannen...
und nun?
er zeigt mir den report nicht an *würg*
ladekringel und dann nix....
bei allen programmen zur zeit das selbe
kann nix öffnen - ladekringel und sobald der weg ist... stille und gähnende leere

ich hoffe jetzt auf avira.. starte neu und hoffe, dass er die reports speichert^^

angie

___________________________________________________
meine freundin edit

ich befürchte.. ich muss das morgen nochmal machen..
bin zwar an den report gekommen
musste allerdings den lappi manuell aus machen.. da er nicht mehr runterfahren wollte... und der sound hatte sich davor auch noch verabschiedet

hier der avira report *in der hoffnung, dass es das war was du wolltest^^*
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 8. September 2010  01:40

Es wird nach 2777015 Virenstämmen gesucht.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ANGIE-LAPPI

Versionsinformationen:
BUILD.DAT      : 9.0.0.422     21701 Bytes  09.03.2010 10:23:00
AVSCAN.EXE     : 9.0.3.10     466689 Bytes  20.11.2009 18:51:50
AVSCAN.DLL     : 9.0.3.0       49409 Bytes  13.02.2009 11:04:10
LUKE.DLL       : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0       13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF   : 7.10.0.0   19875328 Bytes  06.11.2009 18:51:50
VBASE001.VDF   : 7.10.1.0    1372672 Bytes  19.11.2009 18:51:50
VBASE002.VDF   : 7.10.3.1    3143680 Bytes  20.01.2010 21:17:52
VBASE003.VDF   : 7.10.3.75    996864 Bytes  26.01.2010 20:51:36
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 04:20:45
VBASE005.VDF   : 7.10.6.82   2494464 Bytes  15.04.2010 14:58:00
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 00:17:13
VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 01:13:35
VBASE008.VDF   : 7.10.9.166      2048 Bytes  23.07.2010 01:13:35
VBASE009.VDF   : 7.10.9.167      2048 Bytes  23.07.2010 01:13:35
VBASE010.VDF   : 7.10.9.168      2048 Bytes  23.07.2010 01:13:35
VBASE011.VDF   : 7.10.9.169      2048 Bytes  23.07.2010 01:13:35
VBASE012.VDF   : 7.10.9.170      2048 Bytes  23.07.2010 01:13:35
VBASE013.VDF   : 7.10.9.198    157696 Bytes  26.07.2010 01:13:31
VBASE014.VDF   : 7.10.9.255    997888 Bytes  29.07.2010 01:13:43
VBASE015.VDF   : 7.10.10.28    139264 Bytes  02.08.2010 01:13:50
VBASE016.VDF   : 7.10.10.52    127488 Bytes  03.08.2010 01:13:55
VBASE017.VDF   : 7.10.10.84    137728 Bytes  06.08.2010 01:14:03
VBASE018.VDF   : 7.10.10.107    176640 Bytes  09.08.2010 01:14:11
VBASE019.VDF   : 7.10.10.130    132608 Bytes  10.08.2010 01:14:15
VBASE020.VDF   : 7.10.10.158    131072 Bytes  12.08.2010 01:14:22
VBASE021.VDF   : 7.10.10.190    136704 Bytes  16.08.2010 01:14:33
VBASE022.VDF   : 7.10.10.217    118272 Bytes  19.08.2010 01:14:43
VBASE023.VDF   : 7.10.10.246    130048 Bytes  23.08.2010 01:14:56
VBASE024.VDF   : 7.10.11.11    144896 Bytes  25.08.2010 01:15:03
VBASE025.VDF   : 7.10.11.33    135168 Bytes  27.08.2010 01:15:09
VBASE026.VDF   : 7.10.11.52    148992 Bytes  31.08.2010 01:15:23
VBASE027.VDF   : 7.10.11.75    124928 Bytes  03.09.2010 01:15:38
VBASE028.VDF   : 7.10.11.76      2048 Bytes  03.09.2010 01:15:38
VBASE029.VDF   : 7.10.11.77      2048 Bytes  03.09.2010 01:15:38
VBASE030.VDF   : 7.10.11.78      2048 Bytes  03.09.2010 01:15:38
VBASE031.VDF   : 7.10.11.86     54784 Bytes  03.09.2010 01:15:38
Engineversion  : 8.2.4.50 
AEVDF.DLL      : 8.1.2.1      106868 Bytes  31.07.2010 01:13:48
AESCRIPT.DLL   : 8.1.3.44    1364346 Bytes  27.08.2010 01:15:09
AESCN.DLL      : 8.1.6.1      127347 Bytes  13.05.2010 22:14:33
AESBX.DLL      : 8.1.3.1      254324 Bytes  24.04.2010 20:16:51
AERDL.DLL      : 8.1.8.2      614772 Bytes  21.07.2010 01:13:25
AEPACK.DLL     : 8.2.3.5      471412 Bytes  07.08.2010 01:14:06
AEOFFICE.DLL   : 8.1.1.8      201081 Bytes  22.07.2010 01:13:27
AEHEUR.DLL     : 8.1.2.21    2883958 Bytes  05.09.2010 01:15:41
AEHELP.DLL     : 8.1.13.3     242038 Bytes  27.08.2010 01:15:07
AEGEN.DLL      : 8.1.3.20     397684 Bytes  27.08.2010 01:15:07
AEEMU.DLL      : 8.1.2.0      393588 Bytes  24.04.2010 20:16:49
AECORE.DLL     : 8.1.16.2     192887 Bytes  21.07.2010 01:13:21
AEBB.DLL       : 8.1.1.0       53618 Bytes  24.04.2010 20:16:49
AVWINLL.DLL    : 9.0.0.3       18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL     : 9.0.3.0       44289 Bytes  08.09.2009 16:03:58
AVREP.DLL      : 8.0.0.7      159784 Bytes  18.02.2010 03:17:59
AVREG.DLL      : 9.0.0.0       36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL     : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL   : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0       11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL     : 9.0.73.0      87297 Bytes  20.11.2009 18:51:50

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 8. September 2010  01:40

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '116450' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AmIcoSinglun.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '77' Prozesse mit '77' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '48' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <sys>
C:\hiberfil.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
Beginne mit der Suche in 'E:\' <privat>
Beginne mit der Suche in 'F:\' <rest>


Ende des Suchlaufs: Mittwoch, 8. September 2010  03:04
Benötigte Zeit:  1:24:32 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  23938 Verzeichnisse wurden überprüft
 412455 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      2 Dateien konnten nicht durchsucht werden
 412453 Dateien ohne Befall
   6023 Archive wurden durchsucht
      2 Warnungen
      2 Hinweise
 116450 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         


_____________________________

nochmal edit

wenn ich otl starte, das script eingebe und auf fix klicke, reagiert otl innerhalb von 3 sec nicht mehr, beendet mir den explorer und stellt den explorer auch nicht wieder her.. musste übern taskmanager runter fahren.. habs drei mal versucht..
jetzt geh ich ins bett.. in 2std klingelt der wecker

versuche mich morgen nach der arbeit erneut dran

guts nächtle
und danke schon mal im voraus =D

_____________________________

edit3^^

es ging dann beim 4ten mal doch^^

Code:
ATTFilter
All processes killed
Error: Unable to interpret <:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live> in the current context!
Error: Unable to interpret <\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Me> in the current context!
Error: Unable to interpret <ssengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoint> in the current context!
Error: Unable to interpret <s2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found O33 - MountPoints2\{b1060838-5d3b-11df-b74a-> in the current context!
Error: Unable to interpret <001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "E:\Downloads\Picture-0002927.JPGwww.facebook.exe"=- :Files E:\Downloads\Picture-0002927.JPGwww.facebook.exe C:\Windows\nvsvc32.exe C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job :Commands [purity] [resethosts] [emptyflash] [emptytemp]> in the current context!
 
OTL by OldTimer - Version 3.2.11.0 log created on 09082010_033245

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
neue logs kommen sofort

Geändert von teny (08.09.2010 um 03:36 Uhr)

Alt 08.09.2010, 14:57   #10
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



mahlzeit

nachdem ich gestern nacht einen "fatal error" beim laden der nachricht hatte
und heute morgen das problem, dass sich wieder keine datei öffnen ließ, dank
*hostprozess für winddof funktioniert nicht mehr*
kommen jetzt erst die logs von gestern nacht

aktuell geht nun der monitor von meinem laptop nicht mehr



_________________

edit:

problem gefunden..
kam ja nicht auf die idee, dass die logs zu lang sind -.-


die neuen logs *erst einer, dann der andere^^*

Code:
ATTFilter
OTL logfile created on: 08/09/2010 03:37:38 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 102.94 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
PRC - [2010/08/18 03:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/01/13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
PRC - [2010/01/13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/06 00:01:32 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/08 23:14:41 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/04/15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/04/11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/11 02:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009/01/21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009/01/21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/12/26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/10/27 15:09:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/10/27 12:05:24 | 000,346,672 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008/10/24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/03/18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007/01/02 12:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
MOD - [2009/04/15 16:18:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/01/13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 00:01:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/03/18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 20:50:21 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2009/05/11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/09 15:59:48 | 000,958,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/26 01:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/03/11 02:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/01/28 09:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/05 08:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/02 23:48:18 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/12/08 02:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006/12/08 02:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/03 07:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.howrse.de"
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 22:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 22:00:09 | 000,000,000 | ---D | M]
 
[2009/07/13 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions
[2010/09/07 00:54:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions
[2009/08/05 01:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010/05/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\FasterFox_Lite@BigRedBrent
[2009/10/26 22:21:40 | 000,003,915 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\je3qjhb6.default\searchplugins\sweetim.xml
[2010/09/07 00:54:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/02/20 14:58:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/02/20 14:58:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/02/20 14:58:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/02/20 14:58:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/02/20 14:58:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Konni Symbol Autostart]  File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/08 03:25:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/08 01:24:20 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010/09/08 01:24:20 | 000,000,000 | ---D | C] -- C:\rsit
[2010/09/05 19:44:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2010/09/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/09/03 16:33:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/09/03 15:33:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/02 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2010/09/02 23:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/02 23:38:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/02 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/11 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Real
[2010/05/12 00:41:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe99B1.dll
[2009/06/14 04:12:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010/09/08 03:38:14 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT
[2010/09/08 03:33:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 03:33:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 03:33:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 03:33:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 03:33:37 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 03:32:54 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 03:32:54 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/08 03:13:14 | 003,358,696 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db
[2010/09/08 01:53:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job
[2010/09/08 01:16:34 | 000,339,991 | ---- | M] () -- C:\Users\Angie\Desktop\RSIT.exe
[2010/09/08 00:40:31 | 000,006,836 | ---- | M] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat
[2010/09/06 20:37:48 | 000,000,880 | ---- | M] () -- C:\Users\Angie\Desktop\VLC media player.lnk
[2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2010/09/04 21:53:20 | 000,005,756 | ---- | M] () -- C:\Windows\8324.exe
[2010/09/04 05:58:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job
[2010/09/03 23:17:08 | 000,083,100 | ---- | M] () -- E:\Anke_Wischer_Digitalfunk.htm
[2010/09/03 16:33:38 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 23:38:32 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 08:49:57 | 000,002,306 | ---- | M] () -- C:\Windows\mdll.dl
[2010/08/29 09:05:35 | 000,038,684 | ---- | M] () -- E:\246 bus alles.pdf
[2010/08/27 19:54:24 | 000,042,477 | ---- | M] () -- E:\184 bus.pdf
[2010/08/27 19:44:55 | 000,037,667 | ---- | M] () -- E:\246 bus.pdf
[2010/08/16 18:55:47 | 000,014,585 | ---- | M] () -- E:\ich neu.jpg
[2010/08/16 18:44:50 | 000,045,110 | ---- | M] () -- E:\Picture0015.jpg
[2010/08/16 18:44:48 | 000,045,128 | ---- | M] () -- E:\Picture0014.jpg
[2010/08/16 18:44:08 | 000,047,470 | ---- | M] () -- E:\Picture0013.jpg
[2010/08/16 18:43:05 | 000,047,890 | ---- | M] () -- E:\Picture0012.jpg
[2010/08/16 18:42:57 | 000,047,959 | ---- | M] () -- E:\Picture0011.jpg
[2010/08/16 18:42:22 | 000,047,671 | ---- | M] () -- E:\Picture0010.jpg
[2010/08/16 18:42:12 | 000,047,683 | ---- | M] () -- E:\Picture0009.jpg
[2010/08/16 18:41:58 | 000,048,419 | ---- | M] () -- E:\Picture0008.jpg
[2010/08/16 18:41:01 | 000,046,650 | ---- | M] () -- E:\Picture0007.jpg
[2010/08/16 18:40:52 | 000,046,832 | ---- | M] () -- E:\Picture0006.jpg
[2010/08/14 22:49:53 | 000,014,336 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 22:00:07 | 000,027,648 | ---- | M] () -- E:\Marathon_OV Nordwest.xls
[2010/08/14 02:07:20 | 000,089,480 | ---- | M] () -- C:\Users\Angie\Desktop\tauben.jpg
[2010/08/12 02:15:32 | 000,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/08/11 20:51:59 | 000,786,053 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00031.JPG
[2010/08/11 19:07:33 | 000,750,681 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00032.JPG
[2010/08/11 18:26:34 | 000,071,203 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg
[2010/08/11 18:24:43 | 000,059,925 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.39.jpg
[2010/08/11 18:21:42 | 000,039,957 | ---- | M] () -- E:\Photo on 2010-08-11 at 14.34.jpg
 
========== Files Created - No Company Name ==========
 
[2010/09/08 01:16:33 | 000,339,991 | ---- | C] () -- C:\Users\Angie\Desktop\RSIT.exe
[2010/09/06 20:37:48 | 000,000,880 | ---- | C] () -- C:\Users\Angie\Desktop\VLC media player.lnk
[2010/09/04 21:53:20 | 000,005,756 | ---- | C] () -- C:\Windows\8324.exe
[2010/09/03 23:17:07 | 000,083,100 | ---- | C] () -- E:\Anke_Wischer_Digitalfunk.htm
[2010/09/03 16:33:38 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 23:38:32 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 08:49:57 | 000,002,306 | ---- | C] () -- C:\Windows\mdll.dl
[2010/08/29 09:05:35 | 000,038,684 | ---- | C] () -- E:\246 bus alles.pdf
[2010/08/27 19:54:24 | 000,042,477 | ---- | C] () -- E:\184 bus.pdf
[2010/08/27 19:44:55 | 000,037,667 | ---- | C] () -- E:\246 bus.pdf
[2010/08/16 18:55:47 | 000,014,585 | ---- | C] () -- E:\ich neu.jpg
[2010/08/16 18:44:50 | 000,045,110 | ---- | C] () -- E:\Picture0015.jpg
[2010/08/16 18:44:48 | 000,045,128 | ---- | C] () -- E:\Picture0014.jpg
[2010/08/16 18:44:08 | 000,047,470 | ---- | C] () -- E:\Picture0013.jpg
[2010/08/16 18:43:05 | 000,047,890 | ---- | C] () -- E:\Picture0012.jpg
[2010/08/16 18:42:57 | 000,047,959 | ---- | C] () -- E:\Picture0011.jpg
[2010/08/16 18:42:22 | 000,047,671 | ---- | C] () -- E:\Picture0010.jpg
[2010/08/16 18:42:12 | 000,047,683 | ---- | C] () -- E:\Picture0009.jpg
[2010/08/16 18:41:57 | 000,048,419 | ---- | C] () -- E:\Picture0008.jpg
[2010/08/16 18:41:01 | 000,046,650 | ---- | C] () -- E:\Picture0007.jpg
[2010/08/16 18:40:52 | 000,046,832 | ---- | C] () -- E:\Picture0006.jpg
[2010/08/14 22:00:07 | 000,027,648 | ---- | C] () -- E:\Marathon_OV Nordwest.xls
[2010/08/14 02:07:19 | 000,089,480 | ---- | C] () -- C:\Users\Angie\Desktop\tauben.jpg
[2010/08/12 02:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/08/11 19:06:10 | 000,786,053 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00031.JPG
[2010/08/11 19:06:10 | 000,750,681 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00032.JPG
[2010/08/11 18:26:33 | 000,071,203 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg
[2010/08/11 18:24:42 | 000,059,925 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.39.jpg
[2010/08/11 18:21:41 | 000,039,957 | ---- | C] () -- E:\Photo on 2010-08-11 at 14.34.jpg
[2010/02/15 11:45:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/15 19:08:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 05:06:55 | 000,277,248 | ---- | C] () -- C:\Programme\kinginstaller.exe
[2009/08/06 14:35:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2009/08/04 06:10:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/04 05:19:04 | 000,014,336 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 16:59:07 | 000,006,836 | ---- | C] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat
[2009/07/08 23:56:11 | 000,000,000 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\wklnhst.dat
[2009/06/14 04:02:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/14 04:02:34 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/06/13 19:41:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/06/13 19:29:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/13 19:29:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/03/12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/02/11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009/07/08 23:49:11 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.#
[2009/03/12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Acer GameZone Console
[2010/02/15 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited
[2009/07/08 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eSobi
[2010/07/09 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ
[2009/07/08 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PowerCinema
[2010/06/30 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\RagTime
[2009/07/08 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftDMA
[2010/05/12 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony
[2010/05/12 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony Setup
[2009/07/08 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Template
[2010/09/08 03:32:56 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
< End of report >
         

Geändert von teny (08.09.2010 um 15:10 Uhr)

Alt 08.09.2010, 15:08   #11
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



hier der zweite






Code:
ATTFilter
OTL Extras logfile created on: 08/09/2010 03:37:38 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 102.94 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002253FB-8111-493F-8D8C-4FE66B903955}" = rport=138 | protocol=17 | dir=out | app=system | 
"{19BD3B49-4960-46E2-BFDF-26630FA2FEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A5C067B-8408-48B3-BA04-97BDF48F64E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1A6EB95F-08A1-4B60-91A4-478E3E712762}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1C2EA5E6-527D-487A-AED6-6294BBA02018}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1FAEDC48-8C84-454C-9D6E-362F2A31CF19}" = rport=137 | protocol=17 | dir=out | app=system | 
"{205AA3E9-878C-42FD-A9C8-027C00994362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41A06BD5-2397-402A-9173-3A9252D0D841}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{46996488-4F91-4353-AE7A-257708BF6C23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{46EA0D08-1753-4C43-91E3-A4FC6DFB18A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B0B4E6C-CA7C-4279-9F94-27BBA5354CBC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{548CB954-9003-4906-9103-309F5F9CDEC8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{56ED778A-FCE6-42EF-ADB2-6F3B2E5AC918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5AC8DFF5-14F5-41EE-98A8-0C850DF292FE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{64C1142C-9E37-406E-ABAB-8ACCFCC91820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{65BC738A-B27D-4B97-B1CB-F4AB37E74E2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{67A9AC51-01DF-4C14-8C8F-EA54202531A1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74A61EEC-8F86-44CF-9BF8-E33B445B2CFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BF5F8B7-61E9-47C9-8D16-1E50F81DEA2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81794BB4-902C-4831-AB14-74DC7FB50E3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83A3F5F3-1877-46F2-BC12-5C5A5EAF93C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{870738C7-122C-48A8-9714-D8CCA4AB7F8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8C573BB4-FC4F-481C-BB91-344957B18386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A72222D-BB2B-4EB5-8E66-0C2F4A232D34}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0B5B23E-A394-4B78-95A0-1C6A7ECF8503}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0FC8839-3101-4A32-870A-5624DC32E59A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A463C226-CDB2-4BAF-8FD3-845CA09207B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C5C69A10-A922-44A1-AF2D-A2DEB45300DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE8E3522-7288-4F7F-B9E4-E558B7B7ED58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC8396A3-72E6-4CD7-8021-B0A954D6F312}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E54A7353-CB4B-4939-813E-330BB4618509}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6F1BC5F-C0D7-49FC-9988-497B96F1D87C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EF6CDA77-88FF-43FA-81C8-B843F5223134}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F268246E-4232-4F19-98D8-C94EF25708CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F731B571-7547-4C5C-A03F-D840FCC01763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00966F49-96FF-4F32-8B31-C9FCAE5AF1C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00AC1766-45AD-46AC-9A7E-901F9A6BEA7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01B01350-67C5-47C9-9383-5B94B3C26C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02DF2DB2-B260-4119-AB7E-C402FC9C4741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{038B6C9D-2A2E-4B5B-9666-27823ACB66DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05097973-C81F-47FD-88B0-9DF9417DBA98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06A089F2-2C10-4A88-AE04-10E7510B804C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06DEEC60-AD69-495F-A40F-90174896742C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0A1CB352-B9DF-48E7-9CD3-F4A49C081DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0ACAE191-2E5A-4BAC-B648-7FC724E380DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AE27C66-95C3-4C67-A571-0B9C3C6517B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B243332-640B-4B4F-B853-781D52482084}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C62C1FD-728F-4BEF-B023-27F3DEFB5505}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DB7E2A4-8B3F-4905-9661-E7E592570948}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E2510B3-80D4-4DF4-8B6A-07F5295AD4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0ECCC38C-D509-41D3-A302-7CCEE51EBABA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{0FC430C0-8271-4AD2-B1B4-58F8F824A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12BEEE10-E77C-4170-B738-23BB132485E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12FEA2B0-8080-43E6-9220-7E69341EACAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14796318-4573-4EC3-B6BF-AFEB1D92CCF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15179141-B0E4-48AF-902A-DBFB15E8B89E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{173EF7A9-C6B7-4989-AEA6-6A10EA8BB00B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1944BF22-ABD2-42C1-8E56-8160F95C6DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A20ABAF-42A3-40EF-94FE-D9C72FDA87FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1AFE5958-A700-4DEA-B42C-0DEDD4E0E664}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B558AEC-04CE-4D04-ACA4-718D96984345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20734789-895C-4A22-BD29-657B914554B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20A1B0A8-B20A-4267-AB0F-836FDC7573BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21911FFC-2D78-448F-B458-E0806B1C2AD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2209900A-1353-4D99-89CA-CD089F61FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23527E07-0245-4FCE-9266-8F2FCCB093FC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{23B5A813-957D-4C0F-B7BA-3AB9220AEEF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23C567C9-EA64-406B-AF35-26975A931C60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24F9BFE8-7715-4DA8-AC39-FE37229D5174}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{294F02E8-E669-4380-9262-A925034ADD7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A000E8D-D5A0-44EE-9136-24FF29B6A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2AAAA09B-2321-46E8-8F97-E8D5BC5B9D71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AB3F2AE-4DE5-466F-91A1-6F22A11DBC80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2B1685A2-E789-4488-A618-4E3EE05ECF78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B18465E-979D-47A0-BE1F-7F4F71FA1BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D1F2A62-674A-46EF-BF69-7D8732F37585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D2B0AC6-3697-4919-8DB8-0253D894878F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EE9D84E-4503-4FD3-ABC8-01BD3B9717E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3354CB6E-CA89-42D3-B283-46E435A1791D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33576203-4FE0-43B5-B04E-7325E7F30FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36E945EC-E1C5-4468-9D3D-F3210EB94393}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{372C6BDC-0E4A-4BE5-A1C5-CD024217FDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{399B34A0-9587-47E4-A833-EABD2C0BD8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AD901E8-BED7-4F36-BA43-09AEACAC923C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{3BB7ED2C-0C1F-426E-8CAB-9B81F68ABAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C909559-0330-48ED-BBEB-D210A5594911}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D31B782-6DA6-47F8-96E7-0551A6750C88}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EFAEBF1-9967-4030-AC39-14B7E35553E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F1E37A4-CB79-4693-9886-7C82504D2173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F25CD5F-6A5B-4924-B3B9-2240A8CA48D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F4E4B58-96D5-4A47-BF9C-7CCA950D5E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{410DA5AC-DB88-4EA1-AFFF-0259AEB21832}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{423C276C-BA6B-4517-8EF9-BB52B1302025}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{425463A4-5295-4567-8C76-BB194AC59E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43F9DE61-8C32-4167-9667-F20ECF7B512E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46CE3B86-AF71-4C98-ADEB-7979C4FB93F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{470F99BE-FD69-406B-AA07-74CDF177C678}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A28905B-25FD-4DE8-8158-C084C80D64FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AB8BD5A-DBD2-4C77-BAEE-A710F346E067}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AEFFE5E-ED7B-4195-8038-73324C8C94A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C5CE82B-0AB1-417E-949B-CAA93B4329B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4EF3B4FA-702D-41B0-B739-E3706471CA24}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4FA5AE56-3236-421E-8DFC-74B837509C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51E1832B-2233-414B-8653-CDBBA7AB3424}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5310B265-55B9-4429-BD19-6D46995988E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{540E9C19-CEAE-47E4-A021-5682D23CDCEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54C65328-84C7-4CAA-BE96-FDD855E8F087}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{555C9C64-5CEF-42FB-8CED-BC4E048A158F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55CFF8D5-768C-4406-AE55-FCDF4971D3B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55F47EF4-708D-4F70-9D06-7C5A0CDA6B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5AC5F67F-E889-4605-9018-DA5AEB346C54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D1D19F6-4586-4E99-855C-E0F0B06D148C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F85D6F9-075B-4188-B58E-A89A1EEB8CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6159FA66-6E24-483A-B1F0-1D5BC45A4E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61800C7F-E6B4-4985-8124-D5A8200D0443}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{619AE4B3-ACD5-47C2-A390-7E56063FA9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61E31FF2-FE76-48F9-BE5F-D2CFED3EFE23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61F2FBD8-65DC-4EC5-AE80-424F2D4530CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{663847B5-D5D5-468A-932C-56EC929BE32C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67E84425-56A5-4C22-9A2E-FACC85130568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67F51BDB-4B82-41B0-AB8F-9667D20E02AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{695054EB-2CB4-4BF0-BA51-CA3145E9ACAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A4BD658-B25F-4252-ABF7-C1E6F125A06D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A609438-6FDB-4A55-99F9-CA9BD7B64C01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C49262D-93A6-4D56-8F5F-7A917F7D7848}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D3D0CE4-9F42-483D-BB0E-0D57CB17C478}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D417D9D-AD11-4B5D-B80C-C4A433745C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6ED0606F-5CD0-468F-993B-A237B96F9682}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7072DD3C-366B-44C3-83C4-EACCF2E730F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72BF4C9F-B512-4E70-94A4-AB9FB74AFD6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{748C40C6-F247-4C3E-A84D-F3AFB0CC81BF}" = protocol=6 | dir=out | app=system | 
"{760C0A94-DB46-4F56-BBE0-2F948A3F1CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{790F72A1-1D05-4393-9961-DD760919E575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7CAA0DF9-432B-49EE-AB73-3A99D1BF12C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EFCE4E6-3EDB-4E81-9BC3-D2E87FE04E98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80BA43BB-2B6D-4123-AE41-CD37E97405BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81FA4485-370D-4BEC-9F93-C06EC7EE902C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82EA1A71-1048-4A8F-8623-C9CAB8601B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8402320C-F2B1-4124-BA73-BF947B24E803}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87095435-7B7E-4829-9E4F-6713BA7C89D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8744B6E1-B9BA-4D77-B73F-981915444355}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87D6A64B-FF41-4ED7-82F9-973BC1FE1DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88EA246D-FF7A-4C19-8DA3-6C0ED3B130EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B33C7A5-E952-4F93-9FCB-D0C373BC3293}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B795094-33A6-4BA4-BA81-FD24A040B1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{8D83B621-8E53-4832-80B0-81C75F1D06A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E32ED12-756E-4686-AF5F-7907E588BEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EF50985-CA3C-4C1A-BE87-D81B01BBD4D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F389412-BCC8-4D2E-9616-FD8FF4E63878}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FDD07C3-CEB6-4EA8-A6A4-356F43B65F96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92CF269B-6A09-48F0-89FA-D9D4FEDEA6E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{930DD5A3-A5DC-4760-9868-D095CA7AF750}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{933365E6-E43F-455F-AF32-29566228A932}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97BC41E2-F117-4EA5-813B-A4C89AF7DD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A027706-8028-4171-AC71-F42697BFEDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A88FDEA-6CEA-4F90-AA4F-266431D1E84F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B3E36F7-741D-4881-8470-52510F170302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B5D0C6A-CB1C-4417-ABED-874C32FE90EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C9111C7-479C-4E9C-8B04-4C3389ED945C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CEFCD46-5D70-4115-B3C9-9697177ACAA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4F1CFE-3F81-4E1F-9D6B-514E1DDCDED5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EB9CEBE-698B-4280-A2F8-97928CA8555B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F8D7A15-E3A9-40F4-94BB-9994737E03CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A00CCEFD-C8BD-48D3-946F-ACBE0A5B24C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A260D41F-DE29-44E8-B8CC-326E6E647175}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3FB3839-B73C-4D0A-80C3-82B94AE6ACB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8352E8B-9E48-4CE2-8A9C-4B10EF509705}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABF718D2-25BE-4FBB-8FD5-3615BD3A0A24}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACE0BE68-F64B-48A5-BD20-78A51C83DC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B0D0C236-E391-4091-AA8F-55A203AB488D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1F2FB23-5810-41BE-A48C-835BCB5285EF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B2807599-1B42-41EE-BB96-CE8029863816}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B28B1248-0E20-410A-BCA3-80C7152A4C60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B41FE0C8-4763-447A-B6E2-04DA1A23E31B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5A5CA62-4A34-41BB-89BA-2149E8103405}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8EDE7FF-97B8-40F5-96D8-21D356CA356A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B93E6D8B-3E54-4248-B90B-AE41DE84D512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B97364EC-ECE5-4AB6-B6EF-5352B072306A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9DB2248-4913-4D2E-B057-EC910A885275}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BA682CD8-3870-4BBD-9E4A-39C4859F5176}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB8E4DAE-7295-4B64-B3E0-BBC4086C8336}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD20BE07-1257-417C-B737-461CE4A265CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD72969E-0B48-4FDC-8075-BDC20E31CD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE373EBE-DC57-470B-BB8C-83162A987875}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C0EA2EE0-C701-42AB-B5F1-070F58AF0702}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C434F41E-D532-4396-B4E5-E04924ABB2AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6F0EF84-A30E-485C-ABCA-86D0FD43089A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7BFB823-DB3F-4F80-AD9B-544EF9B5714F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{CA37F058-3774-4EEE-A546-A0FA93BE704A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CABC44DD-281E-4BFA-8483-359A2321C620}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB4C0250-A5C9-485A-BD81-C3917247122F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBED2B53-8EE7-4722-A551-3BD26A360368}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBF61C91-2513-439E-83E4-DA615ECC87C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC4ABCCB-7956-4A42-8CAA-D5B2728A3616}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDEC9F74-8BFF-4E97-8810-58321BC52AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2914453-D1C6-4589-9D6C-AC975685692F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D603291E-E047-4562-A057-DA9361D2E174}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6F4CC75-F859-4F03-8E1A-1D5D4B61A09F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7BA6583-97F5-413D-A96B-ABE5417B4A68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA84622D-D6C8-412C-AC31-8EF4592E88BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAF02180-DEFF-442C-9C9E-ABE49146D8D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBA9A40C-5D9B-4C93-B6E1-8F9215BBB763}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDC5A573-E0FE-425F-9DE3-09B02BEC25D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDD53577-41B3-4983-A138-B990C82EC949}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFC12F3B-FBDF-40F3-9757-60B5450DE5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E019B3C0-38CA-4748-A1CD-6BCEC181BE29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E13C2D1A-72DF-422A-97BF-5B154218C7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E34A0187-0195-4BAA-891A-5BE92AAC9E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E71ABA41-55D5-4814-B9BC-A659EB35A81D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E8EC6E04-149E-4A25-AC78-9D2054A98577}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9ADE639-3444-4F18-8FD1-88F740605114}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9EBA9F8-ED13-44EF-AFE4-A3B2F7EBA0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA5283B1-06ED-4FA5-8330-79CE22AB856D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EDEDCB27-8BC5-4782-AF56-83E8DDB8782C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3968EB-2FF2-4F8D-A194-4222700CDE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F00AB028-3991-44B0-8670-496CF7A5DCE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0DD0882-94C9-47D7-9303-EF5F19A28C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1742235-836C-440C-A575-25E3F2A23B35}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9A4CAFE-55B0-4235-8D30-2F1611C09805}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA349256-62AB-4628-9D27-AF6A71CFB4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB478DF5-7EB7-471F-8265-37D5BA6247D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC697F3E-FB1B-4FB7-A6EF-DE7D8244F7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCA278E4-9FB8-4102-ABFB-6A686FB8ECE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDAA49D4-9EF1-4933-820C-A098BA9F903F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE6BDB79-B8E3-4018-AB09-DCEBE80D6778}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{452FA0D7-E6B5-490B-A114-138B076DDE60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{717575D6-7316-4A0A-A073-C6D3693018CD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8DE3DC45-72D3-4477-8388-BCAE7F396D40}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"TCP Query User{A4515D09-015C-4944-A1DF-AA369B565ACC}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"TCP Query User{A5977D0A-52F5-43C9-8957-D7332C5015B3}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"TCP Query User{C34A31D8-1D36-4E3A-B90A-9395A4A01D56}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{D9558383-6142-4F64-AED2-5FB636A7335A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{EC12E8AC-B9A3-43E4-A573-4FD5CF0C0CAE}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{0EDF8570-E9FD-4AB1-8E07-B37F4F8C8C54}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3E8AEC1D-A00D-4A1F-808C-1F5D1F8BBA30}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{43A72232-85A2-41C5-84D8-7CC67B693088}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"UDP Query User{646FBF5E-DA06-4310-8284-D8A2FE0C01B8}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{AA1BE46D-0805-4C59-944D-A2EAD914B27A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{B22784E9-8714-497B-B27C-5BDBFDE88AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{D474BDE0-C138-463D-B907-0286696FA73E}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe | 
"UDP Query User{EA4F24EC-4C69-40FE-B387-F4EE69190DC1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B836CE46-F408-4DD4-9F65-0CE6937CF470}" = Dungeon Lords
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PicSizer" = PicSizer
"RagTime Privat" = RagTime Privat
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01/07/2010 11:14:48 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/07/2010 02:54:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/07/2010 03:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 02/07/2010 04:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 02/07/2010 05:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 02/07/2010 09:03:49 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/07/2010 01:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 04/07/2010 02:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 04/07/2010 03:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description = 
 
Error - 04/07/2010 16:12:32 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 20/11/2009 17:25:46 | Computer Name = angie-lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 07/09/2010 19:20:41 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description = 
 
Error - 07/09/2010 20:57:09 | Computer Name = angie-lappi | Source = DCOM | ID = 10010
Description = 
 
Error - 07/09/2010 21:17:41 | Computer Name = angie-lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.09.2010 um 03:15:26 unerwartet heruntergefahren.
 
Error - 07/09/2010 21:18:58 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07/09/2010 21:18:58 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07/09/2010 21:18:59 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description = 
 
Error - 07/09/2010 21:25:52 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 07/09/2010 21:34:45 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07/09/2010 21:34:45 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07/09/2010 21:35:00 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         


irre ich mich, oder sehen die im allgemeinen schlimmer aus, als die ersten? gg

angie

Alt 08.09.2010, 19:53   #12
john.doe
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



Zitat:
sehen die im allgemeinen schlimmer aus, als die ersten?
Hm. die sehen so aus, als hättest du das Skript nicht laufen lassen.

Egal, hier das Ergebnis der Analyse von VT:
Code:
ATTFilter
File name: 
8324.exe
Submission date: 
2010-09-08 17:38:25 (UTC)
Current status: 
finished
Result: 
1/ 42 (2.4%)	VT Community

not reviewed
 Safety score: - 

Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2010.09.08.02	2010.09.08	-
AntiVir	8.2.4.50	2010.09.08	-
Antiy-AVL	2.0.3.7	2010.09.08	-
Authentium	5.2.0.5	2010.09.08	-
Avast	4.8.1351.0	2010.09.08	-
Avast5	5.0.594.0	2010.09.08	-
AVG	9.0.0.851	2010.09.08	-
BitDefender	7.2	2010.09.08	-
CAT-QuickHeal	11.00	2010.09.08	-
ClamAV	0.96.2.0-git	2010.09.08	-
Comodo	6014	2010.09.08	-
DrWeb	5.0.2.03300	2010.09.08	-
Emsisoft	5.0.0.37	2010.09.08	-
eTrust-Vet	36.1.7842	2010.09.08	-
F-Prot	4.6.1.107	2010.09.01	-
F-Secure	9.0.15370.0	2010.09.08	-
Fortinet	4.1.143.0	2010.09.08	-
GData	21	2010.09.08	-
Ikarus	T3.1.1.88.0	2010.09.08	-
Jiangmin	13.0.900	2010.09.08	-
K7AntiVirus	9.63.2470	2010.09.08	-
Kaspersky	7.0.0.125	2010.09.08	-
McAfee	5.400.0.1158	2010.09.08	-
McAfee-GW-Edition	2010.1B	2010.09.08	-
Microsoft	1.6103	2010.09.08	-
NOD32	5435	2010.09.08	-
Norman	6.06.05	2010.09.08	-
nProtect	2010-09-08.01	2010.09.08	-
Panda	10.0.2.7	2010.09.08	-
PCTools	7.0.3.5	2010.09.08	-
Prevx	3.0	2010.09.08	-
Rising	22.64.02.04	2010.09.08	-
Sophos	4.57.0	2010.09.08	-
Sunbelt	6847	2010.09.08	-
SUPERAntiSpyware	4.40.0.1006	2010.09.08	Rogue.Agent/Gen-Nullo[EXE]
Symantec	20101.1.1.7	2010.09.08	-
TheHacker	6.7.0.0.010	2010.09.08	-
TrendMicro	9.120.0.1004	2010.09.08	-
TrendMicro-HouseCall	9.120.0.1004	2010.09.08	-
VBA32	3.12.14.0	2010.09.08	-
ViRobot	2010.9.8.4031	2010.09.08	-
VirusBuster	12.64.23.0	2010.09.08	-
Additional information
Show all 
MD5   : 29f3af01d98a75a5a4ceb1693601bde9
SHA1  : aced82c691641146057e3a1e69edf7347ca18875
SHA256: 874cfe165d4d494d7e6b61d3fa5c18483f5204f0366d003e607d5d8892ac3a9e
ssdeep: 96:sbyVlBXkwpwymtVYh2/jXiAk3iD/mmOhvhUb37F7OGw5:sIjUwpwym0h2/jXiAk8/l+pC37F
7OB
File size : 5756 bytes
First seen: 2010-07-03 00:48:03
Last seen : 2010-09-08 17:38:25
TrID: 
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
sigcheck: 
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
         
Einer, nur einer erkennt den bereits.

[Zynismus]Da ich hier noch immer Tipps lesen muss, wie NIS ist der ultimative Schutz, würde ich vorschlagen noch zusätzlich Kaspersky Internet Security zu kaufen und installieren und dann noch Panda Cloud Antivirus und noch Zonealarm, denn damit seid ihr wirklich sicher.[/Zynismus]

Da nur einer ihn erkennt, setzen wir den als nächstes ein (erspart mir das Skripten).

Poste das Log von SASW => http://www.trojaner-board.de/51871-a...tispyware.html

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 09.09.2010, 08:48   #13
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



morgen

hhm ..
dabei hatte ich das script doch laufen lassen..

naja.. nun hier den log

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/09/2010 at 08:46 AM

Application Version : 4.42.1000

Core Rules Database Version : 5476
Trace Rules Database Version: 3288

Scan type       : Complete Scan
Total Scan Time : 01:53:55

Memory items scanned      : 853
Memory threats detected   : 0
Registry items scanned    : 8366
Registry threats detected : 0
File items scanned        : 163008
File threats detected     : 60

Adware.Tracking Cookie
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@atwola[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tracking.mindshare[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.adc-serv[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@sevenoneintermedia.112.2o7[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@eas.apm.emediate[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@go.dynamic-tracking[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@zanox[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adserver.71i[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@doubleclick[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.yieldmanager[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adservercentral[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@imrworldwide[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@webmasterplan[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@smartadserver[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tele2de.112.2o7[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@content.yieldmanager[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@atdmt[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tradedoubler[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.yn-ads[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tracking.quisma[3].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@zbox.zanox[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@statse.webtrendslive[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@shop.zanox[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@weborama[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@track.adform[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adtech[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@unitymedia[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@de.adserver.yahoo[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@content.yieldmanager[3].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.adnet[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@apmebf[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad1.king[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@mediaplex[2].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@msnportal.112.2o7[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adfarm1.adition[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.porta.eol[1].txt
	C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@advertising[1].txt
	adserv.quality-channel.de [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	adtech.panthercustomer.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	akamai.smartadserver.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	bc.youporn.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	cdn1.eyewonder.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	cdn4.specificclick.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	cdn5.specificclick.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	hottraffic.nl [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	imagesrv.adition.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	media1.break.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	objects.tremormedia.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	oddcast.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	s0.2mdn.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	secure-us.imrworldwide.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	static.youporn.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	www.sexkiste.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
	s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TXB6RPPN ]

Trojan.Agent/Gen-Falint
	C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EYNBO517\DCOM32[1].EXE
	C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PNVM3FFZ\DCOM32[1].EXE
	C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\RYG0BMEH\DCOM32[1].EXE
	C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\RYG0BMEH\DCOM32[2].EXE
	C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YDZ03FH0\DCOM32[1].EXE

Rogue.Agent/Gen-Nullo[EXE]
	C:\WINDOWS\8324.EXE
         
mal schauen =D
der hat ja im gegensatz zu den anderen was gefunden^^

Alt 09.09.2010, 16:52   #14
john.doe
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



Deinstalliere SuperAntiSpyware (hat seinen Dienst getan).

Weiter mit Kontrollscans von:

1.) Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer.

Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

2.) Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 10.09.2010, 11:24   #15
teny
 
nochmal skype/facebook trojaner :( pc fast tot.. - Standard

nochmal skype/facebook trojaner :( pc fast tot..



huhu

jetzt mal den ersten teil der logs^^
heute nacht konnt ich die augen nimmer offen halten

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e71c9a87acae3b43a18fba3ad5e41ad8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-10 03:42:50
# local_time=2010-09-10 05:42:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Ireland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 182886 182886 0 0
# compatibility_mode=1797 16775165 100 100 0 59600075 428204 0
# compatibility_mode=5892 16776574 100 95 20510911 121617496 0 0
# compatibility_mode=8192 67108863 100 0 112 112 0 0
# scanned=175042
# found=11
# cleaned=3
# scan_time=5402
C:\Outlook Express\Gesendete Objekte.dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\42f82403-3cfba5a5	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1c4f3634-4898e157	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
E:\Sonstiges\mailkontos backup\08-10-07\Microsoft\Outlook Express\Gesendete Objekte (1).dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
E:\Sonstiges\mailkontos backup\08-10-07\Microsoft\Outlook Express\Gesendete Objekte.dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
E:\Sonstiges\mailkontos backup\09-12-07\Microsoft\Outlook Express\Gesendete Objekte (1).dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
E:\Sonstiges\mailkontos backup\09-12-07\Microsoft\Outlook Express\Gesendete Objekte.dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
E:\Sonstiges\mailkontos backup\16-01-08\Outlook Express\Gesendete Objekte (1).dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
E:\Sonstiges\mailkontos backup\16-01-08\Outlook Express\Gesendete Objekte.dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
F:\downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
F:\reste\mails\{3AB7BE4B-D1A8-4CBF-8724-B03A39858301}\Microsoft\Outlook Express\Gesendete Objekte.dbx	probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean)	00000000000000000000000000000000	I
         
was mir jetzt schon mehrfach aufgefallen ist
er gibt mir als country immer irland an?
nicht dass es mich stören würde *kicher* aber ich bin seit .. öhm...8 monaten nicht mehr in irland =D

________________________________

edit:

PrevXCSI hat nix gefunden

und kaspersky...
Zitat:
Kaspersky
Online Scanner
Tut uns leid! Der Kaspersky Online Scanner wird gerade überarbeitet und ist deshalb nicht verfügbar. In Kürze wird er mit vielen Detail-Verbesserungen wieder online gehen.

Geändert von teny (10.09.2010 um 11:39 Uhr)

Antwort

Themen zu nochmal skype/facebook trojaner :( pc fast tot..
0x00000001, agere systems, alternate, antivir, autorun, avgntflt.sys, avira, cdburnerxp, components, corp./icp, error, excel, excel.exe, failed, firefox, flash player, fontcache, format, google chrome, home, home premium, iastor.sys, install.exe, launch, local\temp, location, locker, logfile, maleware, media center, monitor, mozilla, mywinlocker, national, nvstor.sys, oldtimer, otl.exe, problem, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, services.exe, shell32.dll, skype.exe, software, staropen, svchost.exe, trojaner, udp, uiexec.exe, vlc media player, windows



Ähnliche Themen: nochmal skype/facebook trojaner :( pc fast tot..


  1. PC hängt sich fast auf (Skype, teilweise Steam, etc). [WIN7]
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (26)
  2. Nochmal GVU Trojaner, Win XP
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (2)
  3. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  4. Nochmal Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (1)
  5. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  6. Nochmal der GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (4)
  7. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  8. Nochmal BKA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.08.2011 (29)
  9. und nochmal: BKA-Trojaner
    Log-Analyse und Auswertung - 08.08.2011 (3)
  10. Nochmal Bundespolizei Trojaner
    Log-Analyse und Auswertung - 15.04.2011 (35)
  11. Skype-Facebook-Bild-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  12. Skype - Facebook Virus
    Plagegeister aller Art und deren Bekämpfung - 16.10.2010 (25)
  13. Skype Virus per Facebook Adresse
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (29)
  14. Facebook Virus über skype bekommen
    Log-Analyse und Auswertung - 07.09.2010 (0)
  15. Skype & MSN Virus , Ich brauche Hilfe! h**p://facebook.lm-interiors.com/image_id.php
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (6)
  16. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  17. Virus der sich über skype verschickt! h**p://facebook.twitterbizzer.com/photo_id.php
    Log-Analyse und Auswertung - 27.08.2010 (17)

Zum Thema nochmal skype/facebook trojaner :( pc fast tot.. - hallo bin durch die googlesuche auf euer forum gestoßen und dachte mir, ich versuche es dann einmal hier^^ es kann ja nur besser werden vor etwa 2 *öhm* tagen habe - nochmal skype/facebook trojaner :( pc fast tot.....
Archiv
Du betrachtest: nochmal skype/facebook trojaner :( pc fast tot.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.