| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: nochmal skype/facebook trojaner :( pc fast tot..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.09.2010, 19:08
| #1 |
 |  nochmal skype/facebook trojaner :( pc fast tot.. hallo  bin durch die googlesuche auf euer forum gestoßen und dachte mir, ich versuche es dann einmal hier^^ es kann ja nur besser werden vor etwa 2 *öhm* tagen habe ich netterweise im skype einen link erwischt ( de klassischen facebook, bla bla..) anstatt das fenster zu schließen. er lud *ohne abfrage* etwas runter und installierte es netterweise direkt. ich ließ maleware durchlaufen, er fand nichts, alles ok dachte ich .. *dumm* im gegensatz zu allen anderen, die das problem bisher hier hatten, verschickt er bei mir die links nicht weiter, leider spinnt jetzt aber der pc.. neuerdings massiv. zuerst nur der skype, mittlerweile geht der mediaplayer, winamp, mailproggi und sonstiges nicht mehr. mein FF zickt auch rum, selenium geht gar nimmer, die anzeige der programme verändert sich und es wird recht nervtötend.. edit 19:45 : nun ist es so schlimm, dass mir weder programme noch ordner direkt geöffnet werden, ich bekomme generell nurnoch den geliebten ladekringel und die meldeung, das programm reagiert nicht.. etwa 5 min später öffnet sich dann der ordner.. programme wie windoof mail oder ff funktionieren gar nicht mehr ich war dann mal so frei mir den tip von john.doe zu herzen zu nehmen.. also ab zu " für allen neuen" gelesen und punkt 2, alternative b abgearbeitet  edit 19:50 ordner schließen geht auch nicht mehr.. programm reagiert nicht, wenn er dann schließt, schließt er direkt den explorer mit.. nurnoch HG bild.. neu herstellen des desktops sieht nun auch komisch aus und anders (windows98 startleiste und nettes grau) 19:53.. desktopsymbole wieder da rechtsklick auf otl bringt ladekringel, erneutes explorer regaiert nicht fenster, neu aufbau des desktops ______________________________________ ich nutze einen acer laptop.. dankenswerter weise mit windoof vista OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05/09/2010 19:55:53 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE-LAPPI Current User Name: Angie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe () PRC - C:\Programme\Mobile Partner Manager\UIExec.exe () PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe () SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.howrse.de" FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.2 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 22:00:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 22:00:09 | 000,000,000 | ---D | M] [2009/07/13 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions [2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions [2009/08/05 01:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010/05/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\FasterFox_Lite@BigRedBrent [2009/10/26 22:21:40 | 000,003,915 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\je3qjhb6.default\searchplugins\sweetim.xml [2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/02/20 14:58:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/02/20 14:58:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/02/20 14:58:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/02/20 14:58:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/02/20 14:58:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/05 19:44:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/09/03 16:33:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/09/03 15:33:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/09/02 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes [2010/09/02 23:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/09/02 23:38:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/09/02 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/02 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010/08/11 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Real [2010/05/12 00:41:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe99B1.dll [2009/06/14 04:12:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010/09/05 19:52:25 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/05 16:14:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/05 16:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/05 16:14:07 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2010/09/05 16:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/09/05 16:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/09/05 16:12:47 | 003,513,796 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db [2010/09/05 08:53:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job [2010/09/04 21:53:20 | 000,005,756 | ---- | M] () -- C:\Windows\8324.exe [2010/09/04 05:58:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job [2010/09/03 23:17:08 | 000,083,100 | ---- | M] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | M] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | M] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | M] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | M] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | M] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | M] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | M] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | M] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | M] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | M] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | M] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | M] () -- E:\Picture0009.jpg [2010/08/16 18:41:58 | 000,048,419 | ---- | M] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | M] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | M] () -- E:\Picture0006.jpg [2010/08/14 22:49:53 | 000,014,336 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/14 22:00:07 | 000,027,648 | ---- | M] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:20 | 000,089,480 | ---- | M] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini [2010/08/11 20:51:59 | 000,786,053 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:07:33 | 000,750,681 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:34 | 000,071,203 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:43 | 000,059,925 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:42 | 000,039,957 | ---- | M] () -- E:\Photo on 2010-08-11 at 14.34.jpg ========== Files Created - No Company Name ========== [2010/09/04 21:53:20 | 000,005,756 | ---- | C] () -- C:\Windows\8324.exe [2010/09/03 23:17:07 | 000,083,100 | ---- | C] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | C] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | C] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | C] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | C] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | C] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | C] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | C] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | C] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | C] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | C] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | C] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | C] () -- E:\Picture0009.jpg [2010/08/16 18:41:57 | 000,048,419 | ---- | C] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | C] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | C] () -- E:\Picture0006.jpg [2010/08/14 22:00:07 | 000,027,648 | ---- | C] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:19 | 000,089,480 | ---- | C] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/08/11 19:06:10 | 000,786,053 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:06:10 | 000,750,681 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:33 | 000,071,203 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:42 | 000,059,925 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:41 | 000,039,957 | ---- | C] () -- E:\Photo on 2010-08-11 at 14.34.jpg [2010/02/15 11:45:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/01/15 19:08:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/14 05:06:55 | 000,277,248 | ---- | C] () -- C:\Programme\kinginstaller.exe [2009/08/06 14:35:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2009/08/04 06:10:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/04 05:19:04 | 000,014,336 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/09 16:59:07 | 000,006,836 | ---- | C] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat [2009/07/08 23:56:11 | 000,000,000 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\wklnhst.dat [2009/06/14 04:02:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009/06/14 04:02:34 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009/06/13 19:41:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009/06/13 19:29:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009/06/13 19:29:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009/03/12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009/03/12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009/02/11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009/02/11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009/02/11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009/07/08 23:49:11 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.# [2009/03/12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Acer GameZone Console [2010/02/15 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited [2009/07/08 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eSobi [2010/07/09 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ [2009/07/08 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PowerCinema [2010/06/30 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\RagTime [2009/07/08 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftDMA [2010/05/12 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony [2010/05/12 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony Setup [2009/07/08 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Template [2010/09/05 16:34:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05/09/2010 19:55:53 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002253FB-8111-493F-8D8C-4FE66B903955}" = rport=138 | protocol=17 | dir=out | app=system |
"{19BD3B49-4960-46E2-BFDF-26630FA2FEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A5C067B-8408-48B3-BA04-97BDF48F64E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6EB95F-08A1-4B60-91A4-478E3E712762}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1C2EA5E6-527D-487A-AED6-6294BBA02018}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FAEDC48-8C84-454C-9D6E-362F2A31CF19}" = rport=137 | protocol=17 | dir=out | app=system |
"{205AA3E9-878C-42FD-A9C8-027C00994362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41A06BD5-2397-402A-9173-3A9252D0D841}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46996488-4F91-4353-AE7A-257708BF6C23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46EA0D08-1753-4C43-91E3-A4FC6DFB18A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B0B4E6C-CA7C-4279-9F94-27BBA5354CBC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{548CB954-9003-4906-9103-309F5F9CDEC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56ED778A-FCE6-42EF-ADB2-6F3B2E5AC918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AC8DFF5-14F5-41EE-98A8-0C850DF292FE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{64C1142C-9E37-406E-ABAB-8ACCFCC91820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65BC738A-B27D-4B97-B1CB-F4AB37E74E2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{67A9AC51-01DF-4C14-8C8F-EA54202531A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A61EEC-8F86-44CF-9BF8-E33B445B2CFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF5F8B7-61E9-47C9-8D16-1E50F81DEA2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81794BB4-902C-4831-AB14-74DC7FB50E3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A3F5F3-1877-46F2-BC12-5C5A5EAF93C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{870738C7-122C-48A8-9714-D8CCA4AB7F8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C573BB4-FC4F-481C-BB91-344957B18386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A72222D-BB2B-4EB5-8E66-0C2F4A232D34}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0B5B23E-A394-4B78-95A0-1C6A7ECF8503}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0FC8839-3101-4A32-870A-5624DC32E59A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A463C226-CDB2-4BAF-8FD3-845CA09207B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C69A10-A922-44A1-AF2D-A2DEB45300DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE8E3522-7288-4F7F-B9E4-E558B7B7ED58}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC8396A3-72E6-4CD7-8021-B0A954D6F312}" = rport=139 | protocol=6 | dir=out | app=system |
"{E54A7353-CB4B-4939-813E-330BB4618509}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6F1BC5F-C0D7-49FC-9988-497B96F1D87C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF6CDA77-88FF-43FA-81C8-B843F5223134}" = lport=139 | protocol=6 | dir=in | app=system |
"{F268246E-4232-4F19-98D8-C94EF25708CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F731B571-7547-4C5C-A03F-D840FCC01763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00966F49-96FF-4F32-8B31-C9FCAE5AF1C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00AC1766-45AD-46AC-9A7E-901F9A6BEA7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01B01350-67C5-47C9-9383-5B94B3C26C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02DF2DB2-B260-4119-AB7E-C402FC9C4741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{038B6C9D-2A2E-4B5B-9666-27823ACB66DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05097973-C81F-47FD-88B0-9DF9417DBA98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06A089F2-2C10-4A88-AE04-10E7510B804C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06DEEC60-AD69-495F-A40F-90174896742C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A1CB352-B9DF-48E7-9CD3-F4A49C081DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AE27C66-95C3-4C67-A571-0B9C3C6517B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B243332-640B-4B4F-B853-781D52482084}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C62C1FD-728F-4BEF-B023-27F3DEFB5505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DB7E2A4-8B3F-4905-9661-E7E592570948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E2510B3-80D4-4DF4-8B6A-07F5295AD4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ECCC38C-D509-41D3-A302-7CCEE51EBABA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{0FC430C0-8271-4AD2-B1B4-58F8F824A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12BEEE10-E77C-4170-B738-23BB132485E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12FEA2B0-8080-43E6-9220-7E69341EACAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14796318-4573-4EC3-B6BF-AFEB1D92CCF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15179141-B0E4-48AF-902A-DBFB15E8B89E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{173EF7A9-C6B7-4989-AEA6-6A10EA8BB00B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1944BF22-ABD2-42C1-8E56-8160F95C6DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A20ABAF-42A3-40EF-94FE-D9C72FDA87FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AFE5958-A700-4DEA-B42C-0DEDD4E0E664}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B558AEC-04CE-4D04-ACA4-718D96984345}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20734789-895C-4A22-BD29-657B914554B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A1B0A8-B20A-4267-AB0F-836FDC7573BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21911FFC-2D78-448F-B458-E0806B1C2AD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2209900A-1353-4D99-89CA-CD089F61FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23527E07-0245-4FCE-9266-8F2FCCB093FC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{23B5A813-957D-4C0F-B7BA-3AB9220AEEF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23C567C9-EA64-406B-AF35-26975A931C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24F9BFE8-7715-4DA8-AC39-FE37229D5174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{294F02E8-E669-4380-9262-A925034ADD7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A000E8D-D5A0-44EE-9136-24FF29B6A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AAAA09B-2321-46E8-8F97-E8D5BC5B9D71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AB3F2AE-4DE5-466F-91A1-6F22A11DBC80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B1685A2-E789-4488-A618-4E3EE05ECF78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B18465E-979D-47A0-BE1F-7F4F71FA1BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1F2A62-674A-46EF-BF69-7D8732F37585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D2B0AC6-3697-4919-8DB8-0253D894878F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EE9D84E-4503-4FD3-ABC8-01BD3B9717E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3354CB6E-CA89-42D3-B283-46E435A1791D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33576203-4FE0-43B5-B04E-7325E7F30FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36E945EC-E1C5-4468-9D3D-F3210EB94393}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{372C6BDC-0E4A-4BE5-A1C5-CD024217FDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{399B34A0-9587-47E4-A833-EABD2C0BD8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AD901E8-BED7-4F36-BA43-09AEACAC923C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{3BB7ED2C-0C1F-426E-8CAB-9B81F68ABAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C909559-0330-48ED-BBEB-D210A5594911}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D31B782-6DA6-47F8-96E7-0551A6750C88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EFAEBF1-9967-4030-AC39-14B7E35553E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F1E37A4-CB79-4693-9886-7C82504D2173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F25CD5F-6A5B-4924-B3B9-2240A8CA48D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F4E4B58-96D5-4A47-BF9C-7CCA950D5E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{410DA5AC-DB88-4EA1-AFFF-0259AEB21832}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{423C276C-BA6B-4517-8EF9-BB52B1302025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{425463A4-5295-4567-8C76-BB194AC59E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F9DE61-8C32-4167-9667-F20ECF7B512E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46CE3B86-AF71-4C98-ADEB-7979C4FB93F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470F99BE-FD69-406B-AA07-74CDF177C678}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A28905B-25FD-4DE8-8158-C084C80D64FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AB8BD5A-DBD2-4C77-BAEE-A710F346E067}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AEFFE5E-ED7B-4195-8038-73324C8C94A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C5CE82B-0AB1-417E-949B-CAA93B4329B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EF3B4FA-702D-41B0-B739-E3706471CA24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA5AE56-3236-421E-8DFC-74B837509C10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E1832B-2233-414B-8653-CDBBA7AB3424}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5310B265-55B9-4429-BD19-6D46995988E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{540E9C19-CEAE-47E4-A021-5682D23CDCEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C65328-84C7-4CAA-BE96-FDD855E8F087}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{555C9C64-5CEF-42FB-8CED-BC4E048A158F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55CFF8D5-768C-4406-AE55-FCDF4971D3B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55F47EF4-708D-4F70-9D06-7C5A0CDA6B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5AC5F67F-E889-4605-9018-DA5AEB346C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D1D19F6-4586-4E99-855C-E0F0B06D148C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F85D6F9-075B-4188-B58E-A89A1EEB8CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6159FA66-6E24-483A-B1F0-1D5BC45A4E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61800C7F-E6B4-4985-8124-D5A8200D0443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{619AE4B3-ACD5-47C2-A390-7E56063FA9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61E31FF2-FE76-48F9-BE5F-D2CFED3EFE23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61F2FBD8-65DC-4EC5-AE80-424F2D4530CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{663847B5-D5D5-468A-932C-56EC929BE32C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67E84425-56A5-4C22-9A2E-FACC85130568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67F51BDB-4B82-41B0-AB8F-9667D20E02AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{695054EB-2CB4-4BF0-BA51-CA3145E9ACAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A4BD658-B25F-4252-ABF7-C1E6F125A06D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A609438-6FDB-4A55-99F9-CA9BD7B64C01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C49262D-93A6-4D56-8F5F-7A917F7D7848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D3D0CE4-9F42-483D-BB0E-0D57CB17C478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D417D9D-AD11-4B5D-B80C-C4A433745C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6ED0606F-5CD0-468F-993B-A237B96F9682}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7072DD3C-366B-44C3-83C4-EACCF2E730F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72BF4C9F-B512-4E70-94A4-AB9FB74AFD6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{748C40C6-F247-4C3E-A84D-F3AFB0CC81BF}" = protocol=6 | dir=out | app=system |
"{760C0A94-DB46-4F56-BBE0-2F948A3F1CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{790F72A1-1D05-4393-9961-DD760919E575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CAA0DF9-432B-49EE-AB73-3A99D1BF12C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EFCE4E6-3EDB-4E81-9BC3-D2E87FE04E98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80BA43BB-2B6D-4123-AE41-CD37E97405BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81FA4485-370D-4BEC-9F93-C06EC7EE902C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82EA1A71-1048-4A8F-8623-C9CAB8601B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8402320C-F2B1-4124-BA73-BF947B24E803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87095435-7B7E-4829-9E4F-6713BA7C89D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8744B6E1-B9BA-4D77-B73F-981915444355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D6A64B-FF41-4ED7-82F9-973BC1FE1DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88EA246D-FF7A-4C19-8DA3-6C0ED3B130EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B33C7A5-E952-4F93-9FCB-D0C373BC3293}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B795094-33A6-4BA4-BA81-FD24A040B1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8D83B621-8E53-4832-80B0-81C75F1D06A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E32ED12-756E-4686-AF5F-7907E588BEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EF50985-CA3C-4C1A-BE87-D81B01BBD4D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F389412-BCC8-4D2E-9616-FD8FF4E63878}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FDD07C3-CEB6-4EA8-A6A4-356F43B65F96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92CF269B-6A09-48F0-89FA-D9D4FEDEA6E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{930DD5A3-A5DC-4760-9868-D095CA7AF750}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97BC41E2-F117-4EA5-813B-A4C89AF7DD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A027706-8028-4171-AC71-F42697BFEDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A88FDEA-6CEA-4F90-AA4F-266431D1E84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B3E36F7-741D-4881-8470-52510F170302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B5D0C6A-CB1C-4417-ABED-874C32FE90EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C9111C7-479C-4E9C-8B04-4C3389ED945C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CEFCD46-5D70-4115-B3C9-9697177ACAA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1CFE-3F81-4E1F-9D6B-514E1DDCDED5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EB9CEBE-698B-4280-A2F8-97928CA8555B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F8D7A15-E3A9-40F4-94BB-9994737E03CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A00CCEFD-C8BD-48D3-946F-ACBE0A5B24C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A260D41F-DE29-44E8-B8CC-326E6E647175}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3FB3839-B73C-4D0A-80C3-82B94AE6ACB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8352E8B-9E48-4CE2-8A9C-4B10EF509705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABF718D2-25BE-4FBB-8FD5-3615BD3A0A24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACE0BE68-F64B-48A5-BD20-78A51C83DC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B0D0C236-E391-4091-AA8F-55A203AB488D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1F2FB23-5810-41BE-A48C-835BCB5285EF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B2807599-1B42-41EE-BB96-CE8029863816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B28B1248-0E20-410A-BCA3-80C7152A4C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B41FE0C8-4763-447A-B6E2-04DA1A23E31B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5A5CA62-4A34-41BB-89BA-2149E8103405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8EDE7FF-97B8-40F5-96D8-21D356CA356A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B93E6D8B-3E54-4248-B90B-AE41DE84D512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B97364EC-ECE5-4AB6-B6EF-5352B072306A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9DB2248-4913-4D2E-B057-EC910A885275}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BA682CD8-3870-4BBD-9E4A-39C4859F5176}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB8E4DAE-7295-4B64-B3E0-BBC4086C8336}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD20BE07-1257-417C-B737-461CE4A265CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD72969E-0B48-4FDC-8075-BDC20E31CD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE373EBE-DC57-470B-BB8C-83162A987875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C0EA2EE0-C701-42AB-B5F1-070F58AF0702}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C434F41E-D532-4396-B4E5-E04924ABB2AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6F0EF84-A30E-485C-ABCA-86D0FD43089A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7BFB823-DB3F-4F80-AD9B-544EF9B5714F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CA37F058-3774-4EEE-A546-A0FA93BE704A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CABC44DD-281E-4BFA-8483-359A2321C620}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB4C0250-A5C9-485A-BD81-C3917247122F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBED2B53-8EE7-4722-A551-3BD26A360368}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBF61C91-2513-439E-83E4-DA615ECC87C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC4ABCCB-7956-4A42-8CAA-D5B2728A3616}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDEC9F74-8BFF-4E97-8810-58321BC52AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2914453-D1C6-4589-9D6C-AC975685692F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D603291E-E047-4562-A057-DA9361D2E174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F4CC75-F859-4F03-8E1A-1D5D4B61A09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7BA6583-97F5-413D-A96B-ABE5417B4A68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA84622D-D6C8-412C-AC31-8EF4592E88BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF02180-DEFF-442C-9C9E-ABE49146D8D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBA9A40C-5D9B-4C93-B6E1-8F9215BBB763}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDC5A573-E0FE-425F-9DE3-09B02BEC25D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD53577-41B3-4983-A138-B990C82EC949}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFC12F3B-FBDF-40F3-9757-60B5450DE5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E019B3C0-38CA-4748-A1CD-6BCEC181BE29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E13C2D1A-72DF-422A-97BF-5B154218C7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E34A0187-0195-4BAA-891A-5BE92AAC9E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E71ABA41-55D5-4814-B9BC-A659EB35A81D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8EC6E04-149E-4A25-AC78-9D2054A98577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9ADE639-3444-4F18-8FD1-88F740605114}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9EBA9F8-ED13-44EF-AFE4-A3B2F7EBA0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA5283B1-06ED-4FA5-8330-79CE22AB856D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDEDCB27-8BC5-4782-AF56-83E8DDB8782C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3968EB-2FF2-4F8D-A194-4222700CDE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0DD0882-94C9-47D7-9303-EF5F19A28C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1742235-836C-440C-A575-25E3F2A23B35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A4CAFE-55B0-4235-8D30-2F1611C09805}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA349256-62AB-4628-9D27-AF6A71CFB4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB478DF5-7EB7-471F-8265-37D5BA6247D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC697F3E-FB1B-4FB7-A6EF-DE7D8244F7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA278E4-9FB8-4102-ABFB-6A686FB8ECE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAA49D4-9EF1-4933-820C-A098BA9F903F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE6BDB79-B8E3-4018-AB09-DCEBE80D6778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{452FA0D7-E6B5-490B-A114-138B076DDE60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{717575D6-7316-4A0A-A073-C6D3693018CD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8DE3DC45-72D3-4477-8388-BCAE7F396D40}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"TCP Query User{A4515D09-015C-4944-A1DF-AA369B565ACC}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{A5977D0A-52F5-43C9-8957-D7332C5015B3}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{C34A31D8-1D36-4E3A-B90A-9395A4A01D56}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D9558383-6142-4F64-AED2-5FB636A7335A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{EC12E8AC-B9A3-43E4-A573-4FD5CF0C0CAE}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0EDF8570-E9FD-4AB1-8E07-B37F4F8C8C54}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3E8AEC1D-A00D-4A1F-808C-1F5D1F8BBA30}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"UDP Query User{43A72232-85A2-41C5-84D8-7CC67B693088}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{646FBF5E-DA06-4310-8284-D8A2FE0C01B8}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{AA1BE46D-0805-4C59-944D-A2EAD914B27A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B22784E9-8714-497B-B27C-5BDBFDE88AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D474BDE0-C138-463D-B907-0286696FA73E}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{EA4F24EC-4C69-40FE-B387-F4EE69190DC1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B836CE46-F408-4DD4-9F65-0CE6937CF470}" = Dungeon Lords
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PicSizer" = PicSizer
"RagTime Privat" = RagTime Privat
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16/06/2010 08:40:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 17/06/2010 19:19:35 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 18/06/2010 07:56:08 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 18/06/2010 09:14:37 | Computer Name = angie-lappi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 0.0.0.0, Zeitstempel 0x4c05deaa,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x70263d65, Prozess-ID 0x12fc, Anwendungsstartzeit 01cb0edd5ac4b5b1.
Error - 22/06/2010 20:46:21 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 23/06/2010 09:14:41 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 24/06/2010 16:30:15 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 25/06/2010 08:20:31 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 25/06/2010 21:11:58 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 26/06/2010 04:28:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20/11/2009 17:25:46 | Computer Name = angie-lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 05/09/2010 02:31:24 | Computer Name = angie-lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.09.2010 um 08:29:52 unerwartet heruntergefahren.
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 02:32:32 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 05/09/2010 03:17:19 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 05/09/2010 10:15:38 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 11:09:41 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 05/09/2010 13:50:22 | Computer Name = angie-lappi | Source = DCOM | ID = 10010
Description =
< End of report >
das sieht grad mal ziemlich übel aus.... das seh sogar ich und ich werd den ersten post erstmal abschicken, da maleware selbst im quick-scan gute 7 min läuft und ich nicht weiß, ob mein lappi das überlebt.. vielen dank im voraus teny *malewarebytes report folgt* |
|
05.09.2010, 19:13
| #2 | |
| | nochmal skype/facebook trojaner :( pc fast tot.. so, ich nochmal
__________________das gleiche wie ich befürchtet habe.. im gegenzug zu dem, was da oben zu finden ist.. hier der mbam-log Zitat:
ich lass dann doch einmal den full scan laufen lg teny Geändert von teny (05.09.2010 um 19:20 Uhr) |
|
05.09.2010, 20:47
| #3 |
| | nochmal skype/facebook trojaner :( pc fast tot.. und weil es so schön ist
__________________hier noch einmal der mbam log vom full scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4550 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 05/09/2010 21:37:27 mbam-log-2010-09-05 (21-37-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Durchsuchte Objekte: 295819 Laufzeit: 1 Stunde(n), 9 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a8c7 (Backdoor.Bot) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYNBO517\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNVM3FFZ\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[2].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDZ03FH0\dcom32[1].exe (Rootkit.Dropper) -> No action taken. aktionen jeglicher art sind NICHT möglich, da das programm wie immer.. den status "keine rückmeldung" hat ich werde dann wohl mal ins bett gehen und beten, dass der laptop morgen noch lebt. von der arbeit aus werde ich mal rein schauen, ob sich jemand der herausforderung stellt mir zu helfen ist halt mal nicht ganz so übersichtlich, wie bei den bisherigen skype-link-trojaner-problemen *platt machen ist aktuell keine lösung^^ da ich keine system cd besitze... tja, vorinstalliert halt -.- * lg teny |
|
06.09.2010, 16:30
| #4 |
| | nochmal skype/facebook trojaner :( pc fast tot.. huhu also ein neustart brachte eher eine verbesserung... aktuell sieht es wieder aus wie es sollte.. und funktioniert auch wieder die frage ist nur wie lange? zz findet mbam mal wieder nix in der suche aber ich habe vertrauen in euch angie |
|
06.09.2010, 18:13
| #5 |
| | nochmal skype/facebook trojaner :( pc fast tot.. hhm, editieren geht ja leider nimmer.. aktuell mein momentaner lieblingsfehler hostprozess für windows-dienste funktioniert nicht mehr Problemsignatur: Problemereignisname: APPCRASH Anwendungsname: svchost.exe Anwendungsversion: 6.0.6001.18000 Anwendungszeitstempel: 47918b89 Fehlermodulname: ntdll.dll Fehlermodulversion: 6.0.6002.18005 Fehlermodulzeitstempel: 49e03821 Ausnahmecode: c000071b Ausnahmeoffset: 000888f5 Betriebsystemversion: 6.0.6002.2.2.0.768.3 Gebietsschema-ID: 6153 Zusatzinformation 1: 0e02 Zusatzinformation 2: b21b56b606e7544720668ce364087082 Zusatzinformation 3: 0e02 Zusatzinformation 4: b21b56b606e7544720668ce364087082 solange ich das fenster offen lasse, und nicht auf beenden oder online lösung klicke geht der pc auch weiterhin also lass ich sie einfach mal da. weiß allerdings nicht, was das genau zu bedeuten hat lg angie |
|
07.09.2010, 07:37
| #6 |
| | nochmal skype/facebook trojaner :( pc fast tot.. guten morgen seit dem neustart heute blinkt alle 30 sekunden avira auf und meldet einen fund. allerdings verschwindet das fenster nach dem piep und der meldung auch direkt wieder von alleine melden tut er: C:\Windows\Temp\cxvl.tmp\setup.exe Trojanisches Pferd "TR/Dropper. Gen" nun fiel mir auf.. er meldet nicht einen fund, er meldet alle 30 sekunden einen anderen. das fett gedruckte variiert.. insgesamt hat er 20 verschiedene gemeldet mbam quick scan sagt 0 für den fullscan reicht die zeit leider nicht  lg angie |
|
07.09.2010, 16:13
| #7 | |||||
  | nochmal skype/facebook trojaner :( pc fast tot.. Hallo Angie und  Zitat:
Zitat:
Zitat:
Du hast da einen ganzen Haufen an Problemen und solltest du dich trotzdem für Bereinigung entscheiden, eines verspreche dir vorab: Das wird mehrere Tage dauern. Zitat:
 Die Einträge von Skype in der Firewall habe ich so noch nicht gesehen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. 1.) Lade die Datei Zitat:
2.) Poste die Logs von RSIT => http://www.trojaner-board.de/74910-a...tion-tool.html 3.) Poste das Log von Avira mit folgenden Einstellungen => http://www.trojaner-board.de/54192-a...tellungen.html 4.) Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [Konni Symbol Autostart] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun
O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe"=-
:Files
E:\Downloads\Picture-0002927.JPGwww.facebook.exe
C:\Windows\nvsvc32.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
5.) Erstelle und poste neue Logs mit OTL. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
08.09.2010, 00:34
| #8 |
| | nochmal skype/facebook trojaner :( pc fast tot.. huhu andreas ach ja.. der browser^^ chrome.. da ff zu lahm ist und der ie ist nur drauf, weil er sich leider von mir nicht entfernen lassen will -.- also die datei ist hochgeladen.. passt auch vom datum her -.- *musste nur 3x neustarten, denn der hostprozess war immer schneller mit dem nicht mehr funktionieren, als ich mit dem hochladen... und sobald er nicht mehr will, bekomme ich nurnoch leere fenster..* hier die zwei logs *juhu... ich hab begriffen, wie man die in so nen hübsches fenster packt =D * log.txt Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:24:42, on 08/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Mobile Partner Manager\UIExec.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Angie\Desktop\RSIT.exe C:\Program Files\trend micro\Angie.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Mobile Partner Manager\UIExec.exe" O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- End of file - 8745 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-01-21 156968] "CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-01-21 202024] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440] "AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-10-24 237568] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-11 6957600] "PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344] "LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-24 870920] "BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600] "Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864] "EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464] "mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672] "PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-12-26 173288] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2007-01-02 520192] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] "UIExec"=C:\Program Files\Mobile Partner Manager\UIExec.exe [2010-01-13 133120] "NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background [] "Konni Symbol Autostart"= [] "Google Update"=C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-26 133104] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-09-16 772608] "NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "E:\Downloads\Picture-0002927.JPGwww.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-08 01:24:20 ----D---- C:\rsit 2010-09-08 01:24:20 ----D---- C:\Program Files\trend micro 2010-09-04 21:53:20 ----A---- C:\Windows\8324.exe 2010-09-03 16:33:38 ----D---- C:\Program Files\Common Files\Skype 2010-09-03 16:33:37 ----RD---- C:\Program Files\Skype 2010-09-03 15:33:55 ----SHD---- C:\Config.Msi 2010-09-02 23:38:47 ----D---- C:\Users\Angie\AppData\Roaming\Malwarebytes 2010-09-02 23:38:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-09-02 23:38:27 ----D---- C:\ProgramData\Malwarebytes 2010-09-02 23:38:27 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-09-02 23:38:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-12 02:15:32 ----A---- C:\Windows\cdplayer.ini 2010-08-11 23:27:06 ----D---- C:\ProgramData\Real 2010-08-11 23:27:06 ----D---- C:\Program Files\Common Files\Real 2010-08-11 23:27:05 ----D---- C:\Users\Angie\AppData\Roaming\Real ======List of files/folders modified in the last 1 months====== 2010-09-08 01:24:32 ----D---- C:\Windows\Prefetch 2010-09-08 01:24:20 ----RD---- C:\Program Files 2010-09-08 01:23:18 ----D---- C:\Windows\Temp 2010-09-08 01:20:17 ----D---- C:\Users\Angie\AppData\Roaming\Skype 2010-09-08 00:40:56 ----D---- C:\Users\Angie\AppData\Roaming\skypePM 2010-09-07 00:44:26 ----D---- C:\Program Files\Mozilla Firefox 2010-09-05 16:50:32 ----D---- C:\Windows 2010-09-05 16:13:54 ----D---- C:\Windows\system32\drivers 2010-09-05 08:30:38 ----D---- C:\Windows\PCHEALTH 2010-09-03 20:53:55 ----SHD---- C:\System Volume Information 2010-09-03 16:33:44 ----SHD---- C:\Windows\Installer 2010-09-03 16:33:43 ----D---- C:\Windows\system32\Tasks 2010-09-03 16:33:38 ----D---- C:\Program Files\Common Files 2010-09-03 16:33:36 ----D---- C:\ProgramData\Skype 2010-09-03 15:33:42 ----D---- C:\Windows\System32 2010-09-03 15:32:53 ----D---- C:\Program Files\Common Files\microsoft shared 2010-09-02 23:54:32 ----D---- C:\Windows\Minidump 2010-09-02 23:38:27 ----HD---- C:\ProgramData 2010-08-19 00:00:20 ----D---- C:\Windows\system32\catroot2 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-12 329752] R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744] R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504] R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432] R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952] R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 5120] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-09 958464] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-28 4303872] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-11 2338720] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-02-21 153952] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-12-08 41984] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [] S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2009-10-29 9216] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976] S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280] S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016] S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280] S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880] S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024] S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912] S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2009-10-29 105088] S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2009-10-29 105088] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2009-10-29 105088] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-28 729088] R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008] R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Mobile Partner Manager\AssistantServices.exe [2010-01-13 247296] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-09-08 01:24:43
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Backup Manager-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0407
Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer Product Registration-->"C:\Program Files\InstallShield Installation Information\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ScreenSaver-->C:\Windows\Screensavers\Acer\Uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Agere Systems HDA Modem-->agrsmdel
AmIcoSingLun-->C:\Program Files\InstallShield Installation Information\{BF91B300-EEBC-4223-96F3-0FCBF7241B50}\setup.exe -runfromtemp -l0x0409
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom Gigabit NetLink Controller-->MsiExec.exe /X{9AF0B106-56F1-461B-A270-95BC1682E282}
Catalyst Control Center - Branding-->MsiExec.exe /I{E430067C-7254-40B6-A8F8-5EEF57A68F1A}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dungeon Lords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B836CE46-F408-4DD4-9F65-0CE6937CF470}\Setup.exe" -l0x7 -removeonly
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works 4 Converter-->MsiExec.exe /X{D18AF23E-AB28-4040-9396-28413B2C3B41}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mobile Partner Manager-->"C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0007 -removeonly
Mozilla Firefox (3.5.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyWinLocker-->MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
PicSizer-->C:\Windows\unvise32.exe C:\Program Files\AxiomX\PicSizer\uninstal.log
PlayStation(R)Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
PlayStation(R)Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RagTime Privat-->C:\Windows\IsUn0407.exe -f"C:\Program Files\RagTime Privat\Uninst.isu"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Samsung ML-2010 Series-->C:\Program Files\Samsung\Samsung ML-2010 Series\Install\Setup.exe /R
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Companion 1.60.00-->"C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten:
Reparaturoption: Neue IP-Einstellungen für den Netzwerkadapter "LAN-Verbindung" automatisch ermitteln.
Reparatur-GUID: {FD3DBBC9-877F-4B96-BB3B-0DC95D657057}
Reparaturdauer in Sekunden: 63
Erforderlicher Sicherheitskontext für Reparatur: 37
Record Number: 79333
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten:
Reparaturoption: Ein Problem mit dem Netzwerkrouter oder Breitbandmodem verhindert möglicherweise eine Internetverbindung.
Schalten Sie das Modem aus, und ziehen Sie das Netzkabel heraus, falls es sich um ein Heimnetzwerk handelt. Warten Sie mindestens 10 Sekunden. Stecken Sie das Netzkabel wieder ein, und schalten Sie das Modem ein. Vergewissern Sie sich, dass das Modem an der Telefonbuchse angeschlossen ist, und versuchen Sie dann eine Verbindung herzustellen.
Wenden Sie sich an den Netzwerkadministrator, falls es sich um ein Arbeitsplatz- oder Schulnetzwerk handelt.
Reparatur-GUID: {9513CC1C-4A26-4CB8-BF89-0A82129BD105}
Reparaturdauer in Sekunden: 63
Erforderlicher Sicherheitskontext für Reparatur: 0
Record Number: 79332
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: angie-lappi
Event Code: 4000
Message: Die Diagnosephase des Vorgangs wurde abgeschlossen. Die folgende Reparaturoption wurde angeboten:
Reparaturoption: Verfügbare Drahtlosnetzwerke anzeigen
Sie können dann ein Netzwerk auswählen, eine Verbindung mit diesem Netzwerk herstellen und das Netzwerk in der Liste der bevorzugten Netzwerke speichern.
Reparatur-GUID: {6AEFFF5C-B33E-4A07-9989-B2532A3DCB6A}
Reparaturdauer in Sekunden: 300
Erforderlicher Sicherheitskontext für Reparatur: 0
Record Number: 79331
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: angie-lappi
Event Code: 6100
Message: Hilfsklasse (AutoConfig Helper Class) Ereignis:
Drahtlosdiagnose-Hilfsklassenereignis
Vollständige Informationen zu dieser Sitzung finden Sie im Drahtlosdiagnose-Informationsereignis.
Hilfsprogrammklasse: Automatische Konfiguration
Initialisierungsstatus: Erfolg
Informationen zur Verbindung, die momentan diagnostiziert wird
Schnittstellen-GUID: d661e63c-2385-4740-b77c-4ba6f8ae8eb3
Schnittstellenname: Atheros AR5B91 Wireless Network Adapter
Schnittstellentyp: Systemeigenes WiFi
Ergebnis der Diagnose: Problem ermittelt
Fehlerursache:
Sie müssen ein Drahtlosnetzwerk auswählen, zu dem eine Verbindung hergestellt werden soll.
Wenn Sie ein Netzwerk auswählen und den Computer mit diesem Netzwerk verbinden, kann dieser Computer in Zukunft automatisch eine Verbindung zu diesem Netzwerk herstellen.
Detaillierte Fehlerursache:
Die Liste der bevorzugten Netzwerke enthält keine Drahtlosnetzwerke (die Liste ist leer).
Wiederherstellungsoption:
Verfügbare Drahtlosnetzwerke anzeigen
Sie können dann ein Netzwerk auswählen, eine Verbindung mit diesem Netzwerk herstellen und das Netzwerk in der Liste der bevorzugten Netzwerke speichern.
Ereignisausführlichkeit:0
Record Number: 79330
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154116.224737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: angie-lappi
Event Code: 6100
Message: Hilfsklasse (AutoConfig Helper Class) Ereignis:
Drahtlosdiagnose-Informationsereignis
Informationen zur Verbindung, die momentan diagnostiziert wird
Schnittstellen-GUID: d661e63c-2385-4740-b77c-4ba6f8ae8eb3
Schnittstellenname: Atheros AR5B91 Wireless Network Adapter
Schnittstellentyp: Systemeigenes WiFi
Es wurde eine Verbindungsstörung diagnostiziert.
ID für die automatische Konfiguration 1
Liste der sichtbaren Zugriffspunkte: 12 Element(e) insgesamt, 12 Element(e) angezeigt
BSSID BSS-Typ PHY Signal(dB) Kan./Freq. SSID
-------------------------------------------------------------------------
00-1A-4F-97-32-DA Infra g -77 1 FRITZ!Box Fon WLAN 7170
00-18-84-27-52-D6 Infra g -74 3 connyfon
00-18-84-27-52-D5 Infra g -72 3 FON_fueralle
00-1A-2B-1F-BE-B4 Infra <unbekannt> -78 4 WLAN-1FBE14
00-C0-A8-CD-CF-1D Infra g -76 6 3210
00-23-69-26-15-B5 Infra g -72 7 GoawAy
00-1D-19-8B-E5-48 Infra g -89 9 ArcorWLAN
00-1C-4A-4E-AC-66 Infra g -82 11 WLAN-001C4A4EAC66
00-1A-2A-2A-06-A7 Infra g -34 11
00-24-01-2A-13-A8 Infra <unbekannt> -67 13 Homem Aranha
00-25-BC-8A-82-0B Infra <unbekannt> -87 1 Apple V
06-25-BC-8A-82-0B Infra <unbekannt> -85 1 Vivians Gästenetzwerk
Verbindungsverlauf
Informationen zur ID für die automatische Konfiguration 1
Liste der sichtbaren Netzwerke: 12 Element(e) insgesamt, 12 Element(e) angezeigt
BSS-Typ PHY Sicherheit Signal(RSSI) Kompatibel SSID
------------------------------------------------------------------------------
Infra g Ja 46 Ja FRITZ!Box Fon WLAN 7170
Infra g Ja 52 Ja connyfon
Infra g Nein 56 Ja FON_fueralle
Infra <unbekannt> Ja 44 Ja WLAN-1FBE14
Infra g Ja 48 Ja 3210
Infra g Ja 56 Ja GoawAy
Infra g Ja 22 Ja ArcorWLAN
Infra g Ja 36 Ja WLAN-001C4A4EAC66
Infra g Ja 100 Ja
Infra <unbekannt> Ja 66 Ja Homem Aranha
Infra <unbekannt> Ja 26 Ja Apple V
Infra <unbekannt> Ja 30 Ja Vivians Gästenetzwerk
Liste der bevorzugten Netzwerke: 0 Element(e)
Ereignisausführlichkeit:0
Record Number: 79329
Source Name: Microsoft-Windows-Diagnostics-Networking
Time Written: 20091229154112.626737-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
=====Application event log=====
Computer Name: WIN-KN8H5TKTAMS
Event Code: 1530
Message: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-2067210464-2756668132-75422373-500:
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Policies\Microsoft\SystemCertificates
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\Root
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\trust
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\My
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\CA
Process 3420 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2067210464-2756668132-75422373-500\Software\Microsoft\SystemCertificates\Disallowed
Record Number: 1149
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090613174751.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: WIN-KN8H5TKTAMS
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 1148
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090613174751.000000-000
Event Type: Informationen
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 1147
Source Name: Desktop Window Manager
Time Written: 20090613174751.000000-000
Event Type: Informationen
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 103
Message: Windows (12) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 1146
Source Name: ESENT
Time Written: 20090613174607.000000-000
Event Type: Informationen
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.
Record Number: 1145
Source Name: Microsoft-Windows-Search
Time Written: 20090613174607.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: angie-lappi
Event Code: 4634
Message: Ein Konto wurde abgemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-7
Kontoname: ANONYMOUS-ANMELDUNG
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x22930
Anmeldetyp: 3
Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 1325
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.803600-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 4616
Message: Die Systemzeit wurde geändert.
Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: LOKALER DIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e5
Prozessinformationen:
Prozess-ID: 0x4d0
Name: C:\Windows\System32\svchost.exe
Vorherige Zeit: 19:47:51 13.06.2009
Neue Zeit: 19:47:51 13.06.2009
Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 1324
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.554000-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:
Antragsteller:
Sicherheits-ID: S-1-5-21-2067210464-2756668132-75422373-500
Kontoname: Administrator
Kontodomäne: WIN-KN8H5TKTAMS
Anmelde-ID: 0x2e6e4
Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 1323
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090613174751.039683-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 1322
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090613174751.616400-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-KN8H5TKTAMS
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-2067210464-2756668132-75422373-500
Kontoname: Administrator
Domänenname: WIN-KN8H5TKTAMS
Logon-ID: 0x2e6e4
Record Number: 1321
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090613174603.976883-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
08.09.2010, 02:11
| #9 |
| | nochmal skype/facebook trojaner :( pc fast tot.. hhm.. der rest kommt eher doch nicht  hab mir streichhölzer in die augen gepackt.... die 90 min durchgehalten die avira brauchte zum scannen... und nun? er zeigt mir den report nicht an *würg* ladekringel und dann nix.... bei allen programmen zur zeit das selbe kann nix öffnen - ladekringel und sobald der weg ist... stille und gähnende leere ich hoffe jetzt auf avira.. starte neu und hoffe, dass er die reports speichert^^ angie ___________________________________________________ meine freundin edit ich befürchte.. ich muss das morgen nochmal machen.. bin zwar an den report gekommen musste allerdings den lappi manuell aus machen.. da er nicht mehr runterfahren wollte... und der sound hatte sich davor auch noch verabschiedet hier der avira report *in der hoffnung, dass es das war was du wolltest^^* Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 8. September 2010 01:40
Es wird nach 2777015 Virenstämmen gesucht.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANGIE-LAPPI
Versionsinformationen:
BUILD.DAT : 9.0.0.422 21701 Bytes 09.03.2010 10:23:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 20.11.2009 18:51:50
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:51:50
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:51:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 21:17:52
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 20:51:36
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 04:20:45
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 14:58:00
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 00:17:13
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 01:13:35
VBASE008.VDF : 7.10.9.166 2048 Bytes 23.07.2010 01:13:35
VBASE009.VDF : 7.10.9.167 2048 Bytes 23.07.2010 01:13:35
VBASE010.VDF : 7.10.9.168 2048 Bytes 23.07.2010 01:13:35
VBASE011.VDF : 7.10.9.169 2048 Bytes 23.07.2010 01:13:35
VBASE012.VDF : 7.10.9.170 2048 Bytes 23.07.2010 01:13:35
VBASE013.VDF : 7.10.9.198 157696 Bytes 26.07.2010 01:13:31
VBASE014.VDF : 7.10.9.255 997888 Bytes 29.07.2010 01:13:43
VBASE015.VDF : 7.10.10.28 139264 Bytes 02.08.2010 01:13:50
VBASE016.VDF : 7.10.10.52 127488 Bytes 03.08.2010 01:13:55
VBASE017.VDF : 7.10.10.84 137728 Bytes 06.08.2010 01:14:03
VBASE018.VDF : 7.10.10.107 176640 Bytes 09.08.2010 01:14:11
VBASE019.VDF : 7.10.10.130 132608 Bytes 10.08.2010 01:14:15
VBASE020.VDF : 7.10.10.158 131072 Bytes 12.08.2010 01:14:22
VBASE021.VDF : 7.10.10.190 136704 Bytes 16.08.2010 01:14:33
VBASE022.VDF : 7.10.10.217 118272 Bytes 19.08.2010 01:14:43
VBASE023.VDF : 7.10.10.246 130048 Bytes 23.08.2010 01:14:56
VBASE024.VDF : 7.10.11.11 144896 Bytes 25.08.2010 01:15:03
VBASE025.VDF : 7.10.11.33 135168 Bytes 27.08.2010 01:15:09
VBASE026.VDF : 7.10.11.52 148992 Bytes 31.08.2010 01:15:23
VBASE027.VDF : 7.10.11.75 124928 Bytes 03.09.2010 01:15:38
VBASE028.VDF : 7.10.11.76 2048 Bytes 03.09.2010 01:15:38
VBASE029.VDF : 7.10.11.77 2048 Bytes 03.09.2010 01:15:38
VBASE030.VDF : 7.10.11.78 2048 Bytes 03.09.2010 01:15:38
VBASE031.VDF : 7.10.11.86 54784 Bytes 03.09.2010 01:15:38
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 31.07.2010 01:13:48
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 27.08.2010 01:15:09
AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 22:14:33
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 20:16:51
AERDL.DLL : 8.1.8.2 614772 Bytes 21.07.2010 01:13:25
AEPACK.DLL : 8.2.3.5 471412 Bytes 07.08.2010 01:14:06
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 22.07.2010 01:13:27
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 05.09.2010 01:15:41
AEHELP.DLL : 8.1.13.3 242038 Bytes 27.08.2010 01:15:07
AEGEN.DLL : 8.1.3.20 397684 Bytes 27.08.2010 01:15:07
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 20:16:49
AECORE.DLL : 8.1.16.2 192887 Bytes 21.07.2010 01:13:21
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 20:16:49
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 08.09.2009 16:03:58
AVREP.DLL : 8.0.0.7 159784 Bytes 18.02.2010 03:17:59
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:35:17
RCTEXT.DLL : 9.0.73.0 87297 Bytes 20.11.2009 18:51:50
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Mittwoch, 8. September 2010 01:40
Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '116450' Objekte überprüft, '0' versteckte Objekte wurden gefunden.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AmIcoSinglun.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '77' Prozesse mit '77' Modulen durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '48' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <sys>
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
Beginne mit der Suche in 'E:\' <privat>
Beginne mit der Suche in 'F:\' <rest>
Ende des Suchlaufs: Mittwoch, 8. September 2010 03:04
Benötigte Zeit: 1:24:32 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
23938 Verzeichnisse wurden überprüft
412455 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
412453 Dateien ohne Befall
6023 Archive wurden durchsucht
2 Warnungen
2 Hinweise
116450 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
_____________________________ nochmal edit wenn ich otl starte, das script eingebe und auf fix klicke, reagiert otl innerhalb von 3 sec nicht mehr, beendet mir den explorer und stellt den explorer auch nicht wieder her.. musste übern taskmanager runter fahren.. habs drei mal versucht.. jetzt geh ich ins bett.. in 2std klingelt der wecker versuche mich morgen nach der arbeit erneut dran guts nächtle und danke schon mal im voraus =D _____________________________ edit3^^ es ging dann beim 4ten mal doch^^ Code:
ATTFilter All processes killed
Error: Unable to interpret <:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live> in the current context!
Error: Unable to interpret <\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Me> in the current context!
Error: Unable to interpret <ssengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoint> in the current context!
Error: Unable to interpret <s2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found O33 - MountPoints2\{b1060838-5d3b-11df-b74a-> in the current context!
Error: Unable to interpret <001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "E:\Downloads\Picture-0002927.JPGwww.facebook.exe"=- :Files E:\Downloads\Picture-0002927.JPGwww.facebook.exe C:\Windows\nvsvc32.exe C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job :Commands [purity] [resethosts] [emptyflash] [emptytemp]> in the current context!
OTL by OldTimer - Version 3.2.11.0 log created on 09082010_033245
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Geändert von teny (08.09.2010 um 02:36 Uhr) |
|
08.09.2010, 13:57
| #10 |
| | nochmal skype/facebook trojaner :( pc fast tot.. mahlzeit nachdem ich gestern nacht einen "fatal error" beim laden der nachricht hatte und heute morgen das problem, dass sich wieder keine datei öffnen ließ, dank *hostprozess für winddof funktioniert nicht mehr* kommen jetzt erst die logs von gestern nacht aktuell geht nun der monitor von meinem laptop nicht mehr _________________ edit: problem gefunden.. kam ja nicht auf die idee, dass die logs zu lang sind -.- die neuen logs *erst einer, dann der andere^^* Code:
ATTFilter OTL logfile created on: 08/09/2010 03:37:38 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 164.57 Gb Total Space | 102.94 Gb Free Space | 62.55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE-LAPPI Current User Name: Angie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe PRC - [2010/08/18 03:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010/01/13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe PRC - [2010/01/13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009/08/06 00:01:32 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009/07/08 23:14:41 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009/04/15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009/04/15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009/04/11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/11 02:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/02/24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009/01/21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009/01/21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008/12/26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008/10/27 15:09:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008/10/27 12:05:24 | 000,346,672 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2008/10/24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe PRC - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008/03/18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007/01/02 12:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Modules (SafeList) ========== MOD - [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe MOD - [2009/04/15 16:18:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/01/13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/06 00:01:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/09/23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/03/18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2009/12/07 20:50:21 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009/05/11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/04/09 15:59:48 | 000,958,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/03/30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/03/26 01:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2009/03/11 02:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/02/21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009/01/28 09:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/12/05 08:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/12/02 23:48:18 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008/09/04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008/03/01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/01/31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/12/08 02:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006/12/08 02:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006/11/03 07:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.howrse.de" FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.2 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 22:00:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 22:00:09 | 000,000,000 | ---D | M] [2009/07/13 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions [2010/09/07 00:54:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions [2009/08/05 01:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010/05/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\FasterFox_Lite@BigRedBrent [2009/10/26 22:21:40 | 000,003,915 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\je3qjhb6.default\searchplugins\sweetim.xml [2010/09/07 00:54:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/02/20 14:58:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/02/20 14:58:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/02/20 14:58:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/02/20 14:58:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/02/20 14:58:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/08 03:25:52 | 000,000,000 | ---D | C] -- C:\_OTL [2010/09/08 01:24:20 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010/09/08 01:24:20 | 000,000,000 | ---D | C] -- C:\rsit [2010/09/05 19:44:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/09/03 16:33:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/09/03 15:33:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/09/02 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes [2010/09/02 23:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/09/02 23:38:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/09/02 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/02 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010/08/11 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Real [2010/05/12 00:41:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe99B1.dll [2009/06/14 04:12:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010/09/08 03:38:14 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT [2010/09/08 03:33:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/08 03:33:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/08 03:33:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/08 03:33:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/08 03:33:37 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2010/09/08 03:32:54 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/09/08 03:32:54 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/09/08 03:13:14 | 003,358,696 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db [2010/09/08 01:53:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job [2010/09/08 01:16:34 | 000,339,991 | ---- | M] () -- C:\Users\Angie\Desktop\RSIT.exe [2010/09/08 00:40:31 | 000,006,836 | ---- | M] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat [2010/09/06 20:37:48 | 000,000,880 | ---- | M] () -- C:\Users\Angie\Desktop\VLC media player.lnk [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/04 21:53:20 | 000,005,756 | ---- | M] () -- C:\Windows\8324.exe [2010/09/04 05:58:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job [2010/09/03 23:17:08 | 000,083,100 | ---- | M] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | M] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | M] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | M] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | M] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | M] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | M] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | M] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | M] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | M] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | M] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | M] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | M] () -- E:\Picture0009.jpg [2010/08/16 18:41:58 | 000,048,419 | ---- | M] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | M] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | M] () -- E:\Picture0006.jpg [2010/08/14 22:49:53 | 000,014,336 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/14 22:00:07 | 000,027,648 | ---- | M] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:20 | 000,089,480 | ---- | M] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini [2010/08/11 20:51:59 | 000,786,053 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:07:33 | 000,750,681 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:34 | 000,071,203 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:43 | 000,059,925 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:42 | 000,039,957 | ---- | M] () -- E:\Photo on 2010-08-11 at 14.34.jpg ========== Files Created - No Company Name ========== [2010/09/08 01:16:33 | 000,339,991 | ---- | C] () -- C:\Users\Angie\Desktop\RSIT.exe [2010/09/06 20:37:48 | 000,000,880 | ---- | C] () -- C:\Users\Angie\Desktop\VLC media player.lnk [2010/09/04 21:53:20 | 000,005,756 | ---- | C] () -- C:\Windows\8324.exe [2010/09/03 23:17:07 | 000,083,100 | ---- | C] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | C] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | C] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | C] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | C] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | C] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | C] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | C] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | C] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | C] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | C] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | C] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | C] () -- E:\Picture0009.jpg [2010/08/16 18:41:57 | 000,048,419 | ---- | C] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | C] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | C] () -- E:\Picture0006.jpg [2010/08/14 22:00:07 | 000,027,648 | ---- | C] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:19 | 000,089,480 | ---- | C] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/08/11 19:06:10 | 000,786,053 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:06:10 | 000,750,681 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:33 | 000,071,203 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:42 | 000,059,925 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:41 | 000,039,957 | ---- | C] () -- E:\Photo on 2010-08-11 at 14.34.jpg [2010/02/15 11:45:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/01/15 19:08:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/14 05:06:55 | 000,277,248 | ---- | C] () -- C:\Programme\kinginstaller.exe [2009/08/06 14:35:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2009/08/04 06:10:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/04 05:19:04 | 000,014,336 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/09 16:59:07 | 000,006,836 | ---- | C] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat [2009/07/08 23:56:11 | 000,000,000 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\wklnhst.dat [2009/06/14 04:02:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009/06/14 04:02:34 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009/06/13 19:41:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009/06/13 19:29:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009/06/13 19:29:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009/03/12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009/03/12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009/02/11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009/02/11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009/02/11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009/07/08 23:49:11 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.# [2009/03/12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Acer GameZone Console [2010/02/15 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited [2009/07/08 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eSobi [2010/07/09 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ [2009/07/08 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PowerCinema [2010/06/30 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\RagTime [2009/07/08 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftDMA [2010/05/12 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony [2010/05/12 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony Setup [2009/07/08 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Template [2010/09/08 03:32:56 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Geändert von teny (08.09.2010 um 14:10 Uhr) |
|
08.09.2010, 14:08
| #11 |
| | nochmal skype/facebook trojaner :( pc fast tot.. hier der zweite Code:
ATTFilter OTL Extras logfile created on: 08/09/2010 03:37:38 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 102.94 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002253FB-8111-493F-8D8C-4FE66B903955}" = rport=138 | protocol=17 | dir=out | app=system |
"{19BD3B49-4960-46E2-BFDF-26630FA2FEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A5C067B-8408-48B3-BA04-97BDF48F64E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6EB95F-08A1-4B60-91A4-478E3E712762}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1C2EA5E6-527D-487A-AED6-6294BBA02018}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FAEDC48-8C84-454C-9D6E-362F2A31CF19}" = rport=137 | protocol=17 | dir=out | app=system |
"{205AA3E9-878C-42FD-A9C8-027C00994362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41A06BD5-2397-402A-9173-3A9252D0D841}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46996488-4F91-4353-AE7A-257708BF6C23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46EA0D08-1753-4C43-91E3-A4FC6DFB18A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B0B4E6C-CA7C-4279-9F94-27BBA5354CBC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{548CB954-9003-4906-9103-309F5F9CDEC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56ED778A-FCE6-42EF-ADB2-6F3B2E5AC918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AC8DFF5-14F5-41EE-98A8-0C850DF292FE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{64C1142C-9E37-406E-ABAB-8ACCFCC91820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65BC738A-B27D-4B97-B1CB-F4AB37E74E2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{67A9AC51-01DF-4C14-8C8F-EA54202531A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A61EEC-8F86-44CF-9BF8-E33B445B2CFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF5F8B7-61E9-47C9-8D16-1E50F81DEA2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81794BB4-902C-4831-AB14-74DC7FB50E3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A3F5F3-1877-46F2-BC12-5C5A5EAF93C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{870738C7-122C-48A8-9714-D8CCA4AB7F8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C573BB4-FC4F-481C-BB91-344957B18386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A72222D-BB2B-4EB5-8E66-0C2F4A232D34}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0B5B23E-A394-4B78-95A0-1C6A7ECF8503}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0FC8839-3101-4A32-870A-5624DC32E59A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A463C226-CDB2-4BAF-8FD3-845CA09207B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C69A10-A922-44A1-AF2D-A2DEB45300DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE8E3522-7288-4F7F-B9E4-E558B7B7ED58}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC8396A3-72E6-4CD7-8021-B0A954D6F312}" = rport=139 | protocol=6 | dir=out | app=system |
"{E54A7353-CB4B-4939-813E-330BB4618509}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6F1BC5F-C0D7-49FC-9988-497B96F1D87C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF6CDA77-88FF-43FA-81C8-B843F5223134}" = lport=139 | protocol=6 | dir=in | app=system |
"{F268246E-4232-4F19-98D8-C94EF25708CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F731B571-7547-4C5C-A03F-D840FCC01763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00966F49-96FF-4F32-8B31-C9FCAE5AF1C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00AC1766-45AD-46AC-9A7E-901F9A6BEA7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01B01350-67C5-47C9-9383-5B94B3C26C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02DF2DB2-B260-4119-AB7E-C402FC9C4741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{038B6C9D-2A2E-4B5B-9666-27823ACB66DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05097973-C81F-47FD-88B0-9DF9417DBA98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06A089F2-2C10-4A88-AE04-10E7510B804C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06DEEC60-AD69-495F-A40F-90174896742C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A1CB352-B9DF-48E7-9CD3-F4A49C081DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ACAE191-2E5A-4BAC-B648-7FC724E380DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AE27C66-95C3-4C67-A571-0B9C3C6517B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B243332-640B-4B4F-B853-781D52482084}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C62C1FD-728F-4BEF-B023-27F3DEFB5505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DB7E2A4-8B3F-4905-9661-E7E592570948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E2510B3-80D4-4DF4-8B6A-07F5295AD4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ECCC38C-D509-41D3-A302-7CCEE51EBABA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{0FC430C0-8271-4AD2-B1B4-58F8F824A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12BEEE10-E77C-4170-B738-23BB132485E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12FEA2B0-8080-43E6-9220-7E69341EACAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14796318-4573-4EC3-B6BF-AFEB1D92CCF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15179141-B0E4-48AF-902A-DBFB15E8B89E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{173EF7A9-C6B7-4989-AEA6-6A10EA8BB00B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1944BF22-ABD2-42C1-8E56-8160F95C6DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A20ABAF-42A3-40EF-94FE-D9C72FDA87FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AFE5958-A700-4DEA-B42C-0DEDD4E0E664}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B558AEC-04CE-4D04-ACA4-718D96984345}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20734789-895C-4A22-BD29-657B914554B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A1B0A8-B20A-4267-AB0F-836FDC7573BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21911FFC-2D78-448F-B458-E0806B1C2AD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2209900A-1353-4D99-89CA-CD089F61FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23527E07-0245-4FCE-9266-8F2FCCB093FC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{23B5A813-957D-4C0F-B7BA-3AB9220AEEF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23C567C9-EA64-406B-AF35-26975A931C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24F9BFE8-7715-4DA8-AC39-FE37229D5174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{294F02E8-E669-4380-9262-A925034ADD7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A000E8D-D5A0-44EE-9136-24FF29B6A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AAAA09B-2321-46E8-8F97-E8D5BC5B9D71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AB3F2AE-4DE5-466F-91A1-6F22A11DBC80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B1685A2-E789-4488-A618-4E3EE05ECF78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B18465E-979D-47A0-BE1F-7F4F71FA1BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1F2A62-674A-46EF-BF69-7D8732F37585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D2B0AC6-3697-4919-8DB8-0253D894878F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EE9D84E-4503-4FD3-ABC8-01BD3B9717E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3354CB6E-CA89-42D3-B283-46E435A1791D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33576203-4FE0-43B5-B04E-7325E7F30FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36E945EC-E1C5-4468-9D3D-F3210EB94393}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{372C6BDC-0E4A-4BE5-A1C5-CD024217FDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{399B34A0-9587-47E4-A833-EABD2C0BD8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AD901E8-BED7-4F36-BA43-09AEACAC923C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{3BB7ED2C-0C1F-426E-8CAB-9B81F68ABAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C909559-0330-48ED-BBEB-D210A5594911}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D31B782-6DA6-47F8-96E7-0551A6750C88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EFAEBF1-9967-4030-AC39-14B7E35553E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F1E37A4-CB79-4693-9886-7C82504D2173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F25CD5F-6A5B-4924-B3B9-2240A8CA48D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F4E4B58-96D5-4A47-BF9C-7CCA950D5E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{410DA5AC-DB88-4EA1-AFFF-0259AEB21832}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{423C276C-BA6B-4517-8EF9-BB52B1302025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{425463A4-5295-4567-8C76-BB194AC59E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F9DE61-8C32-4167-9667-F20ECF7B512E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46CE3B86-AF71-4C98-ADEB-7979C4FB93F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470F99BE-FD69-406B-AA07-74CDF177C678}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A28905B-25FD-4DE8-8158-C084C80D64FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AB8BD5A-DBD2-4C77-BAEE-A710F346E067}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AEFFE5E-ED7B-4195-8038-73324C8C94A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C5CE82B-0AB1-417E-949B-CAA93B4329B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EF3B4FA-702D-41B0-B739-E3706471CA24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA5AE56-3236-421E-8DFC-74B837509C10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E1832B-2233-414B-8653-CDBBA7AB3424}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5310B265-55B9-4429-BD19-6D46995988E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{540E9C19-CEAE-47E4-A021-5682D23CDCEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C65328-84C7-4CAA-BE96-FDD855E8F087}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{555C9C64-5CEF-42FB-8CED-BC4E048A158F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55CFF8D5-768C-4406-AE55-FCDF4971D3B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55F47EF4-708D-4F70-9D06-7C5A0CDA6B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5AC5F67F-E889-4605-9018-DA5AEB346C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D1D19F6-4586-4E99-855C-E0F0B06D148C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F85D6F9-075B-4188-B58E-A89A1EEB8CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6159FA66-6E24-483A-B1F0-1D5BC45A4E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61800C7F-E6B4-4985-8124-D5A8200D0443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{619AE4B3-ACD5-47C2-A390-7E56063FA9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61E31FF2-FE76-48F9-BE5F-D2CFED3EFE23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61F2FBD8-65DC-4EC5-AE80-424F2D4530CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{663847B5-D5D5-468A-932C-56EC929BE32C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67E84425-56A5-4C22-9A2E-FACC85130568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67F51BDB-4B82-41B0-AB8F-9667D20E02AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{695054EB-2CB4-4BF0-BA51-CA3145E9ACAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A4BD658-B25F-4252-ABF7-C1E6F125A06D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A609438-6FDB-4A55-99F9-CA9BD7B64C01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C49262D-93A6-4D56-8F5F-7A917F7D7848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D3D0CE4-9F42-483D-BB0E-0D57CB17C478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D417D9D-AD11-4B5D-B80C-C4A433745C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6ED0606F-5CD0-468F-993B-A237B96F9682}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7072DD3C-366B-44C3-83C4-EACCF2E730F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72BF4C9F-B512-4E70-94A4-AB9FB74AFD6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{748C40C6-F247-4C3E-A84D-F3AFB0CC81BF}" = protocol=6 | dir=out | app=system |
"{760C0A94-DB46-4F56-BBE0-2F948A3F1CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{790F72A1-1D05-4393-9961-DD760919E575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CAA0DF9-432B-49EE-AB73-3A99D1BF12C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EFCE4E6-3EDB-4E81-9BC3-D2E87FE04E98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80BA43BB-2B6D-4123-AE41-CD37E97405BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81FA4485-370D-4BEC-9F93-C06EC7EE902C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82EA1A71-1048-4A8F-8623-C9CAB8601B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8402320C-F2B1-4124-BA73-BF947B24E803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87095435-7B7E-4829-9E4F-6713BA7C89D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8744B6E1-B9BA-4D77-B73F-981915444355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D6A64B-FF41-4ED7-82F9-973BC1FE1DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88EA246D-FF7A-4C19-8DA3-6C0ED3B130EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B33C7A5-E952-4F93-9FCB-D0C373BC3293}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B795094-33A6-4BA4-BA81-FD24A040B1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8D83B621-8E53-4832-80B0-81C75F1D06A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E32ED12-756E-4686-AF5F-7907E588BEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EF50985-CA3C-4C1A-BE87-D81B01BBD4D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F389412-BCC8-4D2E-9616-FD8FF4E63878}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FDD07C3-CEB6-4EA8-A6A4-356F43B65F96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92CF269B-6A09-48F0-89FA-D9D4FEDEA6E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{930DD5A3-A5DC-4760-9868-D095CA7AF750}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{933365E6-E43F-455F-AF32-29566228A932}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97BC41E2-F117-4EA5-813B-A4C89AF7DD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A027706-8028-4171-AC71-F42697BFEDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A88FDEA-6CEA-4F90-AA4F-266431D1E84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B3E36F7-741D-4881-8470-52510F170302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B5D0C6A-CB1C-4417-ABED-874C32FE90EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C9111C7-479C-4E9C-8B04-4C3389ED945C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CEFCD46-5D70-4115-B3C9-9697177ACAA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1CFE-3F81-4E1F-9D6B-514E1DDCDED5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EB9CEBE-698B-4280-A2F8-97928CA8555B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F8D7A15-E3A9-40F4-94BB-9994737E03CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A00CCEFD-C8BD-48D3-946F-ACBE0A5B24C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A260D41F-DE29-44E8-B8CC-326E6E647175}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3FB3839-B73C-4D0A-80C3-82B94AE6ACB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8352E8B-9E48-4CE2-8A9C-4B10EF509705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABF718D2-25BE-4FBB-8FD5-3615BD3A0A24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACE0BE68-F64B-48A5-BD20-78A51C83DC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B0D0C236-E391-4091-AA8F-55A203AB488D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1F2FB23-5810-41BE-A48C-835BCB5285EF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B2807599-1B42-41EE-BB96-CE8029863816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B28B1248-0E20-410A-BCA3-80C7152A4C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B41FE0C8-4763-447A-B6E2-04DA1A23E31B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5A5CA62-4A34-41BB-89BA-2149E8103405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8EDE7FF-97B8-40F5-96D8-21D356CA356A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B93E6D8B-3E54-4248-B90B-AE41DE84D512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B97364EC-ECE5-4AB6-B6EF-5352B072306A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9DB2248-4913-4D2E-B057-EC910A885275}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BA682CD8-3870-4BBD-9E4A-39C4859F5176}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB8E4DAE-7295-4B64-B3E0-BBC4086C8336}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD20BE07-1257-417C-B737-461CE4A265CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD72969E-0B48-4FDC-8075-BDC20E31CD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE373EBE-DC57-470B-BB8C-83162A987875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C0EA2EE0-C701-42AB-B5F1-070F58AF0702}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C434F41E-D532-4396-B4E5-E04924ABB2AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6F0EF84-A30E-485C-ABCA-86D0FD43089A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7BFB823-DB3F-4F80-AD9B-544EF9B5714F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CA37F058-3774-4EEE-A546-A0FA93BE704A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CABC44DD-281E-4BFA-8483-359A2321C620}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB4C0250-A5C9-485A-BD81-C3917247122F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBED2B53-8EE7-4722-A551-3BD26A360368}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBF61C91-2513-439E-83E4-DA615ECC87C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC4ABCCB-7956-4A42-8CAA-D5B2728A3616}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDEC9F74-8BFF-4E97-8810-58321BC52AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2914453-D1C6-4589-9D6C-AC975685692F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D603291E-E047-4562-A057-DA9361D2E174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F4CC75-F859-4F03-8E1A-1D5D4B61A09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7BA6583-97F5-413D-A96B-ABE5417B4A68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA84622D-D6C8-412C-AC31-8EF4592E88BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF02180-DEFF-442C-9C9E-ABE49146D8D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBA9A40C-5D9B-4C93-B6E1-8F9215BBB763}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDC5A573-E0FE-425F-9DE3-09B02BEC25D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD53577-41B3-4983-A138-B990C82EC949}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFC12F3B-FBDF-40F3-9757-60B5450DE5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E019B3C0-38CA-4748-A1CD-6BCEC181BE29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E13C2D1A-72DF-422A-97BF-5B154218C7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E34A0187-0195-4BAA-891A-5BE92AAC9E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E71ABA41-55D5-4814-B9BC-A659EB35A81D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8EC6E04-149E-4A25-AC78-9D2054A98577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9ADE639-3444-4F18-8FD1-88F740605114}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9EBA9F8-ED13-44EF-AFE4-A3B2F7EBA0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA5283B1-06ED-4FA5-8330-79CE22AB856D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDEDCB27-8BC5-4782-AF56-83E8DDB8782C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3968EB-2FF2-4F8D-A194-4222700CDE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F00AB028-3991-44B0-8670-496CF7A5DCE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0DD0882-94C9-47D7-9303-EF5F19A28C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1742235-836C-440C-A575-25E3F2A23B35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A4CAFE-55B0-4235-8D30-2F1611C09805}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA349256-62AB-4628-9D27-AF6A71CFB4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB478DF5-7EB7-471F-8265-37D5BA6247D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC697F3E-FB1B-4FB7-A6EF-DE7D8244F7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA278E4-9FB8-4102-ABFB-6A686FB8ECE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAA49D4-9EF1-4933-820C-A098BA9F903F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE6BDB79-B8E3-4018-AB09-DCEBE80D6778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{452FA0D7-E6B5-490B-A114-138B076DDE60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{717575D6-7316-4A0A-A073-C6D3693018CD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8DE3DC45-72D3-4477-8388-BCAE7F396D40}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"TCP Query User{A4515D09-015C-4944-A1DF-AA369B565ACC}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{A5977D0A-52F5-43C9-8957-D7332C5015B3}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{C34A31D8-1D36-4E3A-B90A-9395A4A01D56}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D9558383-6142-4F64-AED2-5FB636A7335A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{EC12E8AC-B9A3-43E4-A573-4FD5CF0C0CAE}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0EDF8570-E9FD-4AB1-8E07-B37F4F8C8C54}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3E8AEC1D-A00D-4A1F-808C-1F5D1F8BBA30}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"UDP Query User{43A72232-85A2-41C5-84D8-7CC67B693088}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{646FBF5E-DA06-4310-8284-D8A2FE0C01B8}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{AA1BE46D-0805-4C59-944D-A2EAD914B27A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B22784E9-8714-497B-B27C-5BDBFDE88AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D474BDE0-C138-463D-B907-0286696FA73E}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{EA4F24EC-4C69-40FE-B387-F4EE69190DC1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B836CE46-F408-4DD4-9F65-0CE6937CF470}" = Dungeon Lords
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PicSizer" = PicSizer
"RagTime Privat" = RagTime Privat
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01/07/2010 11:14:48 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 02/07/2010 02:54:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 02/07/2010 03:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 02/07/2010 04:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 02/07/2010 05:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 02/07/2010 09:03:49 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 04/07/2010 01:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 04/07/2010 02:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 04/07/2010 03:53:05 | Computer Name = angie-lappi | Source = Google Update | ID = 20
Description =
Error - 04/07/2010 16:12:32 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20/11/2009 17:25:46 | Computer Name = angie-lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 07/09/2010 19:20:41 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 07/09/2010 20:57:09 | Computer Name = angie-lappi | Source = DCOM | ID = 10010
Description =
Error - 07/09/2010 21:17:41 | Computer Name = angie-lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.09.2010 um 03:15:26 unerwartet heruntergefahren.
Error - 07/09/2010 21:18:58 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2010 21:18:58 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2010 21:18:59 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 07/09/2010 21:25:52 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7034
Description =
Error - 07/09/2010 21:34:45 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2010 21:34:45 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2010 21:35:00 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
< End of report >
irre ich mich, oder sehen die im allgemeinen schlimmer aus, als die ersten? gg angie |
|
08.09.2010, 18:53
| #12 | |
| | nochmal skype/facebook trojaner :( pc fast tot..Zitat:
Egal, hier das Ergebnis der Analyse von VT: Code:
ATTFilter File name:
8324.exe
Submission date:
2010-09-08 17:38:25 (UTC)
Current status:
finished
Result:
1/ 42 (2.4%) VT Community
not reviewed
Safety score: -
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.08.02 2010.09.08 -
AntiVir 8.2.4.50 2010.09.08 -
Antiy-AVL 2.0.3.7 2010.09.08 -
Authentium 5.2.0.5 2010.09.08 -
Avast 4.8.1351.0 2010.09.08 -
Avast5 5.0.594.0 2010.09.08 -
AVG 9.0.0.851 2010.09.08 -
BitDefender 7.2 2010.09.08 -
CAT-QuickHeal 11.00 2010.09.08 -
ClamAV 0.96.2.0-git 2010.09.08 -
Comodo 6014 2010.09.08 -
DrWeb 5.0.2.03300 2010.09.08 -
Emsisoft 5.0.0.37 2010.09.08 -
eTrust-Vet 36.1.7842 2010.09.08 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.08 -
Fortinet 4.1.143.0 2010.09.08 -
GData 21 2010.09.08 -
Ikarus T3.1.1.88.0 2010.09.08 -
Jiangmin 13.0.900 2010.09.08 -
K7AntiVirus 9.63.2470 2010.09.08 -
Kaspersky 7.0.0.125 2010.09.08 -
McAfee 5.400.0.1158 2010.09.08 -
McAfee-GW-Edition 2010.1B 2010.09.08 -
Microsoft 1.6103 2010.09.08 -
NOD32 5435 2010.09.08 -
Norman 6.06.05 2010.09.08 -
nProtect 2010-09-08.01 2010.09.08 -
Panda 10.0.2.7 2010.09.08 -
PCTools 7.0.3.5 2010.09.08 -
Prevx 3.0 2010.09.08 -
Rising 22.64.02.04 2010.09.08 -
Sophos 4.57.0 2010.09.08 -
Sunbelt 6847 2010.09.08 -
SUPERAntiSpyware 4.40.0.1006 2010.09.08 Rogue.Agent/Gen-Nullo[EXE]
Symantec 20101.1.1.7 2010.09.08 -
TheHacker 6.7.0.0.010 2010.09.08 -
TrendMicro 9.120.0.1004 2010.09.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.08 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.08 -
VirusBuster 12.64.23.0 2010.09.08 -
Additional information
Show all
MD5 : 29f3af01d98a75a5a4ceb1693601bde9
SHA1 : aced82c691641146057e3a1e69edf7347ca18875
SHA256: 874cfe165d4d494d7e6b61d3fa5c18483f5204f0366d003e607d5d8892ac3a9e
ssdeep: 96:sbyVlBXkwpwymtVYh2/jXiAk3iD/mmOhvhUb37F7OGw5:sIjUwpwym0h2/jXiAk8/l+pC37F
7OB
File size : 5756 bytes
First seen: 2010-07-03 00:48:03
Last seen : 2010-09-08 17:38:25
TrID:
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
[Zynismus]Da ich hier noch immer Tipps lesen muss, wie NIS ist der ultimative Schutz, würde ich vorschlagen noch zusätzlich Kaspersky Internet Security zu kaufen und installieren und dann noch Panda Cloud Antivirus und noch Zonealarm, denn damit seid ihr wirklich sicher.[/Zynismus] Da nur einer ihn erkennt, setzen wir den als nächstes ein (erspart mir das Skripten). Poste das Log von SASW => http://www.trojaner-board.de/51871-a...tispyware.html ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.09.2010, 07:48
| #13 |
| | nochmal skype/facebook trojaner :( pc fast tot.. morgen hhm .. dabei hatte ich das script doch laufen lassen.. naja.. nun hier den log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/09/2010 at 08:46 AM
Application Version : 4.42.1000
Core Rules Database Version : 5476
Trace Rules Database Version: 3288
Scan type : Complete Scan
Total Scan Time : 01:53:55
Memory items scanned : 853
Memory threats detected : 0
Registry items scanned : 8366
Registry threats detected : 0
File items scanned : 163008
File threats detected : 60
Adware.Tracking Cookie
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@atwola[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tracking.mindshare[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.adc-serv[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@sevenoneintermedia.112.2o7[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@eas.apm.emediate[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@go.dynamic-tracking[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@zanox[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adserver.71i[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@doubleclick[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.yieldmanager[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adservercentral[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@imrworldwide[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@webmasterplan[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@smartadserver[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tele2de.112.2o7[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@content.yieldmanager[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@atdmt[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tradedoubler[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.yn-ads[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@tracking.quisma[3].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@zbox.zanox[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@statse.webtrendslive[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@shop.zanox[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@weborama[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@track.adform[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adtech[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@unitymedia[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@de.adserver.yahoo[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@content.yieldmanager[3].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.adnet[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@apmebf[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad1.king[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@mediaplex[2].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@msnportal.112.2o7[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@adfarm1.adition[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@ad.porta.eol[1].txt
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Cookies\angie@advertising[1].txt
adserv.quality-channel.de [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
adtech.panthercustomer.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
akamai.smartadserver.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
bc.youporn.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
cdn1.eyewonder.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
cdn4.specificclick.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
cdn5.specificclick.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
hottraffic.nl [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
imagesrv.adition.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
media1.break.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
objects.tremormedia.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
oddcast.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
s0.2mdn.net [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
secure-us.imrworldwide.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
static.youporn.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
www.sexkiste.com [ C:\Users\Angie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VGZ9A7T7 ]
s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TXB6RPPN ]
Trojan.Agent/Gen-Falint
C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EYNBO517\DCOM32[1].EXE
C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PNVM3FFZ\DCOM32[1].EXE
C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\RYG0BMEH\DCOM32[1].EXE
C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\RYG0BMEH\DCOM32[2].EXE
C:\USERS\ANGIE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YDZ03FH0\DCOM32[1].EXE
Rogue.Agent/Gen-Nullo[EXE]
C:\WINDOWS\8324.EXE
der hat ja im gegensatz zu den anderen was gefunden^^ |
|
09.09.2010, 15:52
| #14 |
| | nochmal skype/facebook trojaner :( pc fast tot.. Deinstalliere SuperAntiSpyware (hat seinen Dienst getan). Weiter mit Kontrollscans von: 1.) Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer. Vorbereitung
ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
2.) Kaspersky - Onlinescanner Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware. ---> hier herunterladen => Kaspersky Online Scanner => Hinweise zu älteren Versionen beachten! => Voraussetzung: Internet Explorer 6.0 oder höher => die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter => Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken => Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als => Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten => Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen 3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
10.09.2010, 10:24
| #15 | |
| | nochmal skype/facebook trojaner :( pc fast tot.. huhu jetzt mal den ersten teil der logs^^ heute nacht konnt ich die augen nimmer offen halten Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e71c9a87acae3b43a18fba3ad5e41ad8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-10 03:42:50
# local_time=2010-09-10 05:42:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Ireland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 182886 182886 0 0
# compatibility_mode=1797 16775165 100 100 0 59600075 428204 0
# compatibility_mode=5892 16776574 100 95 20510911 121617496 0 0
# compatibility_mode=8192 67108863 100 0 112 112 0 0
# scanned=175042
# found=11
# cleaned=3
# scan_time=5402
C:\Outlook Express\Gesendete Objekte.dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\42f82403-3cfba5a5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1c4f3634-4898e157 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\Sonstiges\mailkontos backup\08-10-07\Microsoft\Outlook Express\Gesendete Objekte (1).dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
E:\Sonstiges\mailkontos backup\08-10-07\Microsoft\Outlook Express\Gesendete Objekte.dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
E:\Sonstiges\mailkontos backup\09-12-07\Microsoft\Outlook Express\Gesendete Objekte (1).dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
E:\Sonstiges\mailkontos backup\09-12-07\Microsoft\Outlook Express\Gesendete Objekte.dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
E:\Sonstiges\mailkontos backup\16-01-08\Outlook Express\Gesendete Objekte (1).dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
E:\Sonstiges\mailkontos backup\16-01-08\Outlook Express\Gesendete Objekte.dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
F:\downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\reste\mails\{3AB7BE4B-D1A8-4CBF-8724-B03A39858301}\Microsoft\Outlook Express\Gesendete Objekte.dbx probably a variant of Win32/TrojanDownloader.Agent.HJHBXSF trojan (unable to clean) 00000000000000000000000000000000 I
 er gibt mir als country immer irland an? nicht dass es mich stören würde *kicher* aber ich bin seit .. öhm...8 monaten nicht mehr in irland =D ________________________________ edit: PrevXCSI hat nix gefunden und kaspersky... Zitat:
Geändert von teny (10.09.2010 um 10:39 Uhr) |
|
| Themen zu nochmal skype/facebook trojaner :( pc fast tot.. |
| 0x00000001, agere systems, alternate, antivir, autorun, avgntflt.sys, avira, cdburnerxp, components, corp./icp, error, excel, excel.exe, failed, firefox, flash player, fontcache, format, google chrome, home, home premium, iastor.sys, install.exe, launch, local\temp, location, locker, logfile, maleware, media center, monitor, mozilla, mywinlocker, national, nvstor.sys, oldtimer, otl.exe, plug-in, problem, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, services.exe, shell32.dll, skype.exe, software, staropen, svchost.exe, trojaner, udp, uiexec.exe, vlc media player, windows |
.
drücken.
Button.
Linear-Darstellung
