| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: nochmal skype/facebook trojaner :( pc fast tot..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
05.09.2010, 19:08
| #1 |
 |  nochmal skype/facebook trojaner :( pc fast tot.. hallo  bin durch die googlesuche auf euer forum gestoßen und dachte mir, ich versuche es dann einmal hier^^ es kann ja nur besser werden vor etwa 2 *öhm* tagen habe ich netterweise im skype einen link erwischt ( de klassischen facebook, bla bla..) anstatt das fenster zu schließen. er lud *ohne abfrage* etwas runter und installierte es netterweise direkt. ich ließ maleware durchlaufen, er fand nichts, alles ok dachte ich .. *dumm* im gegensatz zu allen anderen, die das problem bisher hier hatten, verschickt er bei mir die links nicht weiter, leider spinnt jetzt aber der pc.. neuerdings massiv. zuerst nur der skype, mittlerweile geht der mediaplayer, winamp, mailproggi und sonstiges nicht mehr. mein FF zickt auch rum, selenium geht gar nimmer, die anzeige der programme verändert sich und es wird recht nervtötend.. edit 19:45 : nun ist es so schlimm, dass mir weder programme noch ordner direkt geöffnet werden, ich bekomme generell nurnoch den geliebten ladekringel und die meldeung, das programm reagiert nicht.. etwa 5 min später öffnet sich dann der ordner.. programme wie windoof mail oder ff funktionieren gar nicht mehr ich war dann mal so frei mir den tip von john.doe zu herzen zu nehmen.. also ab zu " für allen neuen" gelesen und punkt 2, alternative b abgearbeitet  edit 19:50 ordner schließen geht auch nicht mehr.. programm reagiert nicht, wenn er dann schließt, schließt er direkt den explorer mit.. nurnoch HG bild.. neu herstellen des desktops sieht nun auch komisch aus und anders (windows98 startleiste und nettes grau) 19:53.. desktopsymbole wieder da rechtsklick auf otl bringt ladekringel, erneutes explorer regaiert nicht fenster, neu aufbau des desktops ______________________________________ ich nutze einen acer laptop.. dankenswerter weise mit windoof vista OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05/09/2010 19:55:53 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE-LAPPI Current User Name: Angie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Angie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe () PRC - C:\Programme\Mobile Partner Manager\UIExec.exe () PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Angie\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Angie\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe () SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.howrse.de" FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.2 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 22:00:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 22:00:09 | 000,000,000 | ---D | M] [2009/07/13 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions [2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions [2009/08/05 01:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} [2010/05/15 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\je3qjhb6.default\extensions\FasterFox_Lite@BigRedBrent [2009/10/26 22:21:40 | 000,003,915 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\je3qjhb6.default\searchplugins\sweetim.xml [2010/09/03 19:27:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/02/20 14:58:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/02/20 14:58:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/02/20 14:58:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/02/20 14:58:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/02/20 14:58:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b1f5-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{2fb9b208-6faf-11de-99e7-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d8-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{4cd062d9-891c-11de-ab89-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128225-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{5c128226-85a5-11de-9bb2-001f16a8d688}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{94529843-109b-11df-b29d-001f16a8d688}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{a761567b-7289-11df-b5ae-001f16a8d688}\Shell\AutoRun\command - "" = G:\Install.exe -- File not found O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell - "" = AutoRun O33 - MountPoints2\{b1060838-5d3b-11df-b74a-001f16a8d688}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/05 19:44:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/03 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/09/03 16:33:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/09/03 15:33:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/09/02 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes [2010/09/02 23:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/09/02 23:38:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/09/02 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/02 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real [2010/08/11 23:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010/08/11 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Real [2010/05/12 00:41:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe99B1.dll [2009/06/14 04:12:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010/09/05 19:52:25 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT [2010/09/05 19:44:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe [2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/05 18:14:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/05 16:14:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/05 16:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/05 16:14:07 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2010/09/05 16:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/09/05 16:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/09/05 16:12:47 | 003,513,796 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db [2010/09/05 08:53:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000UA.job [2010/09/04 21:53:20 | 000,005,756 | ---- | M] () -- C:\Windows\8324.exe [2010/09/04 05:58:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067210464-2756668132-75422373-1000Core.job [2010/09/03 23:17:08 | 000,083,100 | ---- | M] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | M] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | M] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | M] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | M] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | M] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | M] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | M] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | M] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | M] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | M] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | M] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | M] () -- E:\Picture0009.jpg [2010/08/16 18:41:58 | 000,048,419 | ---- | M] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | M] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | M] () -- E:\Picture0006.jpg [2010/08/14 22:49:53 | 000,014,336 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/14 22:00:07 | 000,027,648 | ---- | M] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:20 | 000,089,480 | ---- | M] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | M] () -- C:\Windows\cdplayer.ini [2010/08/11 20:51:59 | 000,786,053 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:07:33 | 000,750,681 | ---- | M] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:34 | 000,071,203 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:43 | 000,059,925 | ---- | M] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:42 | 000,039,957 | ---- | M] () -- E:\Photo on 2010-08-11 at 14.34.jpg ========== Files Created - No Company Name ========== [2010/09/04 21:53:20 | 000,005,756 | ---- | C] () -- C:\Windows\8324.exe [2010/09/03 23:17:07 | 000,083,100 | ---- | C] () -- E:\Anke_Wischer_Digitalfunk.htm [2010/09/03 16:33:38 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/09/02 23:38:32 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/02 08:49:57 | 000,002,306 | ---- | C] () -- C:\Windows\mdll.dl [2010/08/29 09:05:35 | 000,038,684 | ---- | C] () -- E:\246 bus alles.pdf [2010/08/27 19:54:24 | 000,042,477 | ---- | C] () -- E:\184 bus.pdf [2010/08/27 19:44:55 | 000,037,667 | ---- | C] () -- E:\246 bus.pdf [2010/08/16 18:55:47 | 000,014,585 | ---- | C] () -- E:\ich neu.jpg [2010/08/16 18:44:50 | 000,045,110 | ---- | C] () -- E:\Picture0015.jpg [2010/08/16 18:44:48 | 000,045,128 | ---- | C] () -- E:\Picture0014.jpg [2010/08/16 18:44:08 | 000,047,470 | ---- | C] () -- E:\Picture0013.jpg [2010/08/16 18:43:05 | 000,047,890 | ---- | C] () -- E:\Picture0012.jpg [2010/08/16 18:42:57 | 000,047,959 | ---- | C] () -- E:\Picture0011.jpg [2010/08/16 18:42:22 | 000,047,671 | ---- | C] () -- E:\Picture0010.jpg [2010/08/16 18:42:12 | 000,047,683 | ---- | C] () -- E:\Picture0009.jpg [2010/08/16 18:41:57 | 000,048,419 | ---- | C] () -- E:\Picture0008.jpg [2010/08/16 18:41:01 | 000,046,650 | ---- | C] () -- E:\Picture0007.jpg [2010/08/16 18:40:52 | 000,046,832 | ---- | C] () -- E:\Picture0006.jpg [2010/08/14 22:00:07 | 000,027,648 | ---- | C] () -- E:\Marathon_OV Nordwest.xls [2010/08/14 02:07:19 | 000,089,480 | ---- | C] () -- C:\Users\Angie\Desktop\tauben.jpg [2010/08/12 02:15:32 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/08/11 19:06:10 | 000,786,053 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00031.JPG [2010/08/11 19:06:10 | 000,750,681 | ---- | C] () -- C:\Users\Angie\Desktop\DSC00032.JPG [2010/08/11 18:26:33 | 000,071,203 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.36 #4.jpg [2010/08/11 18:24:42 | 000,059,925 | ---- | C] () -- E:\Photo on 2010-08-11 at 15.39.jpg [2010/08/11 18:21:41 | 000,039,957 | ---- | C] () -- E:\Photo on 2010-08-11 at 14.34.jpg [2010/02/15 11:45:16 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/01/15 19:08:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/14 05:06:55 | 000,277,248 | ---- | C] () -- C:\Programme\kinginstaller.exe [2009/08/06 14:35:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2009/08/04 06:10:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/04 05:19:04 | 000,014,336 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/09 16:59:07 | 000,006,836 | ---- | C] () -- C:\Users\Angie\AppData\Local\d3d9caps.dat [2009/07/08 23:56:11 | 000,000,000 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\wklnhst.dat [2009/06/14 04:02:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009/06/14 04:02:34 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009/06/13 19:41:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009/06/13 19:29:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009/06/13 19:29:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009/03/12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009/03/12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009/02/11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009/02/11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009/02/11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009/07/08 23:49:11 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.# [2009/03/12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Acer GameZone Console [2010/02/15 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited [2009/07/08 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eSobi [2010/07/09 21:46:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ [2009/07/08 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PowerCinema [2010/06/30 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\RagTime [2009/07/08 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftDMA [2010/05/12 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony [2010/05/12 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Sony Setup [2009/07/08 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Template [2010/09/05 16:34:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05/09/2010 19:55:53 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001809 | Country: Irland | Language: ENI | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.57 Gb Total Space | 103.73 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 87.89 Gb Total Space | 28.41 Gb Free Space | 32.33% Space Free | Partition Type: NTFS
Drive F: | 35.87 Gb Total Space | 34.36 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANGIE-LAPPI
Current User Name: Angie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Downloads\Picture-0002927.JPGwww.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002253FB-8111-493F-8D8C-4FE66B903955}" = rport=138 | protocol=17 | dir=out | app=system |
"{19BD3B49-4960-46E2-BFDF-26630FA2FEB2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A5C067B-8408-48B3-BA04-97BDF48F64E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6EB95F-08A1-4B60-91A4-478E3E712762}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1C2EA5E6-527D-487A-AED6-6294BBA02018}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FAEDC48-8C84-454C-9D6E-362F2A31CF19}" = rport=137 | protocol=17 | dir=out | app=system |
"{205AA3E9-878C-42FD-A9C8-027C00994362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41A06BD5-2397-402A-9173-3A9252D0D841}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46996488-4F91-4353-AE7A-257708BF6C23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46EA0D08-1753-4C43-91E3-A4FC6DFB18A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B0B4E6C-CA7C-4279-9F94-27BBA5354CBC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{548CB954-9003-4906-9103-309F5F9CDEC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56ED778A-FCE6-42EF-ADB2-6F3B2E5AC918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AC8DFF5-14F5-41EE-98A8-0C850DF292FE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{64C1142C-9E37-406E-ABAB-8ACCFCC91820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65BC738A-B27D-4B97-B1CB-F4AB37E74E2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{67A9AC51-01DF-4C14-8C8F-EA54202531A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A61EEC-8F86-44CF-9BF8-E33B445B2CFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF5F8B7-61E9-47C9-8D16-1E50F81DEA2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81794BB4-902C-4831-AB14-74DC7FB50E3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A3F5F3-1877-46F2-BC12-5C5A5EAF93C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{870738C7-122C-48A8-9714-D8CCA4AB7F8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C573BB4-FC4F-481C-BB91-344957B18386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A72222D-BB2B-4EB5-8E66-0C2F4A232D34}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0B5B23E-A394-4B78-95A0-1C6A7ECF8503}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0FC8839-3101-4A32-870A-5624DC32E59A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A463C226-CDB2-4BAF-8FD3-845CA09207B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C69A10-A922-44A1-AF2D-A2DEB45300DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE8E3522-7288-4F7F-B9E4-E558B7B7ED58}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC8396A3-72E6-4CD7-8021-B0A954D6F312}" = rport=139 | protocol=6 | dir=out | app=system |
"{E54A7353-CB4B-4939-813E-330BB4618509}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6F1BC5F-C0D7-49FC-9988-497B96F1D87C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF6CDA77-88FF-43FA-81C8-B843F5223134}" = lport=139 | protocol=6 | dir=in | app=system |
"{F268246E-4232-4F19-98D8-C94EF25708CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F731B571-7547-4C5C-A03F-D840FCC01763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00966F49-96FF-4F32-8B31-C9FCAE5AF1C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00AC1766-45AD-46AC-9A7E-901F9A6BEA7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01B01350-67C5-47C9-9383-5B94B3C26C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02DF2DB2-B260-4119-AB7E-C402FC9C4741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{038B6C9D-2A2E-4B5B-9666-27823ACB66DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05097973-C81F-47FD-88B0-9DF9417DBA98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06A089F2-2C10-4A88-AE04-10E7510B804C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06DEEC60-AD69-495F-A40F-90174896742C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A1CB352-B9DF-48E7-9CD3-F4A49C081DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AE27C66-95C3-4C67-A571-0B9C3C6517B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B243332-640B-4B4F-B853-781D52482084}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C62C1FD-728F-4BEF-B023-27F3DEFB5505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DB7E2A4-8B3F-4905-9661-E7E592570948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E2510B3-80D4-4DF4-8B6A-07F5295AD4FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ECCC38C-D509-41D3-A302-7CCEE51EBABA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{0FC430C0-8271-4AD2-B1B4-58F8F824A43D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12BEEE10-E77C-4170-B738-23BB132485E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12FEA2B0-8080-43E6-9220-7E69341EACAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14796318-4573-4EC3-B6BF-AFEB1D92CCF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15179141-B0E4-48AF-902A-DBFB15E8B89E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{173EF7A9-C6B7-4989-AEA6-6A10EA8BB00B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1944BF22-ABD2-42C1-8E56-8160F95C6DF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A20ABAF-42A3-40EF-94FE-D9C72FDA87FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AFE5958-A700-4DEA-B42C-0DEDD4E0E664}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B558AEC-04CE-4D04-ACA4-718D96984345}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20734789-895C-4A22-BD29-657B914554B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20A1B0A8-B20A-4267-AB0F-836FDC7573BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21911FFC-2D78-448F-B458-E0806B1C2AD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2209900A-1353-4D99-89CA-CD089F61FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23527E07-0245-4FCE-9266-8F2FCCB093FC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{23B5A813-957D-4C0F-B7BA-3AB9220AEEF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23C567C9-EA64-406B-AF35-26975A931C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24F9BFE8-7715-4DA8-AC39-FE37229D5174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{294F02E8-E669-4380-9262-A925034ADD7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A000E8D-D5A0-44EE-9136-24FF29B6A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AAAA09B-2321-46E8-8F97-E8D5BC5B9D71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AB3F2AE-4DE5-466F-91A1-6F22A11DBC80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B1685A2-E789-4488-A618-4E3EE05ECF78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B18465E-979D-47A0-BE1F-7F4F71FA1BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1F2A62-674A-46EF-BF69-7D8732F37585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D2B0AC6-3697-4919-8DB8-0253D894878F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EE9D84E-4503-4FD3-ABC8-01BD3B9717E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3354CB6E-CA89-42D3-B283-46E435A1791D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33576203-4FE0-43B5-B04E-7325E7F30FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36E945EC-E1C5-4468-9D3D-F3210EB94393}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{372C6BDC-0E4A-4BE5-A1C5-CD024217FDF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{399B34A0-9587-47E4-A833-EABD2C0BD8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AD901E8-BED7-4F36-BA43-09AEACAC923C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{3BB7ED2C-0C1F-426E-8CAB-9B81F68ABAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C909559-0330-48ED-BBEB-D210A5594911}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D31B782-6DA6-47F8-96E7-0551A6750C88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EFAEBF1-9967-4030-AC39-14B7E35553E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F1E37A4-CB79-4693-9886-7C82504D2173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F25CD5F-6A5B-4924-B3B9-2240A8CA48D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F4E4B58-96D5-4A47-BF9C-7CCA950D5E75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{410DA5AC-DB88-4EA1-AFFF-0259AEB21832}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{423C276C-BA6B-4517-8EF9-BB52B1302025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{425463A4-5295-4567-8C76-BB194AC59E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F9DE61-8C32-4167-9667-F20ECF7B512E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46CE3B86-AF71-4C98-ADEB-7979C4FB93F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470F99BE-FD69-406B-AA07-74CDF177C678}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A28905B-25FD-4DE8-8158-C084C80D64FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AB8BD5A-DBD2-4C77-BAEE-A710F346E067}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AEFFE5E-ED7B-4195-8038-73324C8C94A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C5CE82B-0AB1-417E-949B-CAA93B4329B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EF3B4FA-702D-41B0-B739-E3706471CA24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA5AE56-3236-421E-8DFC-74B837509C10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E1832B-2233-414B-8653-CDBBA7AB3424}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5310B265-55B9-4429-BD19-6D46995988E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{540E9C19-CEAE-47E4-A021-5682D23CDCEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C65328-84C7-4CAA-BE96-FDD855E8F087}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{555C9C64-5CEF-42FB-8CED-BC4E048A158F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55CFF8D5-768C-4406-AE55-FCDF4971D3B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55F47EF4-708D-4F70-9D06-7C5A0CDA6B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5AC5F67F-E889-4605-9018-DA5AEB346C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D1D19F6-4586-4E99-855C-E0F0B06D148C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F85D6F9-075B-4188-B58E-A89A1EEB8CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6159FA66-6E24-483A-B1F0-1D5BC45A4E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61800C7F-E6B4-4985-8124-D5A8200D0443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{619AE4B3-ACD5-47C2-A390-7E56063FA9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61E31FF2-FE76-48F9-BE5F-D2CFED3EFE23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61F2FBD8-65DC-4EC5-AE80-424F2D4530CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{663847B5-D5D5-468A-932C-56EC929BE32C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67E84425-56A5-4C22-9A2E-FACC85130568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67F51BDB-4B82-41B0-AB8F-9667D20E02AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{695054EB-2CB4-4BF0-BA51-CA3145E9ACAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A4BD658-B25F-4252-ABF7-C1E6F125A06D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A609438-6FDB-4A55-99F9-CA9BD7B64C01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C49262D-93A6-4D56-8F5F-7A917F7D7848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D3D0CE4-9F42-483D-BB0E-0D57CB17C478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D417D9D-AD11-4B5D-B80C-C4A433745C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6ED0606F-5CD0-468F-993B-A237B96F9682}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7072DD3C-366B-44C3-83C4-EACCF2E730F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72BF4C9F-B512-4E70-94A4-AB9FB74AFD6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{748C40C6-F247-4C3E-A84D-F3AFB0CC81BF}" = protocol=6 | dir=out | app=system |
"{760C0A94-DB46-4F56-BBE0-2F948A3F1CCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{790F72A1-1D05-4393-9961-DD760919E575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CAA0DF9-432B-49EE-AB73-3A99D1BF12C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EFCE4E6-3EDB-4E81-9BC3-D2E87FE04E98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80BA43BB-2B6D-4123-AE41-CD37E97405BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81FA4485-370D-4BEC-9F93-C06EC7EE902C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82EA1A71-1048-4A8F-8623-C9CAB8601B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8402320C-F2B1-4124-BA73-BF947B24E803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87095435-7B7E-4829-9E4F-6713BA7C89D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8744B6E1-B9BA-4D77-B73F-981915444355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D6A64B-FF41-4ED7-82F9-973BC1FE1DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88EA246D-FF7A-4C19-8DA3-6C0ED3B130EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B33C7A5-E952-4F93-9FCB-D0C373BC3293}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B795094-33A6-4BA4-BA81-FD24A040B1CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8D83B621-8E53-4832-80B0-81C75F1D06A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E32ED12-756E-4686-AF5F-7907E588BEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EF50985-CA3C-4C1A-BE87-D81B01BBD4D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F389412-BCC8-4D2E-9616-FD8FF4E63878}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FDD07C3-CEB6-4EA8-A6A4-356F43B65F96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92CF269B-6A09-48F0-89FA-D9D4FEDEA6E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{930DD5A3-A5DC-4760-9868-D095CA7AF750}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97BC41E2-F117-4EA5-813B-A4C89AF7DD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A027706-8028-4171-AC71-F42697BFEDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A88FDEA-6CEA-4F90-AA4F-266431D1E84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B3E36F7-741D-4881-8470-52510F170302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B5D0C6A-CB1C-4417-ABED-874C32FE90EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C9111C7-479C-4E9C-8B04-4C3389ED945C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CEFCD46-5D70-4115-B3C9-9697177ACAA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1CFE-3F81-4E1F-9D6B-514E1DDCDED5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EB9CEBE-698B-4280-A2F8-97928CA8555B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F8D7A15-E3A9-40F4-94BB-9994737E03CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A00CCEFD-C8BD-48D3-946F-ACBE0A5B24C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A260D41F-DE29-44E8-B8CC-326E6E647175}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3FB3839-B73C-4D0A-80C3-82B94AE6ACB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8352E8B-9E48-4CE2-8A9C-4B10EF509705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABF718D2-25BE-4FBB-8FD5-3615BD3A0A24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACE0BE68-F64B-48A5-BD20-78A51C83DC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B0D0C236-E391-4091-AA8F-55A203AB488D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1F2FB23-5810-41BE-A48C-835BCB5285EF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B2807599-1B42-41EE-BB96-CE8029863816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B28B1248-0E20-410A-BCA3-80C7152A4C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B41FE0C8-4763-447A-B6E2-04DA1A23E31B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5A5CA62-4A34-41BB-89BA-2149E8103405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8EDE7FF-97B8-40F5-96D8-21D356CA356A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B93E6D8B-3E54-4248-B90B-AE41DE84D512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B97364EC-ECE5-4AB6-B6EF-5352B072306A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9DB2248-4913-4D2E-B057-EC910A885275}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BA682CD8-3870-4BBD-9E4A-39C4859F5176}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB8E4DAE-7295-4B64-B3E0-BBC4086C8336}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD20BE07-1257-417C-B737-461CE4A265CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD72969E-0B48-4FDC-8075-BDC20E31CD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE373EBE-DC57-470B-BB8C-83162A987875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C0EA2EE0-C701-42AB-B5F1-070F58AF0702}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C434F41E-D532-4396-B4E5-E04924ABB2AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6F0EF84-A30E-485C-ABCA-86D0FD43089A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7BFB823-DB3F-4F80-AD9B-544EF9B5714F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CA37F058-3774-4EEE-A546-A0FA93BE704A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CABC44DD-281E-4BFA-8483-359A2321C620}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB4C0250-A5C9-485A-BD81-C3917247122F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBED2B53-8EE7-4722-A551-3BD26A360368}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBF61C91-2513-439E-83E4-DA615ECC87C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC4ABCCB-7956-4A42-8CAA-D5B2728A3616}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDEC9F74-8BFF-4E97-8810-58321BC52AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2914453-D1C6-4589-9D6C-AC975685692F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D603291E-E047-4562-A057-DA9361D2E174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F4CC75-F859-4F03-8E1A-1D5D4B61A09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7BA6583-97F5-413D-A96B-ABE5417B4A68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA84622D-D6C8-412C-AC31-8EF4592E88BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF02180-DEFF-442C-9C9E-ABE49146D8D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBA9A40C-5D9B-4C93-B6E1-8F9215BBB763}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDC5A573-E0FE-425F-9DE3-09B02BEC25D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD53577-41B3-4983-A138-B990C82EC949}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFC12F3B-FBDF-40F3-9757-60B5450DE5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E019B3C0-38CA-4748-A1CD-6BCEC181BE29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E13C2D1A-72DF-422A-97BF-5B154218C7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E34A0187-0195-4BAA-891A-5BE92AAC9E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E71ABA41-55D5-4814-B9BC-A659EB35A81D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8EC6E04-149E-4A25-AC78-9D2054A98577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9ADE639-3444-4F18-8FD1-88F740605114}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9EBA9F8-ED13-44EF-AFE4-A3B2F7EBA0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA5283B1-06ED-4FA5-8330-79CE22AB856D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDEDCB27-8BC5-4782-AF56-83E8DDB8782C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3968EB-2FF2-4F8D-A194-4222700CDE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0DD0882-94C9-47D7-9303-EF5F19A28C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1742235-836C-440C-A575-25E3F2A23B35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A4CAFE-55B0-4235-8D30-2F1611C09805}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA349256-62AB-4628-9D27-AF6A71CFB4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB478DF5-7EB7-471F-8265-37D5BA6247D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC697F3E-FB1B-4FB7-A6EF-DE7D8244F7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA278E4-9FB8-4102-ABFB-6A686FB8ECE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDAA49D4-9EF1-4933-820C-A098BA9F903F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE6BDB79-B8E3-4018-AB09-DCEBE80D6778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{452FA0D7-E6B5-490B-A114-138B076DDE60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{717575D6-7316-4A0A-A073-C6D3693018CD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8DE3DC45-72D3-4477-8388-BCAE7F396D40}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"TCP Query User{A4515D09-015C-4944-A1DF-AA369B565ACC}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{A5977D0A-52F5-43C9-8957-D7332C5015B3}C:\program files\ragtime privat\ragtime 5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"TCP Query User{C34A31D8-1D36-4E3A-B90A-9395A4A01D56}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D9558383-6142-4F64-AED2-5FB636A7335A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{EC12E8AC-B9A3-43E4-A573-4FD5CF0C0CAE}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0EDF8570-E9FD-4AB1-8E07-B37F4F8C8C54}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3E8AEC1D-A00D-4A1F-808C-1F5D1F8BBA30}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"UDP Query User{43A72232-85A2-41C5-84D8-7CC67B693088}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{646FBF5E-DA06-4310-8284-D8A2FE0C01B8}C:\users\angie\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\angie\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{AA1BE46D-0805-4C59-944D-A2EAD914B27A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B22784E9-8714-497B-B27C-5BDBFDE88AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D474BDE0-C138-463D-B907-0286696FA73E}C:\program files\ragtime privat\ragtime 5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime privat\ragtime 5.exe |
"UDP Query User{EA4F24EC-4C69-40FE-B387-F4EE69190DC1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B836CE46-F408-4DD4-9F65-0CE6937CF470}" = Dungeon Lords
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.00
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PicSizer" = PicSizer
"RagTime Privat" = RagTime Privat
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16/06/2010 08:40:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 17/06/2010 19:19:35 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 18/06/2010 07:56:08 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 18/06/2010 09:14:37 | Computer Name = angie-lappi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 0.0.0.0, Zeitstempel 0x4c05deaa,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x70263d65, Prozess-ID 0x12fc, Anwendungsstartzeit 01cb0edd5ac4b5b1.
Error - 22/06/2010 20:46:21 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 23/06/2010 09:14:41 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 24/06/2010 16:30:15 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 25/06/2010 08:20:31 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 25/06/2010 21:11:58 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
Error - 26/06/2010 04:28:52 | Computer Name = angie-lappi | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20/11/2009 17:25:46 | Computer Name = angie-lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 05/09/2010 02:31:24 | Computer Name = angie-lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.09.2010 um 08:29:52 unerwartet heruntergefahren.
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 02:32:17 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 02:32:32 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 05/09/2010 03:17:19 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 05/09/2010 10:15:38 | Computer Name = angie-lappi | Source = DCOM | ID = 10016
Description =
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 10:15:42 | Computer Name = angie-lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 05/09/2010 11:09:41 | Computer Name = angie-lappi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 05/09/2010 13:50:22 | Computer Name = angie-lappi | Source = DCOM | ID = 10010
Description =
< End of report >
das sieht grad mal ziemlich übel aus.... das seh sogar ich und ich werd den ersten post erstmal abschicken, da maleware selbst im quick-scan gute 7 min läuft und ich nicht weiß, ob mein lappi das überlebt.. vielen dank im voraus teny *malewarebytes report folgt* |
|
05.09.2010, 19:13
| #2 | |
| | nochmal skype/facebook trojaner :( pc fast tot.. so, ich nochmal
__________________das gleiche wie ich befürchtet habe.. im gegenzug zu dem, was da oben zu finden ist.. hier der mbam-log Zitat:
ich lass dann doch einmal den full scan laufen lg teny Geändert von teny (05.09.2010 um 19:20 Uhr) |
|
05.09.2010, 20:47
| #3 |
| | nochmal skype/facebook trojaner :( pc fast tot.. und weil es so schön ist
__________________hier noch einmal der mbam log vom full scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4550 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 05/09/2010 21:37:27 mbam-log-2010-09-05 (21-37-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Durchsuchte Objekte: 295819 Laufzeit: 1 Stunde(n), 9 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a8c7 (Backdoor.Bot) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYNBO517\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNVM3FFZ\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[1].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYG0BMEH\dcom32[2].exe (Rootkit.Dropper) -> No action taken. C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDZ03FH0\dcom32[1].exe (Rootkit.Dropper) -> No action taken. aktionen jeglicher art sind NICHT möglich, da das programm wie immer.. den status "keine rückmeldung" hat ich werde dann wohl mal ins bett gehen und beten, dass der laptop morgen noch lebt. von der arbeit aus werde ich mal rein schauen, ob sich jemand der herausforderung stellt mir zu helfen ist halt mal nicht ganz so übersichtlich, wie bei den bisherigen skype-link-trojaner-problemen *platt machen ist aktuell keine lösung^^ da ich keine system cd besitze... tja, vorinstalliert halt -.- * lg teny |
|
06.09.2010, 16:30
| #4 |
| | nochmal skype/facebook trojaner :( pc fast tot.. huhu also ein neustart brachte eher eine verbesserung... aktuell sieht es wieder aus wie es sollte.. und funktioniert auch wieder die frage ist nur wie lange? zz findet mbam mal wieder nix in der suche aber ich habe vertrauen in euch angie |
|
06.09.2010, 18:13
| #5 |
| | nochmal skype/facebook trojaner :( pc fast tot.. hhm, editieren geht ja leider nimmer.. aktuell mein momentaner lieblingsfehler hostprozess für windows-dienste funktioniert nicht mehr Problemsignatur: Problemereignisname: APPCRASH Anwendungsname: svchost.exe Anwendungsversion: 6.0.6001.18000 Anwendungszeitstempel: 47918b89 Fehlermodulname: ntdll.dll Fehlermodulversion: 6.0.6002.18005 Fehlermodulzeitstempel: 49e03821 Ausnahmecode: c000071b Ausnahmeoffset: 000888f5 Betriebsystemversion: 6.0.6002.2.2.0.768.3 Gebietsschema-ID: 6153 Zusatzinformation 1: 0e02 Zusatzinformation 2: b21b56b606e7544720668ce364087082 Zusatzinformation 3: 0e02 Zusatzinformation 4: b21b56b606e7544720668ce364087082 solange ich das fenster offen lasse, und nicht auf beenden oder online lösung klicke geht der pc auch weiterhin also lass ich sie einfach mal da. weiß allerdings nicht, was das genau zu bedeuten hat lg angie |
|
07.09.2010, 07:37
| #6 |
| | nochmal skype/facebook trojaner :( pc fast tot.. guten morgen seit dem neustart heute blinkt alle 30 sekunden avira auf und meldet einen fund. allerdings verschwindet das fenster nach dem piep und der meldung auch direkt wieder von alleine melden tut er: C:\Windows\Temp\cxvl.tmp\setup.exe Trojanisches Pferd "TR/Dropper. Gen" nun fiel mir auf.. er meldet nicht einen fund, er meldet alle 30 sekunden einen anderen. das fett gedruckte variiert.. insgesamt hat er 20 verschiedene gemeldet mbam quick scan sagt 0 für den fullscan reicht die zeit leider nicht  lg angie |
|
| Themen zu nochmal skype/facebook trojaner :( pc fast tot.. |
| 0x00000001, agere systems, alternate, antivir, autorun, avgntflt.sys, avira, cdburnerxp, components, corp./icp, error, excel, excel.exe, failed, firefox, flash player, fontcache, format, google chrome, home, home premium, iastor.sys, install.exe, launch, local\temp, location, locker, logfile, maleware, media center, monitor, mozilla, mywinlocker, national, nvstor.sys, oldtimer, otl.exe, plug-in, problem, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, services.exe, shell32.dll, skype.exe, software, staropen, svchost.exe, trojaner, udp, uiexec.exe, vlc media player, windows |
Hybrid-Darstellung
