|
Plagegeister aller Art und deren Bekämpfung: BKA-MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.12.2011, 21:54 | #1 |
| BKA-Malware Hi, ich hatte vor langer Zeit so ein BKA-Malware, wo eine angebliche Meldung des BKAs kam und wo ich aufgefordert wurde Paysafecard-Code oder ukash im Wert von 100€ einzutippen. Damals hab ich einfach schnell den Prozess beim starten beendet und damit hatte ich dann vorerst keine Probleme mehr. Dann kam eine weitere Version der Malware, die war schon hartnäckiger. mahmud.exe hieß sie und ich konnte sie von anderen Useraccount aus löschen oder ebenfalls schnell den Prozess beenden. Hab die Datei ebenfalls gelöscht und woanders gelesen, dass dies ausreichen sollte, selbst in der Registry hab ich den versucht zu löschen, aber er kam immer wieder. Mittlerweile hab ich 4 verschiedenartige Malwares dieser Art gesehen. Alle anderen sind verschwunden, der aktuelle ist heute zum ersten aufgetaucht. Dabei wird der Internet Explorer gestartet und eine Seite mit der IP hxxp://85.121.39.38 aufgerufen. Task Manager wird gesperrt, außer ich beende beim Start ctfmon.exe, aber bin mir auch nicht sicher, ob es daran liegt. Beim Beenden fällt mir noch auf, dass es statt einmaligen Abmeldesoud, der 2 mal auftaucht. Warum bekomm ich immer neue Malwares dieser Art? Ich besuche keine komischen Seiten, bin meistens nur auf Facebook on. Hab ich mir früher mal einen Rootkit eingefangen? Hab ebenfalls tdsskiller schon ausprobiert, aber hatte auch keinen Erfolg. Lg |
16.12.2011, 22:22 | #2 |
| BKA-Malware Hi,
__________________kommst Du normal ins Windows? Dann: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Sonst: OTL downloaden und auf einen USB-Stick kopieren, dann den Rechner im abgesicherten Modus mit Eingabeaufforderung hochfahren (F8 beim Booten drücken). Kopiere dann die OTL.exe von dem Stick auf den Rechner (copy E:\OTL.EXE .)(wenn E Dein USB-Stick ist). Otl ausführen, Logs zurückkopieren und hier posten... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
17.12.2011, 14:24 | #3 | ||
| BKA-Malware Also mit dem infizierten Account nicht ganz, muss immer schnell nach der Anmeldung Task-Manager öffnen und den Prozess ctfmon.exe schließen, dann läuft alles normal.
__________________Ansonsten kann ich den Task Manager danach nicht mehr aufrufen, er wird immer geschlossen. Hab das Programm jetzt durchlaufen lassen, hier die Ergebnisse: Zitat:
Zitat:
EDIT: Habe grad einen Neustart gemacht, nachdem ich Malewarebytes durchlaufen lies. Windows meldet. dass SysMonitor.exe nicht mehr funktionert. Zudem gibt RunDLL den Fehler aus, dass es einen Fehler beim laden der wpbt0.dll gab. Also ist ein Teil der Maleware noch drauf, nehme ich an, die nur nicht auf die dll aufrufen kann? Lg Geändert von Khala (17.12.2011 um 14:35 Uhr) |
17.12.2011, 14:42 | #4 |
| BKA-Malware Hi, Du hast Trojan.Zbot.CBCGen drauf... Poste bitte das OTL-Log... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.12.2011, 14:47 | #5 |
| BKA-Malware Hi, OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.12.2011 14:34:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hy-Van\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,41 Gb Available Physical Memory | 23,58% Memory free 3,74 Gb Paging File | 1,65 Gb Available in Paging File | 44,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 62,69 Gb Total Space | 14,86 Gb Free Space | 23,70% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 95,90 Gb Free Space | 66,58% Space Free | Partition Type: NTFS Drive E: | 81,60 Gb Total Space | 79,41 Gb Free Space | 97,32% Space Free | Partition Type: NTFS Drive F: | 3,74 Gb Total Space | 3,63 Gb Free Space | 97,13% Space Free | Partition Type: FAT32 Computer Name: HY-VAN | User Name: Hy Van | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hy-Van\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Hy-Van\AppData\Roaming\ICQ\Application\ICQ7.6\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files\Windows Live\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.) PRC - C:\Windows\System32\CAPRPCSK.EXE (CANON INC.) PRC - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Windows Live\Messenger\winmm.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Acer\Empowering Technology\SysMonitor.exe () MOD - C:\Program Files\Windows Live\Messenger Plus! Live\Detoured.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.SYS (Hitachi Semiconductor and Devices Sales Co.,Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys () DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (RapidPort) -- C:\Windows\System32\drivers\CAPLPTN.SYS (CANON INC.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/#q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Hy-Van\AppData\Roaming\5038 [2011.11.04 18:09:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.13 22:45:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.04 05:25:38 | 000,000,000 | ---D | M] [2009.03.04 21:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Extensions [2011.11.24 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions [2009.09.02 14:05:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.04 23:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a} [2011.11.24 13:15:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.06 12:48:07 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions\flashfirebug@o-minds.com [2011.11.24 13:15:37 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Hy Van\AppData\Roaming\mozilla\Firefox\Profiles\04zgeds5.default\extensions\foxyproxy@eric.h.jung [2010.06.25 15:05:58 | 000,002,059 | ---- | M] () -- C:\Users\Hy Van\AppData\Roaming\Mozilla\Firefox\Profiles\04zgeds5.default\searchplugins\daemon-search.xml [2011.08.09 22:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.09.26 15:51:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.18 04:39:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.19 08:31:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.17 04:34:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.21 06:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 10:34:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.09 22:55:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2011.05.01 04:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011.05.01 04:38:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} () (No name found) -- C:\USERS\HY VAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04ZGEDS5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI () (No name found) -- C:\USERS\HY VAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04ZGEDS5.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI () (No name found) -- C:\USERS\HY VAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04ZGEDS5.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\HY VAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04ZGEDS5.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI () (No name found) -- C:\USERS\HY VAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04ZGEDS5.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.11.04 18:09:44 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HY-VAN\APPDATA\ROAMING\5038 [2011.08.31 22:24:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.09 22:55:37 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.08.31 22:24:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.08 15:45:57 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.08.31 22:24:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2011.08.31 22:24:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.31 22:24:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.31 22:24:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.31 22:24:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [CAPON] C:\Windows\System32\spool\drivers\w32x86\3\CAPONN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [2F7ZUJ7G2IWWUB5WQXTNWQFN] C:\SystemData\217FA966C5A.exe /q File not found O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [Free Download Manager] D:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222A2779-18E8-455C-95EA-E2D93937ED1A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4231dbd8-4768-11de-89e1-00218532014d}\Shell - "" = AutoRun O33 - MountPoints2\{4231dbd8-4768-11de-89e1-00218532014d}\Shell\AutoRun\command - "" = L:\pushinst.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.17 09:58:49 | 000,000,000 | ---D | C] -- C:\Users\Hy Van\AppData\Roaming\Malwarebytes [2011.12.17 09:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.17 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 09:58:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.17 09:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.17 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.17 09:36:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.12.17 09:36:54 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.17 09:36:54 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.17 09:36:54 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.12.17 09:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.17 09:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.12.13 22:22:08 | 000,000,000 | ---D | C] -- C:\Users\Hy Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOXChess [2011.12.13 22:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\HOXChess [2011.12.07 18:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega [2011.11.30 22:48:01 | 000,000,000 | ---D | C] -- C:\EGIS_Drive [2011.11.26 11:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL [2011.11.25 23:16:07 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.11.23 19:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL [2009.03.03 21:50:33 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2009.02.27 18:58:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.18 14:16:31 | 004,719,822 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.18 14:16:31 | 001,452,284 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.18 14:16:31 | 001,364,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.18 14:16:31 | 001,199,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.18 14:10:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.18 14:10:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 14:10:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 14:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.18 14:09:54 | 1878,130,688 | -HS- | M] () -- C:\hiberfil.sys [2011.12.17 14:09:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.17 09:58:08 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.17 09:37:09 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.17 02:11:37 | 000,000,250 | ---- | M] () -- C:\Users\Hy Van\mm.cfg [2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.11.26 14:22:09 | 003,703,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.20 19:11:15 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.17 09:58:08 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.17 09:37:09 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.16 16:48:46 | 1878,130,688 | -HS- | C] () -- C:\hiberfil.sys [2011.10.12 09:35:26 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.08.10 09:18:50 | 000,000,058 | ---- | C] () -- C:\Users\Hy Van\AppData\Roaming\you.bmp [2010.12.08 06:36:08 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe [2010.12.08 06:36:08 | 000,004,152 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.25 15:57:05 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.25 15:57:05 | 000,022,328 | ---- | C] () -- C:\Users\Hy Van\AppData\Roaming\PnkBstrK.sys [2010.06.25 15:56:49 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.06.25 15:56:47 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.25 15:56:46 | 000,000,266 | ---- | C] () -- C:\Windows\game.ini [2010.06.11 22:15:39 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2010.02.25 22:06:28 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini [2010.02.25 22:06:26 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2010.02.25 22:06:26 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini [2009.07.10 16:12:27 | 000,000,680 | ---- | C] () -- C:\Users\Hy Van\AppData\Local\d3d9caps.dat [2009.06.19 15:16:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.08 16:22:04 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2009.05.23 08:16:40 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2009.04.16 17:45:55 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2009.03.05 16:37:15 | 000,032,256 | ---- | C] () -- C:\Users\Hy Van\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.04 05:03:44 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.03.03 21:51:32 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE [2009.03.03 21:50:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.03.21 23:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.21 22:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini [2008.03.21 22:05:48 | 000,000,138 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.21 15:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.21 14:19:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.21 08:15:58 | 004,719,822 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 001,452,284 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 003,703,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 001,364,772 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 001,199,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2002.07.31 21:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.12.2011 14:34:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hy-Van\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,41 Gb Available Physical Memory | 23,58% Memory free 3,74 Gb Paging File | 1,65 Gb Available in Paging File | 44,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 62,69 Gb Total Space | 14,86 Gb Free Space | 23,70% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 95,90 Gb Free Space | 66,58% Space Free | Partition Type: NTFS Drive E: | 81,60 Gb Total Space | 79,41 Gb Free Space | 97,32% Space Free | Partition Type: NTFS Drive F: | 3,74 Gb Total Space | 3,63 Gb Free Space | 97,13% Space Free | Partition Type: FAT32 Computer Name: HY-VAN | User Name: Hy Van | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0188F05A-4895-418C-965B-49B9DF55BE92}" = lport=2869 | protocol=6 | dir=in | app=system | "{0E472708-639A-4975-B22C-C4378C466903}" = rport=445 | protocol=6 | dir=out | app=system | "{222C4B6C-CBD5-4BEE-8D31-A64BAE3F0401}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{239EF6C9-8903-4EA7-822F-C285174843FE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{2ADC68E1-9372-4B5D-BF2E-29EA1FA2B16E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{41C3B779-F366-4E4E-9ED8-C8A83E7CAE09}" = lport=137 | protocol=17 | dir=in | app=system | "{42F94E2E-5CC9-470E-ACB3-51FE6D0D2088}" = rport=137 | protocol=17 | dir=out | app=system | "{5163AD77-622D-4D23-90FF-99E44835AAD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{678D8660-ACD1-4F9D-8A13-2CA7A1ACCE43}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6C386D1A-0DF8-412E-9EA2-EF105C55505C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{76DC8764-B94E-4C7E-B8AF-A6B08DC84496}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{77099DA7-882A-43EE-ADF6-EBFDF6287587}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7F4D9947-AE1A-4C6F-8B4E-C03E8E90A490}" = lport=49179 | protocol=6 | dir=in | name=akamai netsession interface | "{8DE662E8-2F47-49E8-998E-558FACFC1D36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9219A2EC-F52A-4109-96B8-609388531A6E}" = lport=445 | protocol=6 | dir=in | app=system | "{947577D7-2004-4E8F-946E-84196376A177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A1F17C22-5905-4B11-B4E4-14B0400F5238}" = rport=139 | protocol=6 | dir=out | app=system | "{A919B4A2-917D-46E9-9813-9BD3B6E481CD}" = lport=139 | protocol=6 | dir=in | app=system | "{B50B1DD5-275E-481A-BD24-49C884B3E7AF}" = rport=138 | protocol=17 | dir=out | app=system | "{C2BC5A0B-7FD5-4CCC-A75B-B9ACDD1A25B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{C7AC7319-76F0-479E-B5F1-8B058EEB0409}" = lport=138 | protocol=17 | dir=in | app=system | "{CA68005D-FBF7-4128-AA37-B40958398CE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF59D28C-9226-42EB-AF43-22EB2A3305B5}" = lport=10243 | protocol=6 | dir=in | app=system | "{FDF418E4-1D9D-4272-9FF5-FC6FC8A85DA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{058A90AA-5F0A-4124-9687-23480D142C6D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{06217170-F304-41DC-9751-F7D58EA2C706}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{0B9E0E14-8B34-4583-9526-0001E0AD77EB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{0E88D9A3-7195-46B0-91A2-9F037CD89009}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{16253BB2-B327-45CC-97D4-C486B8E367B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{16DACA48-F089-458D-AA96-674675EB73CA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{1702864C-70C1-40B8-90DF-E0A2C6374BC4}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{1909AC47-C586-40D5-AE62-7A79589C1579}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{27863206-1F4F-406B-A60C-E989F9C37452}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{27F11F75-83C7-4830-990F-19CA9471EAF0}" = protocol=17 | dir=in | app=c:\users\hy-van\appdata\local\akamai\netsession_win.exe | "{35AC9C76-DD55-42F7-92C1-8744F2814A97}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{3E01C8B3-2455-40AA-AA18-6EC8D65C8702}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{47D37723-D82C-4354-923C-BE9B6B44104D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D6AD0F3-AC13-4983-AE04-E3BF6C3E9FC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{53ADDD97-FA3A-47C4-9882-D4C73240ABE3}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{53CE8B05-D7AF-4D49-80A1-93FFCA45D4AD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{5404A967-FCEC-4F7C-B6C1-6F5B668505E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5611C9F0-A39D-4256-AFD2-5B2BAB989902}" = protocol=6 | dir=in | app=c:\program files\alaplaya\s4league\patcher_s4.exe | "{5CC684E4-DDDE-4743-9B64-643E3EC81758}" = protocol=6 | dir=out | app=system | "{6DA632D9-98FE-4590-9C5F-4F6317C9D8F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{75719D2D-FA7D-495B-B7EB-EF4F0A9864B5}" = protocol=17 | dir=in | app=c:\program files\alaplaya\s4league\patcher_s4.exe | "{75C2B8E8-A78E-4354-AAC2-1F212BFF920B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{792A881A-CA4E-4D89-B821-4CB1363E88E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{85E433EA-D4B1-466C-952F-F593FD08782C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{86955A5D-5849-4EE2-BE8A-EF1F54B20846}" = protocol=6 | dir=in | app=d:\programme\css\hl2.exe | "{876C7857-7A82-4171-A41E-4B5CB43AE263}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8977D207-A112-4FEC-A58C-5996DFC0B053}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{91F28CAB-A124-439B-BC10-F07310B71A23}" = protocol=6 | dir=in | app=c:\users\hy-van\appdata\local\akamai\netsession_win.exe | "{97BB13F9-D238-46E3-86EF-772A5F2735D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9C8142F4-3648-499D-B2E0-8C78983BE8CD}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{AB988D23-B871-49CB-B7BB-CBC8A0D4B611}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BB437405-F3A2-4056-AE31-00AE927C0629}" = protocol=17 | dir=in | app=d:\programme\css\hl2.exe | "{D0A185EC-8C3B-4536-8E7A-142AFB5D4AC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D18F00D8-B3D8-4A44-B854-209E13A0E796}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{DDB2527A-E9DF-4172-B069-F436B6B628E5}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{DEBBD6C8-6BAC-4AC1-9AB5-933F0CEFDD07}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E2DAB2B8-286C-4551-9966-9E645B392926}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{E40B496B-0214-4B50-8FD3-FCB3A2AD2F54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{E88CB85E-5FA1-4349-9FA9-8AD5F40640BA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E88ED7F0-9A41-4093-B4DA-17879AF2BCEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EC7B0A38-593D-4E83-BF71-786DFCA4FEF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECE8B197-C77F-47BE-8D91-E3AC6AACDEE2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{EE67D0E5-D77E-4585-8154-E1D3CC9E85CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F9FF3881-F509-443C-BAC3-54F3228A8B66}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{FA5C780E-0691-4527-8119-330E01097A78}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{FA7C6DF1-59B4-4F66-808A-CB49382C3125}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{00B6A17E-F9E3-4924-9AFF-A70719D511DB}D:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe | "TCP Query User{0833C595-AB29-4526-93D1-C8E2D4492FC8}D:\programme\littlefighter\r-lf2\lf2.exe" = protocol=6 | dir=in | app=d:\programme\littlefighter\r-lf2\lf2.exe | "TCP Query User{0A90721B-2E08-4527-963B-D1CED9C13809}C:\program files\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files\age of empires iii\age3y.exe | "TCP Query User{1092D92A-4755-45CE-AA41-BEE7ACC4EA4E}C:\users\hy van\desktop\123boxl4dxers\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\hy van\desktop\123boxl4dxers\left 4 dead\left4dead.exe | "TCP Query User{13DC9E25-D15A-4449-AB7C-1FD50A73939A}J:\empire earth\empire earth\empire earth.exe" = protocol=6 | dir=in | app=j:\empire earth\empire earth\empire earth.exe | "TCP Query User{18E583D1-AC0C-4A84-A76E-CDFEC0B61B93}D:\programme\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\programme\empire earth\empire earth.exe | "TCP Query User{294DE7B5-817F-4331-90CA-6D98B23BFC5D}C:\users\hy-van\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\users\hy-van\appdata\roaming\icq\application\icq7.6\icq.exe | "TCP Query User{40FF3917-8364-417A-A5AB-3A3F461A3EE8}D:\programme\littlefighter\lf2\lf2.exe" = protocol=6 | dir=in | app=d:\programme\littlefighter\lf2\lf2.exe | "TCP Query User{465636D4-8B89-4D8A-B7FA-B58845C9220D}C:\users\hy van\desktop\empire earth\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\hy van\desktop\empire earth\empire earth\empire earth.exe | "TCP Query User{494CC28B-03B1-480A-ADF2-3787AF0E7832}D:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe | "TCP Query User{609F4B9C-46BF-426B-828F-B67904B0E3A3}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe | "TCP Query User{66A2EEE2-7EA7-45BE-AF64-8AA0C13608C3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{68555440-6672-4664-8E49-562AF154EF23}D:\programme\valve\hl.exe" = protocol=6 | dir=in | app=d:\programme\valve\hl.exe | "TCP Query User{8186B866-1129-4539-9EF3-A4CB5B9DFD32}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe | "TCP Query User{8660E4E7-FD70-428B-B647-2D1681636062}D:\programme\farmhelper\fvbot.exe" = protocol=6 | dir=in | app=d:\programme\farmhelper\fvbot.exe | "TCP Query User{8704310C-9122-4BC3-90F4-6D8DE845C19B}D:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=6 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe | "TCP Query User{90BB1C46-8582-42AE-B3D6-DB9C2DFDC4B7}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{9952A9B1-12CF-4309-8A3B-320BA267D966}C:\program files\qianhong\qianhong.exe" = protocol=6 | dir=in | app=c:\program files\qianhong\qianhong.exe | "TCP Query User{9CE9E465-C722-42F6-89AA-E19E65A59ECA}D:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=6 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe | "TCP Query User{B3BCAAED-2A95-4867-8F73-261EAFA30C45}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | "TCP Query User{B731583F-FC11-49F9-9670-87694492B3B9}D:\programme\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\programme\metin2\metin2.bin | "TCP Query User{C11DB4F4-9844-435D-8B5E-FEB3EB8A8527}C:\users\hy van\desktop\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\hy van\desktop\empire earth\empire earth.exe | "TCP Query User{C5863B5C-E972-42E5-B6E8-1D133D71086A}C:\program files\turbonote\tbnote.exe" = protocol=6 | dir=in | app=c:\program files\turbonote\tbnote.exe | "TCP Query User{DB062867-064F-4148-B2BA-1F81BA678B04}C:\program files\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\empire earth\empire earth.exe | "TCP Query User{DED1F2B5-8478-4F60-92C2-4396A55A37D6}D:\programme\littlefighter\r-lf2\lf2.exe" = protocol=6 | dir=in | app=d:\programme\littlefighter\r-lf2\lf2.exe | "TCP Query User{E1C47D99-C599-4526-BD22-87FF13D12FD7}D:\programme\valve\hl.exe" = protocol=6 | dir=in | app=d:\programme\valve\hl.exe | "TCP Query User{E642D800-1418-4776-B1D3-E6880659142E}C:\program files\turbonote\tbnote.exe" = protocol=6 | dir=in | app=c:\program files\turbonote\tbnote.exe | "TCP Query User{EC7AF09C-3CD3-43AA-A5C0-BCAFE9AA25D2}D:\programme\css\hl2.exe" = protocol=6 | dir=in | app=d:\programme\css\hl2.exe | "TCP Query User{F8D3D2DF-6D64-4653-B731-BE16379F4CF1}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "UDP Query User{058BD50D-AC67-49E8-80B2-14835270DCE2}C:\program files\turbonote\tbnote.exe" = protocol=17 | dir=in | app=c:\program files\turbonote\tbnote.exe | "UDP Query User{0BE339DA-4FB9-401F-9863-EDFC629BF403}D:\programme\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\programme\empire earth\empire earth.exe | "UDP Query User{1DC062B8-5C15-4FFA-B574-6A20D1F3B7ED}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe | "UDP Query User{226D34F8-B3C5-4FED-A604-F525DD3E3AA2}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{2906C36F-C57A-4BFA-AA5D-7E5B8EFE4F9D}C:\program files\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\empire earth\empire earth.exe | "UDP Query User{291C7FF5-BC57-4BB3-822A-12CE8C6C9D1F}D:\programme\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\programme\metin2\metin2.bin | "UDP Query User{30DF5D61-AF91-4D3D-AD41-796ED7F99B3D}D:\programme\css\hl2.exe" = protocol=17 | dir=in | app=d:\programme\css\hl2.exe | "UDP Query User{33D414BC-63FA-40BC-A8B7-2E53BE4A913B}C:\users\hy van\desktop\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\hy van\desktop\empire earth\empire earth.exe | "UDP Query User{3676D717-7A25-432F-963C-7BD4D2FBCC24}D:\programme\littlefighter\lf2\lf2.exe" = protocol=17 | dir=in | app=d:\programme\littlefighter\lf2\lf2.exe | "UDP Query User{3F92352D-885D-4E27-A729-EE4F4E227A44}D:\programme\littlefighter\r-lf2\lf2.exe" = protocol=17 | dir=in | app=d:\programme\littlefighter\r-lf2\lf2.exe | "UDP Query User{46092021-9FD3-4FF7-9499-3FDC51DB79E8}D:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe | "UDP Query User{4DBA67EF-2C30-4509-855A-FB3AFFC5E676}D:\programme\littlefighter\r-lf2\lf2.exe" = protocol=17 | dir=in | app=d:\programme\littlefighter\r-lf2\lf2.exe | "UDP Query User{500B09DF-BFCA-4E03-B4C0-188E83C55C7F}D:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\empires2.exe | "UDP Query User{55F53A4E-6BB5-4F5A-8AD1-7351F76C7E1C}D:\programme\farmhelper\fvbot.exe" = protocol=17 | dir=in | app=d:\programme\farmhelper\fvbot.exe | "UDP Query User{66F6BF80-6151-419A-A782-2C0339E41BCE}J:\empire earth\empire earth\empire earth.exe" = protocol=17 | dir=in | app=j:\empire earth\empire earth\empire earth.exe | "UDP Query User{688EB441-A601-43ED-A2D3-9FE4F90A5B8A}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "UDP Query User{763AA458-8716-4BF7-988C-88273D717EBF}D:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=17 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe | "UDP Query User{84CDF5FE-BCA6-43E5-AC1F-3F9AB32EC099}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | "UDP Query User{85835CF7-1592-4801-B569-AC52FF8ABFF5}C:\program files\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files\age of empires iii\age3y.exe | "UDP Query User{A8C55F68-F86C-455C-A716-0815F253D865}D:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=17 | dir=in | app=d:\programme\age of empires 2 & the conquerors expansion - full game\age2_x1.exe | "UDP Query User{AEBB720B-5560-4D75-9B3D-F1BA7A7A2336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B04E176B-8CAC-44B3-92D2-8069F1D16F08}C:\users\hy van\desktop\123boxl4dxers\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\hy van\desktop\123boxl4dxers\left 4 dead\left4dead.exe | "UDP Query User{BB148B91-0B57-435D-9232-41A01B80294B}C:\users\hy-van\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\users\hy-van\appdata\roaming\icq\application\icq7.6\icq.exe | "UDP Query User{BF42F0C6-6779-4CCF-9028-D2770FCFC367}D:\programme\valve\hl.exe" = protocol=17 | dir=in | app=d:\programme\valve\hl.exe | "UDP Query User{C5DA2D4F-A72E-4216-BB42-25F229CF61B4}C:\users\hy van\desktop\empire earth\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\hy van\desktop\empire earth\empire earth\empire earth.exe | "UDP Query User{D1050F57-D74C-4E3B-A651-1A46669E2029}C:\program files\turbonote\tbnote.exe" = protocol=17 | dir=in | app=c:\program files\turbonote\tbnote.exe | "UDP Query User{D30F8B3D-901E-4599-B0B5-4D57B4DA6F58}C:\program files\qianhong\qianhong.exe" = protocol=17 | dir=in | app=c:\program files\qianhong\qianhong.exe | "UDP Query User{F913C3E6-60BB-4D7B-9543-B0224303CCD4}D:\programme\valve\hl.exe" = protocol=17 | dir=in | app=d:\programme\valve\hl.exe | "UDP Query User{FD671034-BAF7-4B9F-834E-8861132B57CA}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{15B5294C-1D82-476C-B287-E86A0CC6D6DC}" = MySQL Workbench 5.2 CE "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{421EC9A7-4A58-43CD-AC9B-8FACFFB9A843}" = Microsoft Visual C# 2005 Express Edition - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66336E9B-5482-B5FB-94F0-405874EE3541}" = Adobe Download Assistant "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8380C411-7CAF-41FF-9413-9FF1C7A98800}" = S4 League_EU "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CB59E92-98BB-4BE9-9CA2-66FD929EB57A}" = SafeGuard® PrivateCrypto 2.31.1 - Unlicensed Version "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D06737BC-9887-46E0-A203-29D7FE756019}" = ClassPad Manager v3 Professional "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F8013DD1-574B-4921-A473-88A2F7A34D16}" = Paragon Festplatten Manager 10 - Drive Backup "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AoA Audio Extractor_is1" = AoA Audio Extractor 1.0 "AutoItv3" = AutoIt v3.3.0.0 "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "AVMWLANCLI" = AVM FRITZ!WLAN "BlueJ_is1" = BlueJ 3.0.5 "Canon Advanced Printing Technology" = Canon CAPT-Drucker "CCleaner" = CCleaner (remove only) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Counter-Strike: Source v17" = Counter-Strike: Source v17 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3) "FileZilla Client" = FileZilla Client 3.5.1 "Free Download Manager_is1" = Free Download Manager 3.0 "Free YouTube Download_is1" = Free YouTube Download 2.2 "GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove) "Google Chrome" = Google Chrome "HOXChess" = HOXChess 1.0.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "Little Fighter 2" = Little Fighter 2 version 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Messenger Plus! Live" = Messenger Plus! Live "MessengerDiscovery 2_is1" = MessengerDiscovery 2.0.44 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual C# 2005 Express Edition - DEU" = Microsoft Visual C# 2005 Express Edition - DEU "Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de) "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "TeamViewer 6" = TeamViewer 6 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "web2date" = DATA BECKER web to date 5 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
18.12.2011, 14:56 | #6 |
| BKA-Malware Hi, Fix für OTL:
[code] :OTL [2011.11.04 18:09:44 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HY-VAN\APPDATA\ROAMING\5038 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKCU..\Run: [2F7ZUJ7G2IWWUB5WQXTNWQFN] C:\SystemData\217FA966C5A.exe /q File not found :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = dword:0x00 :Commands [emptytemp] [EMPTYFLASH] [Reboot] TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ --> BKA-Malware |
18.12.2011, 15:21 | #7 |
| BKA-Malware Hab das mit OTL durchgeführt und Pc neu gestartet. TDDSKILLER liefert keine Ergebnisse, aber es kommt immer noch die Meldung von RunDLL. Lg |
19.12.2011, 07:38 | #8 |
| BKA-Malware Hi, der Fix hat nicht funktioniert, die Sachen sind noch da... (da fehlte der Ende TAG, mein Fehler)... Oder Du hast das falsche OTL-Log gepostet... Scan mit SystemLook Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
Code:
ATTFilter :regfind WPBT0.DLL
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
22.12.2011, 18:57 | #9 | ||
| BKA-Malware Hi, ich hab das OTL bis Reboot kopiert. Fehlte dennoch was? Der Pc ist neu gestartet nachdem ich das gemacht habe. Ich hatte gestern wieder einen Virus, hab einen erneuten Scan mit Malwarebytes' Anti-Malware gemacht. Hier nochaml der Log: Zitat:
Zitat:
Ich hab Avira, ich denke ich weiß wie ich es ausstelle, ohne, dass es beim Reboot wieder aktiv ist. Was ist mit Malwarebytes' Anti-Malware? Lg |
22.12.2011, 20:12 | #10 |
| BKA-Malware Hi, lass MAM alles beseitigen (MAM=MalewareAntimalwarebytes) lassen (die Frage ist wieso die Reg.-Einträge erst jetzt gefunden werden). Mein Fehler mit dem Code-Block, habe das Ende Tag-vergessen... Lasse unbedingt combofix laufen, ev. fährt da noch ein Rootkit durch die Gegend. Falls Du Homebanking machst, Konto beobachten und alle Passwörter ändern... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu BKA-Malware |
aktuelle, beendet, beim starten, datei, ebenfalls, explorer, gelöscht, gesperrt, internet, internet explorer, löschen, manager, meldung, neue, nicht sicher, probleme, prozess, registry, rootkit, schnell, seite, seiten, starten, verschwunden, version |