| |
| |||||||
Log-Analyse und Auswertung: Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUALWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.07.2011, 16:46
| #1 |
| |  Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL Hallo, Danke ersteinmal dem- oder denjenigen die sich meinem Problem annehmen. mein Notebook bekommt derzeit mehrfach täglich einen Bluescreen, meist mit der ersten Zeile "IRQL NOT OR LESS EQUAL". Bei googlen nach diesem Term bin ich auch auf dieses Forum gestoflen. Der Bluescreen erscheint, wenn man Befehle gibt, während der Rechner noch hochfährt oder wenn er ¸berlastet scheint. Manchmal aber auch nur einfach so (so wie gerade, als ich diesen Text das erste mal schrieb  )Außerdem öffnen sich andere Seiten, als die die man in der Suchmaschine angeklickt hat. Zudem stürzen Opera, Firefox und auch der IE (extra getestet) ab, sobald mehrere Tabs offen sind oder je nach Webseite auch einfach so. Habe versucht mit Spybot und Malwarebytes etwas zu ändern, aber vergeblich. Antivir von Avira findet "Bootsektorvirus BOO/TDss.", kann das Problem aber nicht lösen. Anbei die erforderlichen Logfiles: OTL: OTL logfile created on: 04.07.2011 14:59:52 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\dom\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,43 Mb Total Physical Memory | 286,71 Mb Available Physical Memory | 28,29% Memory free 2,24 Gb Paging File | 0,73 Gb Available in Paging File | 32,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51,14 Gb Total Space | 13,96 Gb Free Space | 27,29% Space Free | Partition Type: NTFS Drive D: | 50,89 Gb Total Space | 16,63 Gb Free Space | 32,68% Space Free | Partition Type: NTFS Drive E: | 149,01 Gb Total Space | 56,77 Gb Free Space | 38,10% Space Free | Partition Type: FAT32 Computer Name: DOMINIC | User Name: dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.04 14:58:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe PRC - [2011.07.02 12:36:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\mbamgui.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\mbamservice.exe PRC - [2011.04.30 20:13:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot\SDWinSec.exe PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.14 21:02:04 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\dom\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.11 06:10:14 | 000,506,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.03.23 13:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011.07.04 14:58:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.02 12:36:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes\mbamservice.exe -- (MBAMService) SRV - [2011.04.30 20:13:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011.07.02 12:36:17 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.02 12:36:17 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007.04.30 06:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.01.31 11:10:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.01.31 11:10:10 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.01.31 11:10:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.babypips.com/school/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.6 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.09.02 19:45:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.30 19:21:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.30 19:21:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 10:17:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.26 18:36:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.24 13:39:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.17 10:30:48 | 000,000,000 | ---D | M] [2011.01.05 17:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Extensions [2011.01.05 17:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.07.03 22:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\gsmeexj1.default\extensions [2011.01.20 18:25:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\gsmeexj1.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.01.20 18:25:27 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\gsmeexj1.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.06.22 21:15:35 | 000,002,354 | ---- | M] () -- C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\gsmeexj1.default\searchplugins\aol-web-search.xml [2011.06.27 10:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007.09.18 07:49:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.10 05:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.24 10:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.06.15 11:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\DOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSMEEXJ1.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- C:\USERS\DOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSMEEXJ1.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\DOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSMEEXJ1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.12.08 14:25:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007.09.22 21:55:45 | 000,183,649 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 babe.the-killer.bz O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz O1 - Hosts: 127.0.0.1 babe.k-lined.com O1 - Hosts: 127.0.0.1 www.babe.k-lined.com O1 - Hosts: 127.0.0.1 did.i-used.cc O1 - Hosts: 127.0.0.1 www.did.i-used.cc O1 - Hosts: 127.0.0.1 coolwwwsearch.com O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com O1 - Hosts: 127.0.0.1 coolwebsearch.com O1 - Hosts: 127.0.0.1 www.coolwebsearch.com O1 - Hosts: 127.0.0.1 hi.studioaperto.net O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net O1 - Hosts: 127.0.0.1 wazzupnet.com O1 - Hosts: 127.0.0.1 www.wazzupnet.com O1 - Hosts: 127.0.0.1 gueb.com O1 - Hosts: 127.0.0.1 www.gueb.com O1 - Hosts: 127.0.0.1 kabex.com O1 - Hosts: 127.0.0.1 www.kabex.com O1 - Hosts: 127.0.0.1 hityou.com O1 - Hosts: 127.0.0.1 www.hityou.com O1 - Hosts: 127.0.0.1 miosearch.com O1 - Hosts: 127.0.0.1 www.miosearch.com O1 - Hosts: 127.0.0.1 blue-elefant.com O1 - Hosts: 6527 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes\mbamgui.exe (Malwarebytes Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found O13 - gopher Prefix: missing O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} hxxp://vblu.uni-bocconi.it/vblu/NWWClientFull.cab (Entire Screen Builder Web Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\bulxnpgw\jxdkxppk.exe) - File not found O20 - Winlogon\Notify\huffodt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5872f4f6-3e3d-11dc-870a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5872f4f6-3e3d-11dc-870a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{bcd9f011-77f9-11dd-8784-000000000000}\Shell\Auto\command - "" = MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{bcd9f011-77f9-11dd-8784-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{bcd9f017-77f9-11dd-8784-000000000000}\Shell\Auto\command - "" = MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{bcd9f017-77f9-11dd-8784-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{d34bcb6c-044c-11e0-99cb-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{d34bcb6c-044c-11e0-99cb-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.07.04 14:58:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe [2011.07.04 12:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2011.06.25 13:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars [2011.06.22 20:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2011.06.22 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2011.06.22 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility [2011.06.20 08:47:01 | 000,000,000 | ---D | C] -- C:\Users\dom\AppData\Roaming\HoldemManager [2011.06.06 13:29:04 | 000,000,000 | ---D | C] -- C:\Users\dom\Desktop\geld, kapital & devisen [2007.07.30 04:00:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.07.30 03:55:18 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.07.30 03:55:18 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.05.01 16:23:21 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.05.01 08:08:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.04 14:58:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe [2011.07.04 14:55:19 | 000,000,000 | ---- | M] () -- C:\Users\dom\defogger_reenable [2011.07.04 14:54:41 | 000,050,477 | ---- | M] () -- C:\Users\dom\Desktop\Defogger.exe [2011.07.04 14:19:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.04 14:19:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.04 10:59:01 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{271AFCAC-28A1-435D-B7A0-7D58B141E0EA}.job [2011.07.04 08:19:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.03 22:59:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.07.02 12:36:17 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.02 12:36:17 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.30 08:39:54 | 000,401,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.27 00:01:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.27 00:01:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.27 00:01:34 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.27 00:01:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.22 20:32:11 | 000,025,203 | ---- | M] () -- C:\Users\dom\Documents\jo geb.m3u [2011.06.15 12:12:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.06.15 12:12:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.06.15 12:12:13 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.06.13 01:30:36 | 000,060,896 | ---- | M] () -- C:\Users\dom\Documents\comichighlighting1.png [2011.06.09 05:16:44 | 000,054,430 | ---- | M] () -- C:\Users\dom\Desktop\Entwicklung Preise.jpg [2011.06.08 11:01:44 | 000,011,353 | ---- | M] () -- C:\Users\dom\Desktop\autoh‰user 25.05.odt [2011.06.08 09:41:51 | 000,210,464 | ---- | M] () -- C:\Users\dom\Documents\beleg.xps [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.04 14:55:19 | 000,000,000 | ---- | C] () -- C:\Users\dom\defogger_reenable [2011.07.04 14:54:29 | 000,050,477 | ---- | C] () -- C:\Users\dom\Desktop\Defogger.exe [2011.06.27 10:17:11 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.22 20:25:15 | 000,025,203 | ---- | C] () -- C:\Users\dom\Documents\jo geb.m3u [2011.06.15 13:00:47 | 000,000,953 | ---- | C] () -- C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.06.15 12:12:13 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.06.13 01:30:35 | 000,060,896 | ---- | C] () -- C:\Users\dom\Documents\comichighlighting1.png [2011.06.09 05:16:44 | 000,054,430 | ---- | C] () -- C:\Users\dom\Desktop\Entwicklung Preise.jpg [2011.06.08 09:41:35 | 000,210,464 | ---- | C] () -- C:\Users\dom\Documents\beleg.xps [2011.03.19 03:35:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.01.20 15:22:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.17 14:25:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.01.17 14:25:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.01.17 14:25:35 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.01.17 14:25:35 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.17 14:25:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.01.03 22:08:42 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2010.12.10 23:43:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.12.10 23:43:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.08.06 11:06:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2007.12.26 11:50:28 | 000,000,680 | ---- | C] () -- C:\Users\dom\AppData\Local\d3d9caps.dat [2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.09.15 20:11:08 | 000,097,280 | ---- | C] () -- C:\Users\dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.14 21:21:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.08.29 16:55:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\sw2_ttls_manager.exe [2007.08.24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.30 13:35:56 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2007.07.30 13:35:55 | 000,000,094 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.07.30 04:00:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.07.30 03:57:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.05.01 18:13:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.01 16:23:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.05.01 16:23:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.05.01 16:23:21 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.05.01 08:14:02 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.05.01 08:14:02 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.05.01 08:13:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.05.01 08:08:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.05.01 07:55:05 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.05.01 07:47:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.05.01 07:47:39 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,401,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.03.10 12:25:09 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\3 [2008.01.08 13:49:34 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\BitTorrent [2007.09.18 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\BitTorrent DNA [2011.04.17 10:30:49 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Foxit [2011.05.31 08:54:19 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\HEM Data [2011.06.20 08:47:01 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\HoldemManager [2011.01.30 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Local [2011.03.16 19:43:40 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Mudezo [2011.05.10 05:57:19 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\OpenOffice.org [2010.12.13 10:43:52 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Opera [2011.03.16 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Pawa [2011.04.18 19:20:26 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Roaming [2011.01.11 09:52:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Sports Interactive [2011.01.05 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Thunderbird [2011.07.04 10:59:08 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.07.04 10:59:01 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{271AFCAC-28A1-435D-B7A0-7D58B141E0EA}.job [2011.03.15 12:28:25 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5DD6CC0-1BA4-474A-AE51-B6F76C72D65F}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.09.14 21:01:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.15 13:21:25 | 000,000,000 | ---D | M] -- C:\4e36c736956664754c20910a420eca [2007.09.14 21:01:47 | 000,000,000 | ---D | M] -- C:\Acer [2007.05.01 16:23:16 | 000,000,000 | ---D | M] -- C:\Book [2010.12.15 09:58:13 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.09.14 20:56:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.05.01 08:44:10 | 000,000,000 | ---D | M] -- C:\DRV [2007.10.10 06:04:58 | 000,000,000 | ---D | M] -- C:\Intel [2008.06.20 00:22:07 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.27 09:25:50 | 000,000,000 | ---D | M] -- C:\Program Files [2011.06.23 21:51:52 | 000,000,000 | ---D | M] -- C:\ProgramData [2007.09.14 20:56:26 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.24 17:46:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.03 21:58:40 | 000,000,000 | R--D | M] -- C:\Users [2011.06.27 09:25:50 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.02.02 00:41:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.02.02 00:41:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-01 06:44:29 < > ========== Files - Unicode (All) ========== [2011.03.10 12:25:07 | 000,000,000 | ---D | M](C:\Users\dom\AppData\Roaming\??????) -- C:\Users\dom\AppData\Roaming\?????? [2011.03.10 12:25:07 | 000,000,000 | ---D | M](C:\Users\dom\AppData\Roaming\??????) -- C:\Users\dom\AppData\Roaming\?????? [2011.03.10 12:25:01 | 000,000,000 | ---D | M](C:\Windows\System32\??????) -- C:\Windows\System32\?????? [2011.03.10 12:25:01 | 000,000,000 | ---D | C](C:\Windows\System32\??????) -- C:\Windows\System32\?????? (C:\Users\dom\AppData\Roaming\??????) -- C:\Users\dom\AppData\Roaming\?????? < End of report > Extras: OTL Extras logfile created on: 04.07.2011 14:59:53 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\dom\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,43 Mb Total Physical Memory | 286,71 Mb Available Physical Memory | 28,29% Memory free 2,24 Gb Paging File | 0,73 Gb Available in Paging File | 32,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51,14 Gb Total Space | 13,96 Gb Free Space | 27,29% Space Free | Partition Type: NTFS Drive D: | 50,89 Gb Total Space | 16,63 Gb Free Space | 32,68% Space Free | Partition Type: NTFS Drive E: | 149,01 Gb Total Space | 56,77 Gb Free Space | 38,10% Space Free | Partition Type: FAT32 Computer Name: DOMINIC | User Name: dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent_DNA\bittorrent.exe" = C:\Program Files\BitTorrent_DNA\bittorrent.exe:*:Enabled:BitTorrent ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4B052B4A-6944-4187-B7BA-EB9D284FED3A}" = lport=10243 | protocol=6 | dir=in | app=system | "{536F01E3-D6AF-45B1-B61A-72E6503EDC94}" = lport=2869 | protocol=6 | dir=in | app=system | "{5460B6A3-081C-4E9D-8701-296A62E9D8EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7217DFD8-29F8-446B-A346-83D3C940B735}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C57275E-8B1E-49FE-990A-17E20744477F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A33EE1E2-B0A9-4A0E-B661-822BE3318F85}" = rport=10243 | protocol=6 | dir=out | app=system | "{AA67081D-F2CF-49B3-A2C3-44AB45B4887D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDCF30F8-4D2D-45B9-9A83-DE4675718B98}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E8EC45F7-C45B-4CFF-B5BE-3C32870CBC4B}" = lport=5432 | protocol=6 | dir=in | name=postgres | "{F794D7B3-657B-43B4-B162-5C6CBFEB7A8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15075F0B-40CC-4EF4-8A8F-77D797EF2650}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe | "{1EA04F71-1FE8-46F3-B7B5-263444F3E106}" = protocol=6 | dir=out | app=system | "{2F042BC3-C986-4CA6-BF02-34BA5D4422FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{41124CB3-27CC-43F4-B5D8-E29F5DC8D2C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C454EF4-162B-469F-8820-F916F1DA4960}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{7530F0EE-5938-42B6-BFFA-53D33705C7FA}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{7998B954-F5F2-402C-B730-9BC1488F1822}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{7C659DF1-D3D4-4DFB-A91A-31FECE8C10B6}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{854AF788-359E-4675-9EF4-921C72051DA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8831D5D2-A3E2-4712-A04C-ECAB112DFC8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{89BEA3B7-10A6-4042-90A2-C7E4C0A3A306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B84C918-1740-4586-926F-EF0A1B19D232}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A87E8D8E-BFAD-450C-AA40-F4591A124440}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{B7360545-54F3-433E-B99E-8434BF63775E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B98080A1-8676-4326-8C12-AB8B7F28050D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B9B6D85E-8EA9-4762-83D7-62B1D78AD470}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe | "{BD289B34-DF30-437A-A650-B75EF139C7D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C1AD2C55-15C5-4D16-ACB4-9C783A799237}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{D0FE849D-26AB-4014-AD6D-2B66DF61BD45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF2BA8F2-16D0-4950-9CEB-51703095AF0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F1F40A3A-D402-431D-901B-2BEB27A53E35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3D923782-D919-4D1E-8D40-45F9282A836C}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{68379244-42FF-4A1A-A29B-6BF0ED4EF2A6}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{6E04C4FD-71C0-425B-A4DD-ECA983C5BC53}C:\program files\steam\steamapps\dionysos13\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dionysos13\team fortress 2\hl2.exe | "TCP Query User{9B59BC88-15E1-4C36-B071-A32ED20B76FD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{9D11D79C-8942-4B11-99C6-48B443E25E9D}C:\program files\steam\steamapps\csgod494\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\csgod494\team fortress 2\hl2.exe | "TCP Query User{A13937C5-E785-4593-8888-ABEB395383FE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{B233AF06-C9C8-4679-BB2E-B1E3D0EF7623}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{B2662E8E-80E3-4F34-9EAF-E9DC36F5BC16}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CE2E6AB2-7E55-4AE1-AB8E-9A214AEF6923}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{ECA44183-A7CF-44F9-AF2D-1068499A8D7B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F56047A2-E124-41F0-A3D0-E8490048AFC2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{3143CD7D-63BF-4505-82BE-F338F627C142}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{5368EC90-978A-46A0-91A5-AF195ED53E40}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{5993106E-E12F-494B-A456-CC4E9B31316D}C:\program files\steam\steamapps\csgod494\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\csgod494\team fortress 2\hl2.exe | "UDP Query User{5AAA6C6F-346A-452D-BC7D-DF95FC214041}C:\program files\steam\steamapps\dionysos13\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dionysos13\team fortress 2\hl2.exe | "UDP Query User{8F993012-2831-4375-84D0-18B6625863D1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{9119A1F1-2533-4963-B801-84A9DF4D0D51}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{B5A52058-A0E9-4427-93A4-FB7DE3935A68}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{B6EEDBB3-CAC3-4F97-9575-2D14A45EF8E8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B9358F73-1FCC-494E-9BAC-7541517A2AC6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C7EC594A-51D8-4183-B388-14BDCFBAC66C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{D3A745B0-8A04-4B28-8363-343EBA2F122F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skypeô 5.3 "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "FLV Player" = FLV Player 2.0, build 24 "Foxit Reader" = Foxit Reader "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "HoldemManager" = Holdem Manager "KLiteCodecPack_is1" = K-Lite Codec Pack 6.8.0 (Full) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11) "Opera 11.11.2109" = Opera 11.11 "PokerStars" = PokerStars "PostgreSQL 8.4" = PostgreSQL 8.4 "ProInst" = Intel PROSet Wireless "SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows "SoftwareUpdUtility" = Download Updater (AOL LLC) "VLC media player" = VideoLAN VLC media player 0.8.6c "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Zattoo" = Zattoo 3.3.0 Beta ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.07.2011 04:54:38 | Computer Name = *** | Source = PostgreSQL | ID = 0 Description = Error - 04.07.2011 04:55:10 | Computer Name = *** | Source = PostgreSQL | ID = 0 Description = Error - 04.07.2011 04:55:42 | Computer Name = *** | Source = PostgreSQL | ID = 0 Description = Error - 04.07.2011 04:58:50 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode 0xc000071b, Fehleroffset 0x00088d15, Prozess-ID 0x71c, Anwendungsstartzeit 01cc3a25bcb938b0. Error - 04.07.2011 07:03:08 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 04.07.2011 07:03:09 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 04.07.2011 07:03:09 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 04.07.2011 07:03:10 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 04.07.2011 09:02:03 | Computer Name = *** | Source = SPP | ID = 16387 Description = Error - 04.07.2011 09:02:03 | Computer Name = *** | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 03.07.2011 16:59:14 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 03.07.2011 18:43:54 | Computer Name = *** | Source = Service Control Manager | ID = 7026 Description = Error - 03.07.2011 18:47:47 | Computer Name = *** | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 04.07.2011 um 00:46:20 unerwartet heruntergefahren. Error - 03.07.2011 18:49:14 | Computer Name = *** | Source = Service Control Manager | ID = 7026 Description = Error - 04.07.2011 02:28:22 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = Error - 04.07.2011 02:28:23 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = Error - 04.07.2011 04:39:46 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = Error - 04.07.2011 04:39:46 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = Error - 04.07.2011 04:42:45 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = Error - 04.07.2011 05:01:09 | Computer Name = *** | Source = Service Control Manager | ID = 7032 Description = < End of report > und Gmer: GMER 1.0.15.15640 - hxxp://www.gmer.net Rootkit scan 2011-07-04 16:32:43 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.DL15 Running: 7iq456ud.exe; Driver: C:\Users\dom\AppData\Local\Temp\pwldapod.sys ---- System - GMER 1.0.15 ---- SSDT 8D5DD4D6 ZwCreateSection SSDT 8D5DD4DB ZwSetContextThread SSDT 8D5DD477 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 820B3998 4 Bytes [D6, D4, 5D, 8D] .text ntkrnlpa.exe!KeSetEvent + 56D 820B3CF0 4 Bytes [DB, D4, 5D, 8D] .text ntkrnlpa.exe!KeSetEvent + 621 820B3DA4 4 Bytes [77, D4, 5D, 8D] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[208] ntdll.dll!NtProtectVirtualMemory 775C4B84 5 Bytes JMP 0090000A .text C:\Windows\Explorer.EXE[208] ntdll.dll!NtWriteVirtualMemory 775C54C4 5 Bytes JMP 0096000A .text C:\Windows\Explorer.EXE[208] ntdll.dll!KiUserExceptionDispatcher 775C5BF8 5 Bytes JMP 008F000A .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 775C4B84 5 Bytes JMP 0022000A .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 775C54C4 5 Bytes JMP 0023000A .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!KiUserExceptionDispatcher 775C5BF8 5 Bytes JMP 0021000A .text C:\Windows\system32\svchost.exe[1148] ole32.dll!CoCreateInstance 76F79F3E 5 Bytes JMP 01EE000A .text C:\Windows\system32\svchost.exe[1148] USER32.dll!WindowFromPoint 771C884F 5 Bytes JMP 01F4000A .text C:\Windows\system32\svchost.exe[1148] USER32.dll!GetForegroundWindow 771D32C4 5 Bytes JMP 01F5000A .text C:\Windows\system32\svchost.exe[1148] USER32.dll!GetCursorPos 771E0B88 5 Bytes JMP 01EF000A ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1237GSX_______________________DL150J__#4&12a7e20a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efc305b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efc305b@0016b825dfcd 0x6C 0xBB 0xB5 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efc305b@c42c03b8ccd6 0x6C 0xA6 0x07 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197efc305b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197efc305b@0016b825dfcd 0x6C 0xBB 0xB5 0x84 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197efc305b@c42c03b8ccd6 0x6C 0xA6 0x07 0x4F ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ---- |
|
04.07.2011, 20:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
05.07.2011, 07:43
| #3 |
| | Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL Guten Morgen.
__________________Habe über Nacht mal nen Vollscan laufen lassen, der war aber wie am Nachmittag erfolglos: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7019 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 05.07.2011 03:13:39 mbam-log-2011-07-05 (03-13-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 323017 Laufzeit: 1 Stunde(n), 40 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und am selben Nachmittag: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7017 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 04.07.2011 14:21:56 mbam-log-2011-07-04 (14-21-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 322215 Laufzeit: 1 Stunde(n), 52 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Dazu die alten (Quick-)Scans mit und ohne Funde: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6605 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 18.05.2011 11:53:31 mbam-log-2011-05-18 (11-53-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 36456 Laufzeit: 3 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6605 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 18.05.2011 08:54:42 mbam-log-2011-05-18 (08-54-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152456 Laufzeit: 7 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6599 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 18.05.2011 08:36:50 mbam-log-2011-05-18 (08-36-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152323 Laufzeit: 8 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6599 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 18.05.2011 07:56:34 mbam-log-2011-05-18 (07-56-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152258 Laufzeit: 10 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\youmeetwewo (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\youmeetwewo\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6363 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 14.04.2011 18:03:35 mbam-log-2011-04-14 (18-03-35).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164425 Laufzeit: 27 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Temp\0.7533198462859988.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. |
|
05.07.2011, 07:51
| #4 |
| | Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL Dazu noch etwas für mich sehr erschreckendes: Habe seit gestern die Trialversion von Malwarebytes. Diese stoppt den Zugriff aufs Internet von einem mir nicht bekannten Programm fast im Minutentakt. Anbei auch dieses Logfile: 12:28:57 dom MESSAGE Protection started successfully 12:29:04 dom MESSAGE IP Protection started successfully 12:29:18 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 57856, Process: svchost.exe) 12:30:40 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 57932, Process: svchost.exe) 12:33:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58185, Process: svchost.exe) 12:36:43 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58212, Process: svchost.exe) 12:39:40 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58218, Process: svchost.exe) 12:41:17 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 58221, Process: svchost.exe) 12:42:46 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58248, Process: svchost.exe) 12:45:44 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58420, Process: svchost.exe) 12:48:50 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58472, Process: svchost.exe) 12:51:48 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58477, Process: svchost.exe) 12:54:46 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58479, Process: svchost.exe) 12:57:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58481, Process: svchost.exe) 12:58:10 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 58483, Process: svchost.exe) 12:58:10 dom IP-BLOCK 208.73.210.48 (Type: outgoing, Port: 58485, Process: svchost.exe) 12:58:10 dom IP-BLOCK 208.73.210.48 (Type: outgoing, Port: 58486, Process: svchost.exe) 12:58:34 dom MESSAGE Added 208.73.210.48 to ignore list 12:58:39 dom MESSAGE IP Protection stopped 12:58:41 dom MESSAGE IP Protection started successfully 13:00:50 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58545, Process: svchost.exe) 13:01:46 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58570, Process: svchost.exe) 13:01:46 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58571, Process: svchost.exe) 13:02:28 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58618, Process: svchost.exe) 13:02:28 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58619, Process: svchost.exe) 13:03:00 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58639, Process: svchost.exe) 13:03:00 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58640, Process: svchost.exe) 13:03:57 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 58793, Process: svchost.exe) 13:06:56 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59010, Process: svchost.exe) 13:09:53 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59050, Process: svchost.exe) 13:11:31 dom IP-BLOCK 64.111.196.117 (Type: outgoing, Port: 59083, Process: svchost.exe) 13:13:01 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59103, Process: svchost.exe) 13:15:59 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59163, Process: svchost.exe) 13:19:05 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59253, Process: svchost.exe) 13:22:03 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59262, Process: svchost.exe) 13:25:01 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59265, Process: svchost.exe) 13:26:21 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59266, Process: svchost.exe) 13:26:29 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59268, Process: svchost.exe) 13:28:07 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59298, Process: svchost.exe) 13:30:08 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59320, Process: svchost.exe) 13:30:08 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59321, Process: svchost.exe) 13:30:57 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59338, Process: svchost.exe) 13:30:57 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59339, Process: svchost.exe) 13:31:05 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59342, Process: svchost.exe) 13:31:29 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59353, Process: svchost.exe) 13:31:29 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 59354, Process: svchost.exe) 13:34:03 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59395, Process: svchost.exe) 13:37:10 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59401, Process: svchost.exe) 13:38:23 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59402, Process: svchost.exe) 13:38:31 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59404, Process: svchost.exe) 13:40:09 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59599, Process: svchost.exe) 14:55:21 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59713, Process: svchost.exe) 14:58:19 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59717, Process: svchost.exe) 14:58:52 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 59718, Process: svchost.exe) 15:00:12 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59728, Process: svchost.exe) 15:01:25 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59734, Process: svchost.exe) 15:04:23 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59736, Process: svchost.exe) 15:08:09 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59740, Process: svchost.exe) 15:09:14 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 59745, Process: svchost.exe) 15:10:27 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59747, Process: svchost.exe) 15:13:24 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59749, Process: svchost.exe) 15:16:00 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59767, Process: svchost.exe) 15:16:33 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59773, Process: svchost.exe) 15:19:14 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 59796, Process: svchost.exe) 15:19:30 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59798, Process: svchost.exe) 15:22:36 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59803, Process: svchost.exe) 15:23:16 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59805, Process: svchost.exe) 15:25:33 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59811, Process: svchost.exe) 15:28:31 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59813, Process: svchost.exe) 15:31:20 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59815, Process: svchost.exe) 15:31:36 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59818, Process: svchost.exe) 15:34:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59826, Process: svchost.exe) 15:37:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59828, Process: svchost.exe) 15:39:40 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 59830, Process: svchost.exe) 15:40:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 59835, Process: svchost.exe) 15:40:45 dom IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 59838, Process: svchost.exe) 15:46:36 dom MESSAGE Protection started successfully 15:46:42 dom MESSAGE IP Protection started successfully 15:47:05 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49165, Process: svchost.exe) 15:47:23 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 49166, Process: svchost.exe) 15:50:05 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49169, Process: svchost.exe) 15:53:12 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49171, Process: svchost.exe) 15:53:24 dom MESSAGE IP Protection stopped 16:34:07 dom MESSAGE IP Protection started successfully 16:34:14 dom MESSAGE IP Protection stopped 16:34:16 dom MESSAGE IP Protection started successfully 16:35:12 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49173, Process: svchost.exe) 16:38:17 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49182, Process: svchost.exe) 16:39:22 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 49185, Process: svchost.exe) 16:41:15 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49205, Process: svchost.exe) 16:44:21 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49207, Process: svchost.exe) 16:47:12 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 49210, Process: svchost.exe) 16:47:20 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49213, Process: svchost.exe) 16:47:36 dom IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 49215, Process: svchost.exe) 16:47:52 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 49216, Process: svchost.exe) 16:48:00 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49222, Process: svchost.exe) 16:48:32 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49269, Process: svchost.exe) 16:48:32 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49270, Process: svchost.exe) 16:49:21 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49316, Process: svchost.exe) 16:49:21 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49317, Process: svchost.exe) 16:49:21 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49318, Process: svchost.exe) 16:49:45 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49350, Process: svchost.exe) 16:49:45 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49352, Process: svchost.exe) 16:49:45 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49353, Process: svchost.exe) 16:50:17 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49390, Process: svchost.exe) 16:51:14 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49490, Process: svchost.exe) 16:51:14 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49491, Process: svchost.exe) 16:51:30 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49496, Process: svchost.exe) 16:51:30 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49497, Process: svchost.exe) 16:51:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49528, Process: svchost.exe) 16:51:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49529, Process: svchost.exe) 16:52:27 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49574, Process: svchost.exe) 16:52:27 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49575, Process: svchost.exe) 16:52:27 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49578, Process: svchost.exe) 16:52:27 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49579, Process: svchost.exe) 16:52:43 dom IP-BLOCK 208.91.207.91 (Type: outgoing, Port: 49590, Process: svchost.exe) 16:53:08 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49631, Process: svchost.exe) 16:53:08 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49635, Process: svchost.exe) 16:53:24 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49709, Process: svchost.exe) 16:53:40 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49721, Process: svchost.exe) 16:53:40 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49722, Process: svchost.exe) 16:56:23 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49825, Process: svchost.exe) 16:57:25 dom MESSAGE IP Protection stopped 17:03:25 dom MESSAGE Protection started successfully 17:03:29 dom MESSAGE IP Protection started successfully 17:04:24 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 49172, Process: svchost.exe) 17:06:01 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49179, Process: svchost.exe) 17:08:58 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49181, Process: svchost.exe) 17:10:12 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 49185, Process: svchost.exe) 17:11:50 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49352, Process: svchost.exe) 17:11:50 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49353, Process: svchost.exe) 17:12:06 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49391, Process: svchost.exe) 17:12:32 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49431, Process: svchost.exe) 17:12:40 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49438, Process: svchost.exe) 17:12:40 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49439, Process: svchost.exe) 17:12:48 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49471, Process: svchost.exe) 17:12:48 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49472, Process: svchost.exe) 17:13:13 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49529, Process: svchost.exe) 17:13:13 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49530, Process: svchost.exe) 17:13:22 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49548, Process: svchost.exe) 17:13:22 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49549, Process: svchost.exe) 17:14:10 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49806, Process: svchost.exe) 17:14:10 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49809, Process: svchost.exe) 17:14:10 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49810, Process: svchost.exe) 17:14:27 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49899, Process: svchost.exe) 17:14:27 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49900, Process: svchost.exe) 17:14:27 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49944, Process: svchost.exe) 17:14:27 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49948, Process: svchost.exe) 17:15:07 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50028, Process: svchost.exe) 17:18:04 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50172, Process: svchost.exe) 17:21:09 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50201, Process: svchost.exe) 17:23:18 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 50245, Process: svchost.exe) 17:24:07 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50275, Process: svchost.exe) 17:24:31 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50395, Process: svchost.exe) 17:24:47 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50399, Process: svchost.exe) 17:24:47 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50400, Process: svchost.exe) 17:25:19 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50472, Process: svchost.exe) 17:25:19 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50473, Process: svchost.exe) 17:25:35 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50530, Process: svchost.exe) 17:25:35 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50531, Process: svchost.exe) 17:27:12 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50701, Process: svchost.exe) 17:28:56 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50772, Process: svchost.exe) 17:28:56 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50773, Process: svchost.exe) 17:29:29 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50780, Process: svchost.exe) 17:29:29 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50781, Process: svchost.exe) 17:29:53 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50790, Process: svchost.exe) 17:29:53 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50791, Process: svchost.exe) 17:30:09 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50796, Process: svchost.exe) 17:33:14 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50818, Process: svchost.exe) 17:36:11 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50860, Process: svchost.exe) 17:39:16 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50872, Process: svchost.exe) 17:41:20 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50945, Process: svchost.exe) 17:41:20 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50947, Process: svchost.exe) 17:41:20 dom IP-BLOCK 208.91.207.91 (Type: outgoing, Port: 50962, Process: svchost.exe) 17:41:20 dom IP-BLOCK 208.91.207.91 (Type: outgoing, Port: 50964, Process: svchost.exe) 17:42:17 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51004, Process: svchost.exe) 17:42:25 dom IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 51012, Process: svchost.exe) 17:44:42 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51211, Process: svchost.exe) 17:44:42 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51212, Process: svchost.exe) 17:45:15 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51229, Process: svchost.exe) 17:45:23 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51255, Process: svchost.exe) 17:45:23 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51256, Process: svchost.exe) 17:45:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51264, Process: svchost.exe) 17:45:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51265, Process: svchost.exe) 17:48:20 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51268, Process: svchost.exe) 17:51:17 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51272, Process: svchost.exe) 17:54:22 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51277, Process: svchost.exe) 17:56:47 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51382, Process: svchost.exe) 17:56:47 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51383, Process: svchost.exe) 17:57:11 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51391, Process: svchost.exe) 17:57:11 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51392, Process: svchost.exe) 17:57:19 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51408, Process: svchost.exe) 17:57:45 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51448, Process: svchost.exe) 17:57:45 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51449, Process: svchost.exe) 18:00:18 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51654, Process: svchost.exe) 18:03:26 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51926, Process: svchost.exe) 18:06:23 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51934, Process: svchost.exe) 18:09:28 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51936, Process: svchost.exe) 18:12:25 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51939, Process: svchost.exe) 18:15:30 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51941, Process: svchost.exe) 18:17:23 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 51945, Process: svchost.exe) 18:17:31 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51947, Process: svchost.exe) 18:17:31 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51948, Process: svchost.exe) 18:18:03 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51965, Process: svchost.exe) 18:18:03 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51966, Process: svchost.exe) 18:18:19 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51996, Process: svchost.exe) 18:18:19 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51997, Process: svchost.exe) 18:18:27 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52001, Process: svchost.exe) 18:28:02 dom MESSAGE Protection started successfully 18:28:09 dom MESSAGE IP Protection started successfully 18:30:25 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49179, Process: svchost.exe) 18:33:24 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49182, Process: svchost.exe) 18:36:21 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49239, Process: svchost.exe) 18:36:21 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49240, Process: svchost.exe) 18:36:29 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49243, Process: svchost.exe) 18:36:46 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49245, Process: svchost.exe) 18:36:46 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49246, Process: svchost.exe) 18:37:02 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49248, Process: svchost.exe) 18:37:02 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49249, Process: svchost.exe) 18:37:34 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49267, Process: svchost.exe) 18:37:34 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49268, Process: svchost.exe) 18:37:34 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49269, Process: svchost.exe) 18:37:34 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49270, Process: svchost.exe) 18:37:58 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49289, Process: svchost.exe) 18:37:58 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49290, Process: svchost.exe) 18:37:58 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49292, Process: svchost.exe) 18:37:58 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49293, Process: svchost.exe) 18:38:40 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49395, Process: svchost.exe) 18:38:40 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49394, Process: svchost.exe) 18:39:12 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49427, Process: svchost.exe) 18:39:12 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49428, Process: svchost.exe) 18:39:28 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49446, Process: svchost.exe) 18:42:26 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49477, Process: svchost.exe) 18:47:32 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49482, Process: svchost.exe) 18:50:29 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49484, Process: svchost.exe) 18:53:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49486, Process: svchost.exe) 18:56:32 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49492, Process: svchost.exe) 18:59:31 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49722, Process: svchost.exe) 18:59:47 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49729, Process: svchost.exe) 18:59:47 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49730, Process: svchost.exe) 19:00:28 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49759, Process: svchost.exe) 19:00:28 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49760, Process: svchost.exe) 19:00:52 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49776, Process: svchost.exe) 19:00:52 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49777, Process: svchost.exe) 19:02:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49847, Process: svchost.exe) 19:05:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 49874, Process: svchost.exe) 19:11:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50054, Process: svchost.exe) 19:14:18 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50090, Process: svchost.exe) 19:14:18 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50091, Process: svchost.exe) 19:14:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50093, Process: svchost.exe) 19:14:59 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50120, Process: svchost.exe) 19:14:59 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50121, Process: svchost.exe) 19:15:31 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50146, Process: svchost.exe) 19:15:31 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50147, Process: svchost.exe) 19:17:49 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50257, Process: svchost.exe) 19:20:55 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50426, Process: svchost.exe) 19:23:52 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50506, Process: svchost.exe) 19:24:44 dom MESSAGE Scheduled update executed successfully 19:24:47 dom MESSAGE IP Protection stopped 19:25:10 dom MESSAGE Database updated successfully 19:25:15 dom MESSAGE IP Protection started successfully 19:26:56 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50558, Process: svchost.exe) 19:29:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50813, Process: svchost.exe) 19:33:41 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50917, Process: svchost.exe) 19:36:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50920, Process: svchost.exe) 19:39:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50922, Process: svchost.exe) 19:42:42 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50925, Process: svchost.exe) 19:45:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 50968, Process: svchost.exe) 19:48:44 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51208, Process: svchost.exe) 19:51:41 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51373, Process: svchost.exe) 19:54:23 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51380, Process: svchost.exe) 19:57:20 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51382, Process: svchost.exe) 20:00:25 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51384, Process: svchost.exe) 20:03:22 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51386, Process: svchost.exe) 20:04:35 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 51390, Process: svchost.exe) 20:06:27 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51441, Process: svchost.exe) 20:09:28 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51776, Process: svchost.exe) 20:12:26 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51941, Process: svchost.exe) 20:15:31 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 51974, Process: svchost.exe) 20:17:40 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 51997, Process: svchost.exe) 20:18:28 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52027, Process: svchost.exe) 20:19:09 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52039, Process: svchost.exe) 20:19:09 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52040, Process: svchost.exe) 20:19:49 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52056, Process: svchost.exe) 20:19:49 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52057, Process: svchost.exe) 20:20:13 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52083, Process: svchost.exe) 20:20:13 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52084, Process: svchost.exe) 20:21:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52145, Process: svchost.exe) 20:24:31 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52299, Process: svchost.exe) 20:27:36 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52327, Process: svchost.exe) 20:30:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52439, Process: svchost.exe) 20:33:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52655, Process: svchost.exe) 20:36:36 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52732, Process: svchost.exe) 20:39:42 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52761, Process: svchost.exe) 20:42:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52811, Process: svchost.exe) 20:45:44 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 52927, Process: svchost.exe) 20:48:42 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53032, Process: svchost.exe) 20:51:49 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53119, Process: svchost.exe) 20:54:46 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53132, Process: svchost.exe) 20:57:52 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53136, Process: svchost.exe) 21:00:49 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53203, Process: svchost.exe) 21:03:46 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 53308, Process: svchost.exe) 21:03:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53321, Process: svchost.exe) 21:06:51 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53477, Process: svchost.exe) 21:09:57 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53483, Process: svchost.exe) 21:12:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53495, Process: svchost.exe) 21:14:07 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 53497, Process: svchost.exe) 21:15:52 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 53501, Process: svchost.exe) 21:15:52 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53503, Process: svchost.exe) 21:15:52 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53504, Process: svchost.exe) 21:15:52 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53506, Process: svchost.exe) 21:16:32 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53513, Process: svchost.exe) 21:16:32 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53514, Process: svchost.exe) 21:17:04 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53532, Process: svchost.exe) 21:17:04 dom IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53533, Process: svchost.exe) 21:18:57 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53584, Process: svchost.exe) 21:21:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53702, Process: svchost.exe) 21:24:28 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 53759, Process: svchost.exe) 21:25:00 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53787, Process: svchost.exe) 21:27:57 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53803, Process: svchost.exe) 21:31:03 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53864, Process: svchost.exe) 21:34:00 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 53991, Process: svchost.exe) 21:34:24 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 53994, Process: svchost.exe) 21:37:06 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54100, Process: svchost.exe) 21:40:03 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54112, Process: svchost.exe) 21:40:03 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 54113, Process: svchost.exe) 21:43:01 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54166, Process: svchost.exe) 21:44:29 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 54231, Process: svchost.exe) 21:46:06 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54253, Process: svchost.exe) 21:49:04 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54299, Process: svchost.exe) 21:52:09 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54305, Process: svchost.exe) 21:53:06 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 54309, Process: svchost.exe) 21:55:07 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54382, Process: svchost.exe) 21:57:24 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54451, Process: svchost.exe) 21:57:24 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54452, Process: svchost.exe) 21:58:12 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54487, Process: svchost.exe) 21:58:12 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54488, Process: svchost.exe) 21:58:12 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54490, Process: svchost.exe) 21:58:37 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54497, Process: svchost.exe) 21:58:37 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54498, Process: svchost.exe) 22:01:10 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54523, Process: svchost.exe) 22:04:15 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54557, Process: svchost.exe) 22:04:32 dom IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 54558, Process: svchost.exe) 22:07:13 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54632, Process: svchost.exe) 22:10:18 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54751, Process: svchost.exe) 22:13:16 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54798, Process: svchost.exe) 22:14:28 dom IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 54807, Process: svchost.exe) 22:14:28 dom IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 54808, Process: svchost.exe) 22:16:21 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54816, Process: svchost.exe) 22:19:18 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54871, Process: svchost.exe) 22:22:08 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 54875, Process: svchost.exe) 22:22:16 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54895, Process: svchost.exe) 22:24:33 dom IP-BLOCK 188.95.52.162 (Type: outgoing, Port: 54942, Process: svchost.exe) 22:25:23 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 54970, Process: svchost.exe) 22:28:25 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55082, Process: svchost.exe) 22:31:30 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55113, Process: svchost.exe) 22:34:27 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55116, Process: svchost.exe) 22:34:27 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 55117, Process: svchost.exe) 22:34:27 dom IP-BLOCK 188.229.90.136 (Type: outgoing, Port: 55118, Process: svchost.exe) 22:37:33 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55183, Process: svchost.exe) 22:40:31 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55364, Process: svchost.exe) 22:43:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55386, Process: svchost.exe) 22:44:33 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 55389, Process: svchost.exe) 22:44:33 dom IP-BLOCK 188.229.90.137 (Type: outgoing, Port: 55390, Process: svchost.exe) 22:46:34 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55451, Process: svchost.exe) 22:49:39 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55454, Process: svchost.exe) 22:50:20 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 55456, Process: svchost.exe) 22:52:37 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55517, Process: svchost.exe) 22:55:42 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55609, Process: svchost.exe) 22:58:40 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55691, Process: svchost.exe) 23:01:45 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55742, Process: svchost.exe) 23:03:54 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 55752, Process: svchost.exe) 23:04:42 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55754, Process: svchost.exe) 23:07:31 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 55757, Process: svchost.exe) 23:07:48 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55766, Process: svchost.exe) 23:10:46 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 55918, Process: svchost.exe) 23:13:43 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56025, Process: svchost.exe) 23:14:16 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 56033, Process: svchost.exe) 23:16:49 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56055, Process: svchost.exe) 23:19:46 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56063, Process: svchost.exe) 23:20:58 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 56067, Process: svchost.exe) 23:22:43 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56111, Process: svchost.exe) 23:22:43 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56112, Process: svchost.exe) 23:22:51 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56114, Process: svchost.exe) 23:23:23 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56123, Process: svchost.exe) 23:23:23 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56124, Process: svchost.exe) 23:23:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56173, Process: svchost.exe) 23:23:55 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56174, Process: svchost.exe) 23:24:36 dom IP-BLOCK 89.208.149.204 (Type: outgoing, Port: 56212, Process: svchost.exe) 23:25:00 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56286, Process: svchost.exe) 23:25:00 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56287, Process: svchost.exe) 23:25:49 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56310, Process: svchost.exe) 23:25:57 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56312, Process: svchost.exe) 23:25:57 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56313, Process: svchost.exe) 23:26:21 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56327, Process: svchost.exe) 23:26:21 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56328, Process: svchost.exe) 23:28:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56466, Process: svchost.exe) 23:31:51 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56492, Process: svchost.exe) 23:34:32 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 56526, Process: svchost.exe) 23:34:57 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56528, Process: svchost.exe) 23:37:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56594, Process: svchost.exe) 23:40:59 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56632, Process: svchost.exe) 23:43:56 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56685, Process: svchost.exe) 23:44:37 dom IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 56686, Process: svchost.exe) 23:45:49 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56690, Process: svchost.exe) 23:45:49 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56691, Process: svchost.exe) 23:46:38 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56712, Process: svchost.exe) 23:46:38 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56713, Process: svchost.exe) 23:46:54 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56715, Process: svchost.exe) 23:47:10 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56722, Process: svchost.exe) 23:47:10 dom IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56723, Process: svchost.exe) 23:50:00 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56829, Process: svchost.exe) 23:52:58 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56866, Process: svchost.exe) 23:56:03 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56890, Process: svchost.exe) 23:58:20 dom IP-BLOCK 83.133.119.176 (Type: outgoing, Port: 56901, Process: svchost.exe) 23:59:00 dom IP-BLOCK 91.193.194.175 (Type: outgoing, Port: 56922, Process: svchost.exe) |
|
05.07.2011, 08:56
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Bootsektorvirus BOO/TDss / Bluescreen IRQL NOT OR LESS EQUAL |
| 32-bit, antivir, autorun, bho, bluescreen, boo/tdss, bootsektorvirus, c:\windows\system32\rundll32.exe, equal, erste mal, firefox, geld, google, install.exe, launch, mozilla thunderbird, ntdll.dll, plug-in, popup, problem, registry, rundll, safer networking, shell32.dll, software, spyware.passwords.xgen, start menu, svchost.exe, torrent.exe, trojan.spyeyes, usb, vista, ändern |
Linear-Darstellung
