Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Bundespolizei: Pc hängt sich ständig auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.09.2012, 12:29   #1
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo liebe Formunsgemeinde.

Ich hoffe bei Euch auf Hilfe zu meinem Problem:

Vor ca. 1 Woche habe ich mir diesen Bundespolizei Trojaner eingefangen. Draufhin habe ich Malwarebytes drüber laufen lassen und der Pc geht jetzt zumindest wieder an. Bei Malwarebytes wurden insgesamt 8 infizierte Datein gefunden und diese wurden wenn ich mich recht erinnere in die Quarantäne geschoben.

Mein Problem nun ist: wenn ich den PC anmache und irgendetwas machen möchte hängt er sich auf. D.h. es geht nichts mehr, auch Str Alt+ entf. geht nicht.

Ich habe mich nun an die Anleitungen hier im Forum gehalten und folgendes gemacht:

1. defogger installiert und gestartet, ging problemlos.

2. OTL

Hier die Dateien

OTL logfile created on: 18.09.2012 12:53:52 - Run 1
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Dinchen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,09% Memory free
6,13 Gb Paging File | 4,69 Gb Available in Paging File | 76,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 449,30 Gb Total Space | 376,98 Gb Free Space | 83,90% Space Free | Partition Type: NTFS

Computer Name: DINCHEN-PC | User Name: Dinchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.18 12:52:42 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Dinchen\Desktop\OTL.exe
PRC - [2012.08.30 19:53:41 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.08.30 19:52:40 | 000,722,528 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dinchen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.18 22:19:09 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgtray.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010.02.11 17:44:57 | 000,349,640 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\bin\IncMail.exe
PRC - [2010.02.11 17:44:56 | 000,247,240 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\bin\ImApp.exe
PRC - [2009.08.22 16:32:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe
PRC - [2009.08.22 16:32:45 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe
PRC - [2009.08.22 16:32:28 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe
PRC - [2009.08.22 16:32:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
PRC - [2009.08.22 16:32:09 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe
PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.04.15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.04.15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2009.04.13 16:20:08 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.04.13 16:20:00 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.04.13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.04.13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.03.26 20:38:38 | 000,305,448 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.03.26 20:38:28 | 000,345,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.03.25 11:33:50 | 003,560,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\PdtWzd.exe
PRC - [2009.03.25 11:33:50 | 003,444,224 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\BASVC.exe
PRC - [2009.03.25 11:33:40 | 003,353,600 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.05 09:42:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.02.11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.12.02 09:19:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.16 15:12:32 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.30 19:53:41 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.08.30 19:52:43 | 000,564,832 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012.08.30 19:52:41 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.02.11 17:45:00 | 000,071,112 | ---- | M] () -- C:\Programme\IncrediMail\bin\wlessfp1.dll
MOD - [2010.02.11 17:44:58 | 000,255,432 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImLookExU.dll
MOD - [2010.02.11 17:44:57 | 000,132,552 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImComUtlU.dll
MOD - [2010.02.11 17:44:57 | 000,079,304 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImAppRU.dll
MOD - [2009.04.13 16:20:12 | 000,877,864 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.04.13 16:20:06 | 000,013,096 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2009.04.13 11:09:00 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.09.06 20:35:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.08.30 19:52:40 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.22 16:32:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009.08.22 16:32:09 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009.04.13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.26 20:38:38 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.03.25 11:33:50 | 003,444,224 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Programme\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.01.21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2012.09.18 12:32:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.08.30 19:52:41 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.08.22 16:32:46 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.08.22 16:32:46 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.07.21 21:12:01 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.03.11 19:34:00 | 000,055,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.11 19:33:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.01.21 07:03:00 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.11.11 18:16:38 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.11.11 18:16:38 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.11.11 18:16:38 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 14:25:24 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=880d53a40000000000000022fa274d5c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE338&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=ONX8fOldab8R3Jxssc2QCg2Bcns?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={207870CE-8BFD-41B9-8829-850487286418}&mid=172cc276c55ea7b2191bd377504f5970-0735c1d6e10e2762dc2f540a5e08dcd2b3089b0d&lang=de&ds=AVG&pr=fr&d=2011-12-03 18:14:30&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dinchen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.08.30 19:52:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.11 01:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.06 20:13:27 | 000,000,000 | ---D | M]

[2012.09.06 20:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.08 15:26:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.06 20:13:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.06.16 19:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 19:53:41 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.07 15:56:15 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.06.16 19:33:35 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.16 19:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.16 19:33:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.16 19:33:36 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - Extension: SiteAdvisor = \Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1\
CHR - Extension: SiteAdvisor = \Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Dinchen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.klaudia-und-sascha.de/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CA84E0-025B-4CD5-B5C4-E1244BA38AED}: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Dinchen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dinchen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c5f17e4-d6a3-11e1-9e27-00238bce299a}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5f17e4-d6a3-11e1-9e27-00238bce299a}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{3e506ddb-9bbb-11df-ab04-00238bce299a}\Shell - "" = AutoRun
O33 - MountPoints2\{3e506ddb-9bbb-11df-ab04-00238bce299a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{eaaafac8-369a-11e0-949e-00238bce299a}\Shell - "" = AutoRun
O33 - MountPoints2\{eaaafac8-369a-11e0-949e-00238bce299a}\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.18 12:32:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.06 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.06 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.06 21:09:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 21:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.06 20:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.06 20:14:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.06 20:14:43 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012.09.06 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ywdhofafskfsjhe
[2012.08.30 19:52:41 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.18 12:55:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job
[2012.09.18 12:51:44 | 000,000,000 | ---- | M] () -- C:\Users\Dinchen\defogger_reenable
[2012.09.18 12:43:44 | 000,245,777 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.18 12:43:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.18 12:43:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 12:43:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 12:43:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.18 12:43:08 | 3182,362,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.18 12:32:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.18 12:32:00 | 057,824,586 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.09.13 14:43:36 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.11 21:55:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job
[2012.09.10 13:57:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.10 13:57:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.10 13:57:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.10 13:57:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.06 21:09:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.06 20:35:30 | 000,245,777 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.06 19:55:07 | 003,653,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.06 15:01:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\dsdebiyskdmnkuo
[2012.08.30 19:52:41 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.18 12:51:44 | 000,000,000 | ---- | C] () -- C:\Users\Dinchen\defogger_reenable
[2012.09.18 12:29:47 | 3182,362,624 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.18 12:29:47 | 3182,362,624 | -HS- | C] () -- \hiberfil.sys
[2012.09.06 21:09:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.06 15:01:33 | 000,000,051 | ---- | C] () -- C:\ProgramData\dsdebiyskdmnkuo
[2012.07.07 15:56:34 | 000,000,249 | ---- | C] () -- \user.js
[2012.06.05 21:41:21 | 000,719,596 | ---- | C] () -- C:\Users\Dinchen\1471-2482-11-24.pdf
[2012.06.05 21:28:46 | 000,217,714 | ---- | C] () -- C:\Users\Dinchen\Cosmesis and body image after laparoscopic-assisted and open ileocolic resection for Crohn's disease..pdf
[2012.02.24 13:18:34 | 000,003,213 | ---- | C] () -- C:\Windows\GWS.INI
[2011.03.02 22:30:17 | 000,000,081 | ---- | C] () -- C:\Users\Dinchen\CTX.DAT
[2011.02.13 11:54:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.18 18:17:43 | 000,001,091 | ---- | C] () -- C:\Windows\disney.ini
[2011.01.18 18:17:37 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011.01.18 18:17:37 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2010.11.14 13:36:32 | 000,093,384 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.07.22 01:28:59 | 000,245,777 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.12 15:59:36 | 000,245,777 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.12 15:46:58 | 000,000,020 | ---- | C] () -- \Medion.ini
[2009.05.22 09:03:53 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009.05.22 09:03:51 | 000,333,203 | RHS- | C] () -- \bootmgr
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2011.12.20 12:37:12 | 000,000,090 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2012.01.07 12:47:12 | 000,000,088 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt
[2011.12.27 16:12:10 | 000,000,090 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[3].txt
[2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar
[2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\chrome
[2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\components
[2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\locale
[2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\modules
[2010.02.15 12:16:38 | 000,000,136 | ---- | M] () -- C:\Windows\Temp\Cookies\dinchen@mcafee[2].txt
[2010.10.15 15:48:59 | 000,002,048 | -HS- | M] () -- C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\@
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012.09.11 21:55:05 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job
[2012.09.18 12:55:00 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job
[2012.09.11 22:16:18 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914

< End of report >

OTL Extras logfile created on: 18.09.2012 12:53:52 - Run 1
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Dinchen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,09% Memory free
6,13 Gb Paging File | 4,69 Gb Available in Paging File | 76,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 449,30 Gb Total Space | 376,98 Gb Free Space | 83,90% Space Free | Partition Type: NTFS

Computer Name: DINCHEN-PC | User Name: Dinchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18899628-E238-4959-B458-1AE3F92DE2C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20C41E65-CFED-4562-9184-38269D2DA9EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2499D8F5-6AE3-4E0A-B670-60C8D0D643CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{42E9F830-7C47-46B8-ACD6-DCF91D3043D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B71EBC4-1FF3-48DE-A3A5-5DB76E24EEEC}" = lport=445 | protocol=6 | dir=in | app=system |
"{64EFEA13-CB4A-4EB0-B9A0-4B725D2997D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{66399142-8B8E-4AF5-BDB8-EF60F33A12F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF71558F-F50C-4F5A-88FF-777CA18EFA17}" = rport=138 | protocol=17 | dir=out | app=system |
"{B943E45E-D952-41FA-B0E3-B084F105D09B}" = rport=139 | protocol=6 | dir=out | app=system |
"{D86E7B11-FFC6-4701-B2E5-E4C2C8FB3A4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{E72C53CC-3929-49F1-B948-6710AFB7E4AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{FF5F4E96-3721-4F10-AA37-F2704D961F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BFB00C-19F7-4827-A333-80666E700EC2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{071A8094-D970-4CA3-8B92-DA8A6CCFBF53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C753FBE-D123-4C07-8005-FEC0C220E229}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1CEFDDE2-EBC5-4193-84F2-4775989E7100}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{234E5443-E093-4507-88CD-642F99A9A659}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23F4B866-A69C-4933-9AA1-FB8F7D79F8C7}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{2874264A-7D69-49FF-985A-32DF51905224}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{299E75F2-0DA3-4321-9EE6-38CF946DB9EF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{36F646CA-58F6-4E63-A3D5-AEC4B7DE8410}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4596D15B-02ED-4C1A-991C-AC49A7929459}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{46A89B9B-D7E2-4A02-B51C-EE9DAB24A111}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EEC9E4E-7B47-4F29-A799-46B63C46B30B}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{5221B812-AFC4-4E51-82F8-15861FECE4D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69ED492E-5D48-4986-992D-C86D90070A19}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{6C262C0F-D6CB-4B8F-8328-555B572A01E5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{7B8A714C-CABF-4373-B6CE-CAE958CAD087}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7CCAD52E-BC7F-4AB7-B54D-8E8BB15F8CDA}" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D86C00B-1D35-4E3F-8F14-D80CB4ABD205}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A9BC726-3A5F-43B6-BC92-2235798DCAF7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DAE819F-8726-443A-976A-04723812D0C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A451472-5B50-47DC-A5C7-FAFB8BBD5496}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A10BF91A-6628-4F4C-B705-D2DB41F58884}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A5D47474-3664-4A73-A76B-AA20A359C1F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B849AD0B-DD2A-4D9A-8B0B-7C6AE3D20936}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{C3EC4F75-F6FC-4570-B630-9B902B3BEB29}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D3893BF0-B54A-4DE7-A6BE-C64440E0ACEB}" = dir=in | app=c:\users\dinchen\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D4833A81-97CA-460E-987E-0160FABD4732}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DA5FC70D-7383-49B2-9A1A-633C529ADE5B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{DD58AA59-8CEA-4FEC-9820-D4C989339692}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{ECCE9CC8-9A1D-43B0-92C2-850575013694}" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe |
"{F55F5892-39C9-48E6-9FCE-8D56811D7A98}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{03A3A7B7-CF1B-4BDE-9153-6736B5824326}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe |
"TCP Query User{1A035366-4C8F-438C-ADDC-DAB72985E6DA}C:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{22F68744-D650-48A6-A2C4-C7225D3A7B94}C:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6F94A090-9416-4ABF-8C0B-225B09C5F5AF}C:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe |
"TCP Query User{80492050-56F9-43E9-A129-0D28CCD54BCB}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe |
"TCP Query User{92A7B7BF-F175-4AE1-81F3-E4B477C7DA10}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{95032E46-5C7C-41BC-BD29-E5C169AE7267}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{DE350C2E-0304-479D-8D08-3446B5490182}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0CE8075E-E724-4677-8D95-E267CAD01BEF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2C9AC6DD-0F8E-4A4A-AF8D-0867CB74B079}C:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5B3AAE4C-F6B5-43FC-A675-06A1229D729B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6920DC22-5A12-4C90-A49C-CDA34BE6FC99}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{721F9C9C-A3E0-4C30-9D70-532CD5E61A81}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7E238CC2-D2DF-4349-93EB-E668C12FF080}C:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe |
"UDP Query User{9781BADF-90CC-4792-8D60-4C563F3726F0}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BD2AD599-1069-4D11-A4E3-873759715184}C:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A20B067C-8A58-44BF-9FC7-11E92D916AD2}" = Nuvoton CIR Device Drivers
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.72.108
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"BabylonToolbar" = Babylon toolbar on IE
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediMail" = IncrediMail 2.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"PhotoMail" = PhotoMail Maker
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.05.2011 21:03:56 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17276096

Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17277173

Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17277173

Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17278280

Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17278280

Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17279388

Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17279388

[ OSession Events ]
Error - 05.01.2012 20:31:11 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 133055
seconds with 960 seconds of active time. This session ended with a crash.

Error - 15.07.2012 17:11:14 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40815
seconds with 780 seconds of active time. This session ended with a crash.

Error - 25.07.2012 03:56:47 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51395
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 25.07.2012 04:18:40 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1297
seconds with 300 seconds of active time. This session ended with a crash.

Error - 29.07.2012 16:22:29 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 428
seconds with 60 seconds of active time. This session ended with a crash.

Error - 02.08.2012 07:02:28 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 869
seconds with 360 seconds of active time. This session ended with a crash.

Error - 20.08.2012 11:08:07 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82051
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18.09.2012 06:29:52 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.09.2012 um 20:55:47 unerwartet heruntergefahren.

Error - 18.09.2012 06:29:54 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016
Description =

Error - 18.09.2012 06:36:46 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.09.2012 um 12:33:36 unerwartet heruntergefahren.

Error - 18.09.2012 06:36:49 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016
Description =

Error - 18.09.2012 06:43:13 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.09.2012 um 12:41:09 unerwartet heruntergefahren.

Error - 18.09.2012 06:43:16 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016
Description =


< End of report >




GMER Datei folgt. PC hängt sich ständig auf.


ich hoffe, Ihr könnt mir helfen!

Vielen Dank

Alt 18.09.2012, 13:51   #2
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Zitat:
Vor ca. 1 Woche habe ich mir diesen Bundespolizei Trojaner eingefangen. Draufhin habe ich Malwarebytes drüber laufen lassen und der Pc geht jetzt zumindest wieder an. Bei Malwarebytes wurden insgesamt 8 infizierte Datein gefunden und diese wurden wenn ich mich recht erinnere in die Quarantäne geschoben.
Und wo ist das Log dieses Scans? Das brauchen wir, um unser weiteres Vorgehen planen zu können. Ansonsten müssen wir die Kristallkugel befragen...
__________________

__________________

Alt 18.09.2012, 15:15   #3
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Oh sorry! Muss ich überlesen haben, dass Ihr das auch braucht..

Hier dann mal die Log Daten des Malwarebytes Durchlaufes


1.

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Dinchen :: DINCHEN-PC [Administrator]

Schutz: Aktiviert

07.09.2012 21:35:29
mbam-log-2012-09-07 (21-35-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 46886
Laufzeit: 3 Minute(n), 27 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dbfbaqsr.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2.

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Dinchen :: DINCHEN-PC [Administrator]

Schutz: Aktiviert

07.09.2012 21:42:50
mbam-log-2012-09-07 (21-42-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221274
Laufzeit: 12 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Dinchen\0.2690011122474091.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Roaming\Adobe\plugs\mmc19.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Roaming\Adobe\plugs\mmc195.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3.

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Dinchen :: DINCHEN-PC [Administrator]

Schutz: Aktiviert

11.09.2012 19:59:00
mbam-log-2012-09-11 (19-59-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 157885
Laufzeit: 2 Stunde(n), 14 Minute(n), 7 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\n (Trojan.Agent.BVXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\00000004.@ (Rootkit.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

4.

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19088
Dinchen :: DINCHEN-PC [Administrator]

Schutz: Deaktiviert

17.09.2012 17:39:58
mbam-log-2012-09-17 (17-39-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411976
Laufzeit: 1 Stunde(n), 6 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

5.

012/09/06 21:09:55 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:09:59 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 21:10:02 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:14:31 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:21:37 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:21:40 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 21:21:43 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:21:45 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting database refresh
2012/09/06 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Stopping IP protection
2012/09/06 21:22:42 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection stopped
2012/09/06 21:22:46 +0200 DINCHEN-PC Dinchen MESSAGE Database refreshed successfully
2012/09/06 21:22:46 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:22:49 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 21:22:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 51324, Process: explorer.exe)
2012/09/06 21:29:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:29:11 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 21:29:14 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:29:17 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 21:29:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:29:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:29:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.136.197.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.68.232.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:30:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.57.55.252 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 71.228.235.239 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 195.3.145.57 (Type: outgoing, Port: 63346, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:35:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:38:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.240.162.5 (Type: outgoing, Port: 51962, Process: explorer.exe)
2012/09/06 21:44:46 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:44:49 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 21:44:52 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:44:55 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 21:45:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:45:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe)
2012/09/06 21:51:07 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 21:51:10 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 21:51:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 21:51:17 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 21:51:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:51:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:51:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:51:53 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:54:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:54:11 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:54:11 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:55:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:56:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:56:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:58:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:58:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:58:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:00:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:00:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:00:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:02:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:02:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:03:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:04:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:06:46 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:07:02 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:07:02 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:38 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:08:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:11:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:11:19 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:11:19 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:12:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:13:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:13:13 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:15:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:15:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:15:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:16:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:17:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:17:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:17:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:19:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:19:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:19:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:20:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:20:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:21:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:23:49 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:24:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:24:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:25:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:28:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:28:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:28:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:30:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:30:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:30:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:32:25 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:32:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:33:46 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe)
2012/09/06 22:48:03 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/06 22:48:06 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/06 22:48:09 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/06 22:48:12 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/06 22:48:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 54749, Process: explorer.exe)
2012/09/06 22:48:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 54749, Process: explorer.exe)
2012/09/06 22:49:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 49693, Process: avgnsx.exe)
2012/09/06 22:49:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 49715, Process: avgnsx.exe)
2012/09/06 22:49:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 64.111.214.2 (Type: outgoing, Port: 49778, Process: avgnsx.exe)

6.

2012/09/07 20:37:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 20:37:04 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/07 20:37:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/07 20:37:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/07 20:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.68.232.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:38:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.73.56.250 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 173.21.136.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:16 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/07 20:39:25 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.110.129.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:49 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.110.129.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Scheduled update executed successfully: database updated from version v2012.09.06.11 to version v2012.09.07.11
2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Starting database refresh
2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Stopping IP protection
2012/09/07 20:39:56 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection stopped
2012/09/07 20:39:59 +0200 DINCHEN-PC Dinchen MESSAGE Database refreshed successfully
2012/09/07 20:39:59 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/07 20:40:03 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/07 20:40:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:40:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:29 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe)
2012/09/07 20:55:03 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 21:22:45 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/07 21:35:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 21:35:16 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/07 21:35:19 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/07 21:35:22 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/07 21:36:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:36:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:36:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:36:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:37:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:38:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:39:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:39:13 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe)
2012/09/07 21:42:48 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 21:42:51 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/07 21:42:54 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/07 21:42:57 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/07 21:59:38 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/07 21:59:41 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/07 21:59:44 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/07 21:59:47 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

7.

2012/09/08 11:43:57 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/08 11:44:03 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/08 11:44:03 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/08 11:44:05 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0
2012/09/08 11:44:06 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/08 11:44:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/08 11:49:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/08 11:49:53 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/08 11:49:56 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/08 11:49:58 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully


8.

2012/09/09 16:18:02 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/09 16:18:05 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/09 16:18:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/09 16:18:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/09 16:25:33 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/09 16:25:35 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/09 16:25:35 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0
2012/09/09 16:25:37 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/09 16:25:40 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/09 16:25:43 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

9.

2012/09/10 13:55:09 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/10 13:55:13 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/10 13:55:17 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/10 13:55:20 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

10.

2012/09/11 18:36:26 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/11 18:36:27 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/11 18:36:31 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/11 18:36:31 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0
2012/09/11 18:43:06 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/11 18:43:09 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/11 18:43:12 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/11 18:43:14 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/11 18:49:15 +0200 DINCHEN-PC Dinchen DETECTION C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\80000000.@ Trojan.Small QUARANTINE
2012/09/11 19:46:28 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/11 19:46:31 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/11 19:46:34 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/11 19:46:37 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/11 22:19:38 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/11 22:19:42 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/11 22:19:45 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/11 22:19:48 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/11 23:25:21 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/11 23:25:23 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0

11.

2012/09/12 18:58:05 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/12 18:58:09 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully

12.

2012/09/13 14:27:49 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/13 14:27:50 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/13 14:27:51 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0
2012/09/13 14:27:53 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/13 14:27:56 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/13 14:28:00 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

13.

2012/09/16 08:50:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/16 08:50:14 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/16 08:50:16 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0
2012/09/16 08:50:18 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/16 21:50:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/16 21:50:16 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/16 21:50:19 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/16 21:50:22 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

14.

2012/09/18 12:32:12 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/18 12:32:18 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/18 12:32:18 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily
2012/09/18 12:32:21 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/18 12:32:24 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/18 12:40:17 +0200 DINCHEN-PC Medi MESSAGE Starting protection
2012/09/18 12:45:33 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/18 12:45:37 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/18 12:45:40 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/18 12:45:43 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/18 15:52:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/18 15:52:44 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/18 15:52:47 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/18 15:52:50 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/18 15:57:04 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully
2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection
2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully
2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection
2012/09/18 16:03:53 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully

So, ich hoffe ich hab das richtige kopiert. Vielen Dank fürs anschauen!
__________________

Alt 18.09.2012, 15:17   #4
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Gmer


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 20.09.2012, 18:33   #5
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo,

leider klappt das mit dem GMER nicht. Der Scan läuft, und irgendwann hängt der PC sich auf. Gestern ist der Scan fast bis zum Schluss gelaufen, vermute ich zumindest mal. Immerhin ist das Programm bis zum Verzeichnis Windows/System gekommen. Das war das Weiteste.

Ich habe mich an alles gehalten. Virenprogramme und alle Programme sind aus. Ich mache nichts am PC, und es funktioniert trotzdem nicht.


Alt 21.09.2012, 07:37   #6
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Dann mach stattdessen das hier:


Schritt 1: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
--> Trojaner Bundespolizei: Pc hängt sich ständig auf

Alt 23.09.2012, 18:52   #7
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Endlich, geschafft. Und das mit nur einmal Aufhängen.

Hier die asw-Datei:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 19:09:40
-----------------------------
19:09:40.414 OS Version: Windows 6.0.6001 Service Pack 1
19:09:40.429 Number of processors: 2 586 0x170A
19:09:40.429 ComputerName: DINCHEN-PC UserName: Medi
19:10:07.994 Initialize success
19:12:40.770 AVAST engine defs: 12092300
19:13:02.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:13:02.517 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:13:02.532 Disk 0 MBR read successfully
19:13:02.548 Disk 0 MBR scan
19:13:02.548 Disk 0 unknown MBR code
19:13:02.564 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
19:13:02.579 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 460083 MB offset 27265024
19:13:02.610 Disk 0 Partition 3 00 12 Compaq diag NTFS 3543 MB offset 969515008
19:13:02.626 Disk 0 scanning sectors +976771072
19:13:02.688 Disk 0 scanning C:\Windows\system32\drivers
19:13:13.203 Service scanning
19:13:35.542 Modules scanning
19:13:40.004 Disk 0 trace - called modules:
19:13:40.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:13:40.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86606ac8]
19:13:40.050 3 CLASSPNP.SYS[8ab9e745] -> nt!IofCallDriver -> [0x8607cc60]
19:13:40.050 5 acpi.sys[806986a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85add028]
19:13:42.765 AVAST engine scan C:\Windows
19:13:47.601 AVAST engine scan C:\Windows\system32
19:16:47.299 AVAST engine scan C:\Windows\system32\drivers
19:17:03.961 AVAST engine scan C:\Users\Medi
19:18:13.677 AVAST engine scan C:\ProgramData
19:21:38.350 Scan finished successfully
19:44:15.889 Disk 0 MBR has been saved successfully to "C:\Users\Medi\Desktop\MBR.dat"
19:44:15.905 The log file has been saved successfully to "C:\Users\Medi\Desktop\aswMBR.txt"

Und hier die TDSS-Killer:

19:44:50.0450 3056 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:44:50.0684 3056 ============================================================
19:44:50.0684 3056 Current date / time: 2012/09/23 19:44:50.0684
19:44:50.0684 3056 SystemInfo:
19:44:50.0684 3056
19:44:50.0684 3056 OS Version: 6.0.6001 ServicePack: 1.0
19:44:50.0684 3056 Product type: Workstation
19:44:50.0684 3056 ComputerName: DINCHEN-PC
19:44:50.0684 3056 UserName: Medi
19:44:50.0684 3056 Windows directory: C:\Windows
19:44:50.0684 3056 System windows directory: C:\Windows
19:44:50.0684 3056 Processor architecture: Intel x86
19:44:50.0684 3056 Number of processors: 2
19:44:50.0684 3056 Page size: 0x1000
19:44:50.0684 3056 Boot type: Normal boot
19:44:50.0684 3056 ============================================================
19:44:51.0120 3056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:44:51.0152 3056 ============================================================
19:44:51.0152 3056 \Device\Harddisk0\DR0:
19:44:51.0152 3056 MBR partitions:
19:44:51.0152 3056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x38299800
19:44:51.0152 3056 ============================================================
19:44:51.0183 3056 C: <-> \Device\Harddisk0\DR0\Partition1
19:44:51.0183 3056 ============================================================
19:44:51.0183 3056 Initialize success
19:44:51.0183 3056 ============================================================
19:46:09.0822 5776 ============================================================
19:46:09.0822 5776 Scan started
19:46:09.0822 5776 Mode: Manual; TDLFS;
19:46:09.0822 5776 ============================================================
19:46:10.0041 5776 ================ Scan system memory ========================
19:46:10.0041 5776 System memory - ok
19:46:10.0041 5776 ================ Scan services =============================
19:46:10.0212 5776 acedrv11 - ok
19:46:10.0244 5776 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
19:46:10.0244 5776 ACPI - ok
19:46:10.0275 5776 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:46:10.0275 5776 adp94xx - ok
19:46:10.0306 5776 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:46:10.0322 5776 adpahci - ok
19:46:10.0337 5776 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:46:10.0337 5776 adpu160m - ok
19:46:10.0353 5776 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:46:10.0368 5776 adpu320 - ok
19:46:10.0400 5776 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:46:10.0400 5776 AeLookupSvc - ok
19:46:10.0446 5776 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:46:10.0462 5776 AFD - ok
19:46:10.0524 5776 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
19:46:10.0524 5776 AgereModemAudio - ok
19:46:10.0556 5776 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:46:10.0571 5776 AgereSoftModem - ok
19:46:10.0618 5776 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:46:10.0618 5776 agp440 - ok
19:46:10.0665 5776 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:46:10.0665 5776 aic78xx - ok
19:46:10.0868 5776 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:46:10.0868 5776 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:46:10.0868 5776 Akamai ( HiddenFile.Multi.Generic ) - warning
19:46:10.0868 5776 Akamai - detected HiddenFile.Multi.Generic (1)
19:46:10.0961 5776 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\drivers\AlfaFF.sys
19:46:10.0961 5776 AlfaFF - ok
19:46:10.0992 5776 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:46:10.0992 5776 ALG - ok
19:46:11.0024 5776 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:46:11.0024 5776 aliide - ok
19:46:11.0070 5776 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:46:11.0070 5776 amdagp - ok
19:46:11.0086 5776 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:46:11.0086 5776 amdide - ok
19:46:11.0102 5776 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:46:11.0102 5776 AmdK7 - ok
19:46:11.0117 5776 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:46:11.0117 5776 AmdK8 - ok
19:46:11.0148 5776 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:46:11.0164 5776 Appinfo - ok
19:46:11.0226 5776 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:46:11.0226 5776 Apple Mobile Device - ok
19:46:11.0258 5776 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:46:11.0258 5776 arc - ok
19:46:11.0289 5776 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:46:11.0289 5776 arcsas - ok
19:46:11.0304 5776 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:11.0304 5776 AsyncMac - ok
19:46:11.0320 5776 [ 0FD275041F8B2197EE964361B4192A18 ] atapi C:\Windows\system32\drivers\atapi.sys
19:46:11.0320 5776 atapi - ok
19:46:11.0351 5776 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:11.0351 5776 AudioEndpointBuilder - ok
19:46:11.0367 5776 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:46:11.0382 5776 Audiosrv - ok
19:46:11.0507 5776 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
19:46:11.0507 5776 AVG Security Toolbar Service - ok
19:46:11.0554 5776 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe
19:46:11.0585 5776 avg8emc - ok
19:46:11.0648 5776 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
19:46:11.0648 5776 avg8wd - ok
19:46:11.0710 5776 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys
19:46:11.0726 5776 AvgLdx86 - ok
19:46:11.0741 5776 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys
19:46:11.0741 5776 AvgMfx86 - ok
19:46:11.0772 5776 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys
19:46:11.0772 5776 AvgTdiX - ok
19:46:11.0850 5776 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
19:46:11.0850 5776 avgtp - ok
19:46:11.0913 5776 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:46:11.0913 5776 Beep - ok
19:46:11.0944 5776 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:46:11.0944 5776 BFE - ok
19:46:11.0975 5776 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:46:11.0975 5776 blbdrive - ok
19:46:12.0053 5776 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:46:12.0069 5776 Bonjour Service - ok
19:46:12.0131 5776 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:46:12.0131 5776 bowser - ok
19:46:12.0162 5776 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:46:12.0162 5776 BrFiltLo - ok
19:46:12.0194 5776 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:46:12.0194 5776 BrFiltUp - ok
19:46:12.0209 5776 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:46:12.0209 5776 Browser - ok
19:46:12.0256 5776 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:46:12.0256 5776 Brserid - ok
19:46:12.0272 5776 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:46:12.0272 5776 BrSerWdm - ok
19:46:12.0287 5776 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:46:12.0303 5776 BrUsbMdm - ok
19:46:12.0303 5776 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:46:12.0303 5776 BrUsbSer - ok
19:46:12.0318 5776 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:46:12.0318 5776 BTHMODEM - ok
19:46:12.0381 5776 [ B6C870EE321AA8678198EA003DCFBB02 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:46:12.0412 5776 btwdins - ok
19:46:12.0428 5776 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:46:12.0428 5776 cdfs - ok
19:46:12.0459 5776 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:46:12.0459 5776 cdrom - ok
19:46:12.0490 5776 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:46:12.0490 5776 CertPropSvc - ok
19:46:12.0490 5776 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:46:12.0506 5776 circlass - ok
19:46:12.0521 5776 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
19:46:12.0521 5776 CLFS - ok
19:46:12.0584 5776 [ D8E2AF3D5BAA4C683F14C5774B2CD99A ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
19:46:12.0584 5776 CLHNService - ok
19:46:12.0662 5776 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:12.0662 5776 clr_optimization_v2.0.50727_32 - ok
19:46:12.0771 5776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:12.0771 5776 clr_optimization_v4.0.30319_32 - ok
19:46:12.0802 5776 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:12.0802 5776 CmBatt - ok
19:46:12.0833 5776 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:46:12.0833 5776 cmdide - ok
19:46:12.0864 5776 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:46:12.0864 5776 Compbatt - ok
19:46:12.0864 5776 COMSysApp - ok
19:46:12.0896 5776 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:46:12.0896 5776 crcdisk - ok
19:46:12.0927 5776 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:46:12.0927 5776 Crusoe - ok
19:46:12.0974 5776 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:46:12.0974 5776 CryptSvc - ok
19:46:13.0005 5776 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
19:46:13.0005 5776 CVirtA - ok
19:46:13.0161 5776 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:46:13.0192 5776 CVPND - ok
19:46:13.0239 5776 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:46:13.0239 5776 CVPNDRVA - ok
19:46:13.0301 5776 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:46:13.0317 5776 DcomLaunch - ok
19:46:13.0364 5776 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:46:13.0364 5776 DfsC - ok
19:46:13.0442 5776 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:46:13.0473 5776 DFSR - ok
19:46:13.0520 5776 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:46:13.0520 5776 Dhcp - ok
19:46:13.0535 5776 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:46:13.0535 5776 disk - ok
19:46:13.0582 5776 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
19:46:13.0582 5776 DKbFltr - ok
19:46:13.0644 5776 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
19:46:13.0644 5776 DNE - ok
19:46:13.0691 5776 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:46:13.0691 5776 Dnscache - ok
19:46:13.0722 5776 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:46:13.0722 5776 dot3svc - ok
19:46:13.0754 5776 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:46:13.0754 5776 DPS - ok
19:46:13.0800 5776 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:46:13.0800 5776 drmkaud - ok
19:46:13.0832 5776 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:46:13.0847 5776 DXGKrnl - ok
19:46:13.0863 5776 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:46:13.0863 5776 E1G60 - ok
19:46:13.0894 5776 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:46:13.0894 5776 EapHost - ok
19:46:13.0941 5776 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:46:13.0941 5776 Ecache - ok
19:46:13.0988 5776 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:46:13.0988 5776 ehRecvr - ok
19:46:14.0003 5776 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:46:14.0003 5776 ehSched - ok
19:46:14.0019 5776 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:46:14.0019 5776 ehstart - ok
19:46:14.0066 5776 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:46:14.0081 5776 elxstor - ok
19:46:14.0128 5776 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:46:14.0144 5776 EMDMgmt - ok
19:46:14.0222 5776 [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
19:46:14.0237 5776 ePowerSvc - ok
19:46:14.0268 5776 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:46:14.0268 5776 ErrDev - ok
19:46:14.0300 5776 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:46:14.0300 5776 EventSystem - ok
19:46:14.0346 5776 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:46:14.0346 5776 exfat - ok
19:46:14.0362 5776 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:46:14.0362 5776 fastfat - ok
19:46:14.0378 5776 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:46:14.0393 5776 fdc - ok
19:46:14.0409 5776 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:46:14.0409 5776 fdPHost - ok
19:46:14.0424 5776 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:46:14.0424 5776 FDResPub - ok
19:46:14.0456 5776 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:46:14.0456 5776 FileInfo - ok
19:46:14.0487 5776 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:46:14.0487 5776 Filetrace - ok
19:46:14.0502 5776 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:14.0502 5776 flpydisk - ok
19:46:14.0534 5776 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:46:14.0534 5776 FltMgr - ok
19:46:14.0612 5776 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:14.0612 5776 FontCache3.0.0.0 - ok
19:46:14.0627 5776 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:46:14.0643 5776 Fs_Rec - ok
19:46:14.0658 5776 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:46:14.0658 5776 gagp30kx - ok
19:46:14.0674 5776 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:46:14.0674 5776 GEARAspiWDM - ok
19:46:14.0768 5776 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:46:14.0768 5776 GoogleDesktopManager-051210-111108 - ok
19:46:14.0799 5776 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:46:14.0830 5776 gpsvc - ok
19:46:14.0877 5776 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca0dc76fc8fc00 C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:14.0892 5776 gupdate1ca0dc76fc8fc00 - ok
19:46:14.0892 5776 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:14.0892 5776 gupdatem - ok
19:46:14.0939 5776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:14.0939 5776 gusvc - ok
19:46:14.0986 5776 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:46:14.0986 5776 HdAudAddService - ok
19:46:15.0002 5776 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:15.0002 5776 HDAudBus - ok
19:46:15.0033 5776 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:46:15.0033 5776 HidBth - ok
19:46:15.0064 5776 [ 5A87127718873BD7F3BD7AC42B951D8E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:46:15.0064 5776 HidIr - ok
19:46:15.0095 5776 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
19:46:15.0095 5776 hidserv - ok
19:46:15.0126 5776 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:46:15.0126 5776 HidUsb - ok
19:46:15.0142 5776 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:46:15.0158 5776 hkmsvc - ok
19:46:15.0173 5776 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:46:15.0173 5776 HpCISSs - ok
19:46:15.0204 5776 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:46:15.0220 5776 HTTP - ok
19:46:15.0236 5776 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:46:15.0236 5776 i2omp - ok
19:46:15.0267 5776 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:15.0267 5776 i8042prt - ok
19:46:15.0345 5776 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:46:15.0360 5776 IAANTMON - ok
19:46:15.0392 5776 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:46:15.0392 5776 iaStor - ok
19:46:15.0423 5776 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:46:15.0423 5776 iaStorV - ok
19:46:15.0501 5776 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:46:15.0532 5776 idsvc - ok
19:46:15.0672 5776 [ DDEC2C42258A32B6F4AFE6C7A935244D ] IGBASVC C:\Program Files\Acer Bio Protection\BASVC.exe
19:46:15.0750 5776 IGBASVC - ok
19:46:15.0782 5776 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:46:15.0782 5776 iirsp - ok
19:46:15.0828 5776 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:46:15.0844 5776 IKEEXT - ok
19:46:15.0860 5776 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys
19:46:15.0860 5776 int15 - ok
19:46:15.0953 5776 [ EB988FC0CACCDE2A67C4854128BAC5E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:46:15.0969 5776 IntcAzAudAddService - ok
19:46:16.0016 5776 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:46:16.0016 5776 intelide - ok
19:46:16.0062 5776 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:46:16.0062 5776 intelppm - ok
19:46:16.0078 5776 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:46:16.0094 5776 IPBusEnum - ok
19:46:16.0109 5776 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:16.0109 5776 IpFilterDriver - ok
19:46:16.0140 5776 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:46:16.0156 5776 iphlpsvc - ok
19:46:16.0156 5776 IpInIp - ok
19:46:16.0187 5776 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:46:16.0187 5776 IPMIDRV - ok
19:46:16.0203 5776 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:46:16.0203 5776 IPNAT - ok
19:46:16.0265 5776 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:46:16.0296 5776 iPod Service - ok
19:46:16.0328 5776 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:46:16.0328 5776 IRENUM - ok
19:46:16.0343 5776 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:46:16.0343 5776 isapnp - ok
19:46:16.0390 5776 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:46:16.0390 5776 iScsiPrt - ok
19:46:16.0406 5776 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:46:16.0406 5776 iteatapi - ok
19:46:16.0468 5776 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:46:16.0468 5776 iteraid - ok
19:46:16.0484 5776 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:16.0484 5776 kbdclass - ok
19:46:16.0499 5776 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:16.0499 5776 kbdhid - ok
19:46:16.0546 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:46:16.0546 5776 KeyIso - ok
19:46:16.0577 5776 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:46:16.0577 5776 KSecDD - ok
19:46:16.0608 5776 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:46:16.0608 5776 KtmRm - ok
19:46:16.0671 5776 [ D2862BF2E43718DBDD24664EF4B6C0F0 ] L1C C:\Windows\system32\DRIVERS\L1C60x86.sys
19:46:16.0671 5776 L1C - ok
19:46:16.0702 5776 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:46:16.0702 5776 LanmanServer - ok
19:46:16.0764 5776 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:46:16.0764 5776 LanmanWorkstation - ok
19:46:16.0796 5776 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:46:16.0796 5776 lltdio - ok
19:46:16.0811 5776 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:46:16.0811 5776 lltdsvc - ok
19:46:16.0827 5776 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:46:16.0827 5776 lmhosts - ok
19:46:16.0858 5776 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:46:16.0858 5776 LSI_FC - ok
19:46:16.0889 5776 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:46:16.0889 5776 LSI_SAS - ok
19:46:16.0905 5776 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:46:16.0905 5776 LSI_SCSI - ok
19:46:16.0920 5776 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:46:16.0920 5776 luafv - ok
19:46:16.0936 5776 massfilter - ok
19:46:16.0983 5776 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:46:16.0983 5776 MBAMProtector - ok
19:46:17.0045 5776 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:46:17.0061 5776 MBAMScheduler - ok
19:46:17.0076 5776 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:46:17.0108 5776 MBAMService - ok
19:46:17.0139 5776 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:46:17.0139 5776 Mcx2Svc - ok
19:46:17.0186 5776 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:46:17.0186 5776 megasas - ok
19:46:17.0232 5776 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:46:17.0232 5776 MegaSR - ok
19:46:17.0264 5776 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:46:17.0264 5776 MMCSS - ok
19:46:17.0295 5776 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:46:17.0295 5776 Modem - ok
19:46:17.0295 5776 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:46:17.0310 5776 monitor - ok
19:46:17.0326 5776 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:46:17.0326 5776 mouclass - ok
19:46:17.0326 5776 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:46:17.0326 5776 mouhid - ok
19:46:17.0342 5776 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:46:17.0342 5776 MountMgr - ok
19:46:17.0388 5776 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:46:17.0388 5776 mpio - ok
19:46:17.0420 5776 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:46:17.0420 5776 mpsdrv - ok
19:46:17.0451 5776 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:46:17.0451 5776 MpsSvc - ok
19:46:17.0482 5776 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:46:17.0482 5776 Mraid35x - ok
19:46:17.0482 5776 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:46:17.0482 5776 MRxDAV - ok
19:46:17.0529 5776 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:17.0529 5776 mrxsmb - ok
19:46:17.0576 5776 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:17.0576 5776 mrxsmb10 - ok
19:46:17.0576 5776 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:17.0576 5776 mrxsmb20 - ok
19:46:17.0607 5776 [ 1544DE2B6A41DE218A679EB59F3C3F50 ] msahci C:\Windows\system32\drivers\msahci.sys
19:46:17.0607 5776 msahci - ok
19:46:17.0622 5776 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:46:17.0622 5776 msdsm - ok
19:46:17.0654 5776 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:46:17.0654 5776 MSDTC - ok
19:46:17.0669 5776 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:46:17.0669 5776 Msfs - ok
19:46:17.0700 5776 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:46:17.0700 5776 msisadrv - ok
19:46:17.0732 5776 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:46:17.0732 5776 MSiSCSI - ok
19:46:17.0732 5776 msiserver - ok
19:46:17.0763 5776 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:46:17.0778 5776 MSKSSRV - ok
19:46:17.0810 5776 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:17.0810 5776 MSPCLOCK - ok
19:46:17.0841 5776 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:46:17.0841 5776 MSPQM - ok
19:46:17.0856 5776 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:46:17.0856 5776 MsRPC - ok
19:46:17.0872 5776 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:17.0872 5776 mssmbios - ok
19:46:17.0903 5776 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:46:17.0903 5776 MSTEE - ok
19:46:17.0919 5776 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:46:17.0919 5776 Mup - ok
19:46:17.0950 5776 [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:46:17.0950 5776 mwlPSDFilter - ok
19:46:17.0966 5776 [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:46:17.0966 5776 mwlPSDNServ - ok
19:46:17.0981 5776 [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:46:17.0981 5776 mwlPSDVDisk - ok
19:46:18.0028 5776 [ E71AEEE54F8F0739C85E8F58F2A8280C ] MWLService C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
19:46:18.0028 5776 MWLService - ok
19:46:18.0059 5776 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:46:18.0075 5776 napagent - ok
19:46:18.0090 5776 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:46:18.0090 5776 NativeWifiP - ok
19:46:18.0122 5776 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:46:18.0137 5776 NDIS - ok
19:46:18.0153 5776 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:18.0153 5776 NdisTapi - ok
19:46:18.0168 5776 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:18.0168 5776 Ndisuio - ok
19:46:18.0200 5776 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:18.0200 5776 NdisWan - ok
19:46:18.0200 5776 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:46:18.0200 5776 NDProxy - ok
19:46:18.0215 5776 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:46:18.0215 5776 NetBIOS - ok
19:46:18.0231 5776 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:46:18.0231 5776 netbt - ok
19:46:18.0246 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:46:18.0246 5776 Netlogon - ok
19:46:18.0293 5776 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:46:18.0293 5776 Netman - ok
19:46:18.0309 5776 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:46:18.0324 5776 netprofm - ok
19:46:18.0356 5776 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:18.0371 5776 NetTcpPortSharing - ok
19:46:18.0496 5776 [ 83F310BF50985F2A52121F2614787C38 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
19:46:18.0512 5776 NETw5v32 - ok
19:46:18.0558 5776 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:46:18.0558 5776 nfrd960 - ok
19:46:18.0574 5776 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:46:18.0590 5776 NlaSvc - ok
19:46:18.0590 5776 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:46:18.0590 5776 Npfs - ok
19:46:18.0605 5776 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:46:18.0605 5776 nsi - ok
19:46:18.0621 5776 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:46:18.0621 5776 nsiproxy - ok
19:46:18.0668 5776 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:46:18.0683 5776 Ntfs - ok
19:46:18.0761 5776 [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
19:46:18.0761 5776 NTI IScheduleSvc - ok
19:46:18.0808 5776 [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:46:18.0808 5776 NTIBackupSvc - ok
19:46:18.0839 5776 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
19:46:18.0839 5776 NTIDrvr - ok
19:46:18.0870 5776 [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:46:18.0870 5776 NTISchedulerSvc - ok
19:46:18.0917 5776 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:46:18.0917 5776 ntrigdigi - ok
19:46:18.0933 5776 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:46:18.0933 5776 Null - ok
19:46:18.0964 5776 [ C228B9678AE777699603A7BA0F4F7FCD ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:46:18.0964 5776 NVHDA - ok
19:46:19.0167 5776 [ 7FAA756FEFDD371745C88F8AE3141F0F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:46:19.0276 5776 nvlddmkm - ok
19:46:19.0307 5776 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:46:19.0307 5776 nvraid - ok
19:46:19.0323 5776 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:46:19.0323 5776 nvstor - ok
19:46:19.0338 5776 [ 4CB7BCA1918EB21BEE0140AC6C69E481 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:46:19.0354 5776 nvsvc - ok
19:46:19.0370 5776 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:46:19.0370 5776 nv_agp - ok
19:46:19.0385 5776 NwlnkFlt - ok
19:46:19.0385 5776 NwlnkFwd - ok
19:46:19.0479 5776 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:46:19.0494 5776 odserv - ok
19:46:19.0541 5776 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:46:19.0541 5776 ohci1394 - ok
19:46:19.0572 5776 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:19.0572 5776 ose - ok
19:46:19.0619 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:46:19.0650 5776 p2pimsvc - ok
19:46:19.0666 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:46:19.0666 5776 p2psvc - ok
19:46:19.0682 5776 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:46:19.0682 5776 Parport - ok
19:46:19.0697 5776 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:46:19.0713 5776 partmgr - ok
19:46:19.0728 5776 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:46:19.0728 5776 Parvdm - ok
19:46:19.0760 5776 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:46:19.0760 5776 PcaSvc - ok
19:46:19.0775 5776 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:46:19.0775 5776 pci - ok
19:46:19.0791 5776 [ 01CD2860A161F3D89C8C63E65B3AD100 ] pciide C:\Windows\system32\drivers\pciide.sys
19:46:19.0791 5776 pciide - ok
19:46:19.0822 5776 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:46:19.0822 5776 pcmcia - ok
19:46:19.0869 5776 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:46:19.0884 5776 PEAUTH - ok
19:46:19.0947 5776 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:46:19.0978 5776 pla - ok
19:46:20.0009 5776 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:46:20.0009 5776 PlugPlay - ok
19:46:20.0040 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:46:20.0040 5776 PNRPAutoReg - ok
19:46:20.0072 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:46:20.0072 5776 PNRPsvc - ok
19:46:20.0103 5776 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:46:20.0103 5776 PolicyAgent - ok
19:46:20.0150 5776 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:46:20.0150 5776 PptpMiniport - ok
19:46:20.0165 5776 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:46:20.0181 5776 Processor - ok
19:46:20.0212 5776 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:46:20.0212 5776 ProfSvc - ok
19:46:20.0228 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:46:20.0228 5776 ProtectedStorage - ok
19:46:20.0243 5776 [ 12B318FEA3F8A63BE8E7C13D8BA97564 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:46:20.0243 5776 PSched - ok
19:46:20.0306 5776 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:46:20.0321 5776 ql2300 - ok
19:46:20.0321 5776 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:46:20.0321 5776 ql40xx - ok
19:46:20.0352 5776 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:46:20.0368 5776 QWAVE - ok
19:46:20.0384 5776 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:46:20.0384 5776 QWAVEdrv - ok
19:46:20.0384 5776 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:46:20.0399 5776 RasAcd - ok
19:46:20.0415 5776 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:46:20.0415 5776 RasAuto - ok
19:46:20.0430 5776 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:20.0430 5776 Rasl2tp - ok
19:46:20.0446 5776 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
19:46:20.0462 5776 RasMan - ok
19:46:20.0477 5776 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:20.0477 5776 RasPppoe - ok
19:46:20.0493 5776 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:46:20.0493 5776 RasSstp - ok
19:46:20.0508 5776 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:46:20.0524 5776 rdbss - ok
19:46:20.0524 5776 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:20.0524 5776 RDPCDD - ok
19:46:20.0555 5776 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:46:20.0571 5776 rdpdr - ok
19:46:20.0571 5776 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:46:20.0571 5776 RDPENCDD - ok
19:46:20.0602 5776 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:46:20.0602 5776 RDPWD - ok
19:46:20.0649 5776 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:46:20.0649 5776 RemoteAccess - ok
19:46:20.0664 5776 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:46:20.0680 5776 RemoteRegistry - ok
19:46:20.0696 5776 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:46:20.0696 5776 RpcLocator - ok
19:46:20.0727 5776 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:46:20.0727 5776 RpcSs - ok
19:46:20.0742 5776 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:46:20.0742 5776 rspndr - ok
19:46:20.0805 5776 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
19:46:20.0805 5776 RS_Service - ok
19:46:20.0852 5776 [ 05FF3C3100F163558E37D0A975BEF05C ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
19:46:20.0852 5776 RTSTOR - ok
19:46:20.0852 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:46:20.0852 5776 SamSs - ok
19:46:20.0867 5776 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:46:20.0867 5776 sbp2port - ok
19:46:21.0008 5776 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:46:21.0039 5776 SBSDWSCService - ok
19:46:21.0070 5776 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:46:21.0070 5776 SCardSvr - ok
19:46:21.0117 5776 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:46:21.0132 5776 Schedule - ok
19:46:21.0148 5776 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:46:21.0148 5776 SCPolicySvc - ok
19:46:21.0164 5776 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:46:21.0164 5776 SDRSVC - ok
19:46:21.0179 5776 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:46:21.0179 5776 secdrv - ok
19:46:21.0195 5776 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:46:21.0195 5776 seclogon - ok
19:46:21.0195 5776 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:46:21.0210 5776 SENS - ok
19:46:21.0242 5776 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:46:21.0242 5776 Serenum - ok
19:46:21.0257 5776 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:46:21.0257 5776 Serial - ok
19:46:21.0273 5776 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:46:21.0273 5776 sermouse - ok
19:46:21.0304 5776 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:46:21.0304 5776 SessionEnv - ok
19:46:21.0335 5776 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:46:21.0335 5776 sffdisk - ok
19:46:21.0351 5776 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:46:21.0351 5776 sffp_mmc - ok
19:46:21.0366 5776 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:46:21.0366 5776 sffp_sd - ok
19:46:21.0382 5776 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:46:21.0382 5776 sfloppy - ok
19:46:21.0413 5776 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:46:21.0429 5776 SharedAccess - ok
19:46:21.0476 5776 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:46:21.0476 5776 ShellHWDetection - ok
19:46:21.0491 5776 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:46:21.0491 5776 sisagp - ok
19:46:21.0507 5776 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:46:21.0507 5776 SiSRaid2 - ok
19:46:21.0538 5776 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:46:21.0538 5776 SiSRaid4 - ok
19:46:21.0616 5776 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:46:21.0663 5776 slsvc - ok
19:46:21.0694 5776 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:46:21.0694 5776 SLUINotify - ok
19:46:21.0710 5776 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:46:21.0710 5776 Smb - ok
19:46:21.0725 5776 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:46:21.0725 5776 SNMPTRAP - ok
19:46:21.0741 5776 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:46:21.0741 5776 spldr - ok
19:46:21.0788 5776 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:46:21.0788 5776 Spooler - ok
19:46:21.0834 5776 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:46:21.0834 5776 srv - ok
19:46:21.0881 5776 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:46:21.0881 5776 srv2 - ok
19:46:21.0944 5776 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:46:21.0944 5776 srvnet - ok
19:46:21.0959 5776 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:46:21.0959 5776 SSDPSRV - ok
19:46:21.0990 5776 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:46:22.0006 5776 SstpSvc - ok
19:46:22.0037 5776 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:46:22.0037 5776 stisvc - ok
19:46:22.0068 5776 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:46:22.0068 5776 swenum - ok
19:46:22.0146 5776 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:46:22.0146 5776 SwitchBoard - ok
19:46:22.0178 5776 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:46:22.0178 5776 swprv - ok
19:46:22.0209 5776 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:46:22.0209 5776 Symc8xx - ok
19:46:22.0240 5776 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:46:22.0240 5776 Sym_hi - ok
19:46:22.0256 5776 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:46:22.0256 5776 Sym_u3 - ok
19:46:22.0302 5776 [ 60CD166AE4261920B4008A1A114AE97C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:46:22.0302 5776 SynTP - ok
19:46:22.0318 5776 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:46:22.0349 5776 SysMain - ok
19:46:22.0380 5776 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:46:22.0380 5776 TabletInputService - ok
19:46:22.0396 5776 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:46:22.0396 5776 TapiSrv - ok
19:46:22.0412 5776 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:46:22.0412 5776 TBS - ok
19:46:22.0474 5776 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:46:22.0490 5776 Tcpip - ok
19:46:22.0505 5776 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:46:22.0521 5776 Tcpip6 - ok
19:46:22.0552 5776 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:46:22.0552 5776 tcpipreg - ok
19:46:22.0599 5776 [ D623A84FEAF092AB2FCFBF68D194A3DF ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
19:46:22.0599 5776 TcUsb - ok
19:46:22.0614 5776 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:46:22.0614 5776 TDPIPE - ok
19:46:22.0646 5776 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:46:22.0646 5776 TDTCP - ok
19:46:22.0661 5776 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:46:22.0661 5776 tdx - ok
19:46:22.0677 5776 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:46:22.0677 5776 TermDD - ok
19:46:22.0708 5776 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:46:22.0739 5776 TermService - ok
19:46:22.0755 5776 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:46:22.0755 5776 Themes - ok
19:46:22.0770 5776 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:46:22.0770 5776 THREADORDER - ok
19:46:22.0786 5776 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:46:22.0786 5776 TrkWks - ok
19:46:22.0848 5776 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:46:22.0848 5776 TrustedInstaller - ok
19:46:22.0864 5776 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:22.0864 5776 tssecsrv - ok
19:46:22.0895 5776 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:46:22.0911 5776 tunmp - ok
19:46:22.0926 5776 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:46:22.0926 5776 tunnel - ok
19:46:22.0942 5776 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:46:22.0942 5776 uagp35 - ok
19:46:22.0973 5776 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:46:22.0973 5776 UBHelper - ok
19:46:23.0004 5776 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:46:23.0004 5776 udfs - ok
19:46:23.0020 5776 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:46:23.0036 5776 UI0Detect - ok
19:46:23.0051 5776 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:46:23.0051 5776 uliagpkx - ok
19:46:23.0082 5776 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:46:23.0082 5776 uliahci - ok
19:46:23.0098 5776 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:46:23.0098 5776 UlSata - ok
19:46:23.0129 5776 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:46:23.0129 5776 ulsata2 - ok
19:46:23.0160 5776 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:46:23.0160 5776 umbus - ok
19:46:23.0176 5776 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:46:23.0176 5776 upnphost - ok
19:46:23.0223 5776 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:46:23.0238 5776 USBAAPL - ok
19:46:23.0285 5776 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:46:23.0285 5776 usbaudio - ok
19:46:23.0316 5776 [ 6FF750CFD323BCE636886189D79D00F8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:23.0316 5776 usbccgp - ok
19:46:23.0348 5776 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:46:23.0348 5776 usbcir - ok
19:46:23.0379 5776 [ 155457EE83ABDAEE737F2874EE028B64 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:46:23.0379 5776 usbehci - ok
19:46:23.0394 5776 [ 49D8CE41C61DDA10E126C34713595A16 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:46:23.0394 5776 usbhub - ok
19:46:23.0426 5776 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:46:23.0426 5776 usbohci - ok
19:46:23.0457 5776 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:46:23.0457 5776 usbprint - ok
19:46:23.0504 5776 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:46:23.0504 5776 usbscan - ok
19:46:23.0535 5776 [ 1AA742316F1AF7EC4B139F17F6C7C31A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:23.0535 5776 USBSTOR - ok
19:46:23.0550 5776 [ 5708192F0D64D19AF1F1B6EAC8B884AD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:46:23.0550 5776 usbuhci - ok
19:46:23.0566 5776 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:46:23.0566 5776 usbvideo - ok
19:46:23.0597 5776 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:46:23.0597 5776 UxSms - ok
19:46:23.0613 5776 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:46:23.0628 5776 vds - ok
19:46:23.0644 5776 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:23.0644 5776 vga - ok
19:46:23.0660 5776 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:46:23.0660 5776 VgaSave - ok
19:46:23.0691 5776 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:46:23.0691 5776 viaagp - ok
19:46:23.0706 5776 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:46:23.0706 5776 ViaC7 - ok
19:46:23.0722 5776 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:46:23.0722 5776 viaide - ok
19:46:23.0862 5776 [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
19:46:23.0862 5776 VMCService - ok
19:46:23.0878 5776 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:46:23.0878 5776 volmgr - ok
19:46:23.0909 5776 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:46:23.0909 5776 volmgrx - ok
19:46:23.0925 5776 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:46:23.0925 5776 volsnap - ok
19:46:23.0956 5776 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:46:23.0956 5776 vsmraid - ok
19:46:24.0003 5776 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:46:24.0034 5776 VSS - ok
19:46:24.0221 5776 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
19:46:24.0237 5776 vToolbarUpdater12.2.6 - ok
19:46:24.0284 5776 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:46:24.0284 5776 W32Time - ok
19:46:24.0330 5776 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:46:24.0330 5776 WacomPen - ok
19:46:24.0362 5776 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:46:24.0362 5776 Wanarp - ok
19:46:24.0362 5776 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:46:24.0362 5776 Wanarpv6 - ok
19:46:24.0393 5776 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:46:24.0408 5776 wcncsvc - ok
19:46:24.0424 5776 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:46:24.0424 5776 WcsPlugInService - ok
19:46:24.0455 5776 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:46:24.0455 5776 Wd - ok
19:46:24.0486 5776 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:46:24.0486 5776 Wdf01000 - ok
19:46:24.0502 5776 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:46:24.0502 5776 WdiServiceHost - ok
19:46:24.0502 5776 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:46:24.0502 5776 WdiSystemHost - ok
19:46:24.0518 5776 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:46:24.0518 5776 WebClient - ok
19:46:24.0549 5776 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:46:24.0549 5776 Wecsvc - ok
19:46:24.0564 5776 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:46:24.0580 5776 wercplsupport - ok
19:46:24.0580 5776 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:46:24.0596 5776 WerSvc - ok
19:46:24.0627 5776 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
19:46:24.0642 5776 winbondcir - ok
19:46:24.0674 5776 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:46:24.0689 5776 WinDefend - ok
19:46:24.0689 5776 WinHttpAutoProxySvc - ok
19:46:24.0736 5776 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:46:24.0736 5776 Winmgmt - ok
19:46:24.0798 5776 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:46:24.0830 5776 WinRM - ok
19:46:24.0892 5776 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:46:24.0908 5776 Wlansvc - ok
19:46:24.0954 5776 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:24.0954 5776 WmiAcpi - ok
19:46:24.0986 5776 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:46:24.0986 5776 wmiApSrv - ok
19:46:25.0048 5776 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:46:25.0079 5776 WMPNetworkSvc - ok
19:46:25.0095 5776 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:46:25.0095 5776 WPCSvc - ok
19:46:25.0110 5776 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:46:25.0110 5776 WPDBusEnum - ok
19:46:25.0173 5776 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:46:25.0173 5776 WpdUsb - ok
19:46:25.0298 5776 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:46:25.0329 5776 WPFFontCache_v0400 - ok
19:46:25.0360 5776 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:46:25.0360 5776 ws2ifsl - ok
19:46:25.0391 5776 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
19:46:25.0391 5776 wscsvc - ok
19:46:25.0391 5776 WSearch - ok
19:46:25.0438 5776 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:25.0438 5776 WUDFRd - ok
19:46:25.0454 5776 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:46:25.0454 5776 wudfsvc - ok
19:46:25.0469 5776 ZTEusbmdm6k - ok
19:46:25.0500 5776 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
19:46:25.0500 5776 ZTEusbnet - ok
19:46:25.0532 5776 ZTEusbnmea - ok
19:46:25.0547 5776 ZTEusbser6k - ok
19:46:25.0594 5776 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
19:46:25.0594 5776 ZTEusbvoice - ok
19:46:25.0610 5776 ================ Scan global ===============================
19:46:25.0641 5776 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:46:25.0688 5776 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:46:25.0703 5776 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:46:25.0734 5776 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:46:25.0734 5776 [Global] - ok
19:46:25.0734 5776 ================ Scan MBR ==================================
19:46:25.0750 5776 [ 5586EABCC0D095DB340D873E2B236896 ] \Device\Harddisk0\DR0
19:46:26.0483 5776 \Device\Harddisk0\DR0 - ok
19:46:26.0483 5776 ================ Scan VBR ==================================
19:46:26.0499 5776 [ A9040BC551382649AF40930B3ABA1E73 ] \Device\Harddisk0\DR0\Partition1
19:46:26.0499 5776 \Device\Harddisk0\DR0\Partition1 - ok
19:46:26.0499 5776 ============================================================
19:46:26.0499 5776 Scan finished
19:46:26.0499 5776 ============================================================
19:46:26.0499 2492 Detected object count: 1
19:46:26.0499 2492 Actual detected object count: 1
19:46:57.0699 2492 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:46:57.0699 2492 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Alt 24.09.2012, 07:07   #8
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.09.2012, 19:39   #9
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 01.10.2012, 16:06   #10
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo, sorry war über das WE nicht da. Brauche leider immer noch Hilfe:

hängt sich leider immer noch auf. Combofix läuft nicht durch: bei ca. der Hälfte hängt sich der PC auf.


LG Dinchen

Alt 06.10.2012, 12:30   #11
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Mist!

FRST



Downloade dir bitte FRST und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 08.10.2012, 08:31   #12
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 09.10.2012, 13:46   #13
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 09.10.2012, 19:47   #14
Dinchen
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



Hallo,

ja, leider benötige ich immer noch Hilfe :-(

ok, jetzt hat es doch geklapp mit dem FRST

hier die Datei:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 09-10-2012 20:55:15
Running from E:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-01] (Google)
HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2008-12-01] (EgisTec Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-03-26] (EgisTec Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM\...\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-11] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-11] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-22] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-04-15] (Acer Incorporated)
HKLM\...\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe" [3560448 2009-03-25] (Egis Technology Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [156968 2009-04-13] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [202024 2009-04-13] (CyberLink)
HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2011-10-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [947808 2012-08-30] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-23] ()
HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Default User\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Dinchen\...\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c [349640 2010-02-11] (IncrediMail, Ltd.)
HKU\Dinchen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Dinchen\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Dinchen\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Dinchen\...\Run: [Akamai NetSession Interface] "C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\Dinchen\...\Run: [Facebook Update] "C:\Users\Dinchen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKU\Dinchen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.)
HKU\Medi\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
Tcpip\Parameters: [DhcpNameServer] 78.42.43.62 82.212.62.62
AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

==================== Services (Whitelisted) ===================

2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-01-20] (Agere Systems)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-22] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-22] (AVG Technologies CZ, s.r.o.)
2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-14] ()
2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-01] (Google)
2 gupdate1ca0dc76fc8fc00; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-07-26] (Google Inc.)
2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-03-26] (EgisTec Inc.)
2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-04] (Acer Incorporated)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-04-20] (Vodafone)
2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()
2 Akamai; c:\program files\common files\akamai/netsession_win_5891ae0.dll [x]

==================== Drivers (Whitelisted) ====================

0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation)
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-22] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-07-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies)
3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] ()
3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [50176 2009-04-07] (Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-11-11] (Egis Incorporated.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-11-11] (Egis Incorporated.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-11-11] (Egis Incorporated.)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-09 20:55 - 2012-10-09 20:55 - 00000000 ____D C:\FRST
2012-09-24 10:58 - 2012-09-28 09:17 - 00000000 ___SD C:\32788R22FWJFW
2012-09-24 10:58 - 2012-09-24 10:58 - 00000000 ____D C:\Windows\erdnt
2012-09-24 10:46 - 2012-09-28 09:17 - 04757745 ____R (Swearware) C:\Users\Medi\Desktop\ComboFix.exe
2012-09-23 09:44 - 2012-09-23 09:44 - 00002005 ____A C:\Users\Medi\Desktop\aswMBR.txt
2012-09-23 09:44 - 2012-09-23 09:44 - 00000512 ____A C:\Users\Medi\Desktop\MBR.dat
2012-09-23 09:06 - 2012-09-23 09:07 - 04731392 ____A (AVAST Software) C:\Users\Medi\Desktop\aswMBR.exe
2012-09-23 09:06 - 2012-09-23 09:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Medi\Desktop\tdsskiller.exe
2012-09-23 09:04 - 2012-09-23 09:04 - 04731392 ____A (AVAST Software) C:\Users\Medi\Documents\aswMBR.exe
2012-09-20 08:38 - 2012-09-20 08:38 - 00215832 ____A C:\Windows\Minidump\Mini092012-01.dmp
2012-09-18 08:06 - 2012-09-18 08:06 - 00302592 ____A C:\Users\Dinchen\Desktop\vqk2vqt9.exe
2012-09-18 03:13 - 2012-09-18 03:13 - 00061558 ____A C:\Users\Dinchen\Desktop\Extras.Txt
2012-09-18 03:11 - 2012-09-18 03:11 - 00088898 ____A C:\Users\Dinchen\Desktop\OTL.Txt
2012-09-18 02:52 - 2012-09-18 02:52 - 00600576 ____A (OldTimer Tools) C:\Users\Dinchen\Desktop\OTL.exe
2012-09-18 02:51 - 2012-09-18 02:52 - 00000476 ____A C:\Users\Dinchen\Desktop\defogger_disable.log
2012-09-18 02:51 - 2012-09-18 02:51 - 00000000 ____A C:\Users\Dinchen\defogger_reenable
2012-09-18 02:48 - 2012-09-18 02:48 - 00050477 ____A C:\Users\Dinchen\Desktop\Defogger.exe
2012-09-17 09:59 - 2012-09-17 10:53 - 00005103 ____A C:\Windows\System32\avgrep.txt

==================== 3 Months Modified Files ==================

2012-10-09 10:52 - 2006-11-02 05:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-09 10:52 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-09 10:51 - 2009-06-12 05:59 - 00245777 ____A C:\Users\All Users\nvModes.dat
2012-10-09 10:50 - 2009-07-26 00:20 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 10:50 - 2009-07-21 15:28 - 00245684 ____A C:\Users\All Users\nvModes.001
2012-10-09 10:50 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-09 10:50 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-30 08:55 - 2012-05-28 11:44 - 00001146 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job
2012-09-28 09:17 - 2012-09-24 10:46 - 04757745 ____R (Swearware) C:\Users\Medi\Desktop\ComboFix.exe
2012-09-24 10:48 - 2009-07-26 00:20 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-23 09:44 - 2012-09-23 09:44 - 00002005 ____A C:\Users\Medi\Desktop\aswMBR.txt
2012-09-23 09:44 - 2012-09-23 09:44 - 00000512 ____A C:\Users\Medi\Desktop\MBR.dat
2012-09-23 09:07 - 2012-09-23 09:06 - 04731392 ____A (AVAST Software) C:\Users\Medi\Desktop\aswMBR.exe
2012-09-23 09:06 - 2012-09-23 09:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Medi\Desktop\tdsskiller.exe
2012-09-23 09:04 - 2012-09-23 09:04 - 04731392 ____A (AVAST Software) C:\Users\Medi\Documents\aswMBR.exe
2012-09-20 11:55 - 2012-05-28 11:44 - 00001124 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job
2012-09-20 08:38 - 2012-09-20 08:38 - 00215832 ____A C:\Windows\Minidump\Mini092012-01.dmp
2012-09-20 08:37 - 2011-03-01 00:18 - 286542640 ____A C:\Windows\MEMORY.DMP
2012-09-18 08:06 - 2012-09-18 08:06 - 00302592 ____A C:\Users\Dinchen\Desktop\vqk2vqt9.exe
2012-09-18 05:54 - 2012-09-06 11:09 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-18 03:13 - 2012-09-18 03:13 - 00061558 ____A C:\Users\Dinchen\Desktop\Extras.Txt
2012-09-18 03:11 - 2012-09-18 03:11 - 00088898 ____A C:\Users\Dinchen\Desktop\OTL.Txt
2012-09-18 02:52 - 2012-09-18 02:52 - 00600576 ____A (OldTimer Tools) C:\Users\Dinchen\Desktop\OTL.exe
2012-09-18 02:52 - 2012-09-18 02:51 - 00000476 ____A C:\Users\Dinchen\Desktop\defogger_disable.log
2012-09-18 02:51 - 2012-09-18 02:51 - 00000000 ____A C:\Users\Dinchen\defogger_reenable
2012-09-18 02:48 - 2012-09-18 02:48 - 00050477 ____A C:\Users\Dinchen\Desktop\Defogger.exe
2012-09-18 02:31 - 2009-06-12 05:22 - 02059662 ____A C:\Windows\WindowsUpdate.log
2012-09-17 10:53 - 2012-09-17 09:59 - 00005103 ____A C:\Windows\System32\avgrep.txt
2012-09-16 11:51 - 2012-01-06 02:52 - 00002633 ____A C:\Users\Dinchen\Desktop\Microsoft Office Excel 2007.lnk
2012-09-11 12:17 - 2008-01-20 18:47 - 00774476 ____A C:\Windows\PFRO.log
2012-09-10 03:57 - 2008-01-20 23:16 - 01445136 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-07 07:04 - 2012-09-06 11:09 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 11:08 - 2012-09-06 11:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Dinchen\Desktop\mbam-setup-1.62.0.1300.exe
2012-09-06 10:13 - 2012-09-06 10:13 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-09-06 10:13 - 2012-09-06 10:13 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-09-06 10:13 - 2011-01-08 05:26 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-09-06 09:55 - 2006-11-02 04:47 - 03653536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-06 05:01 - 2012-09-06 05:01 - 00000051 ____A C:\Users\All Users\dsdebiyskdmnkuo
2012-09-01 05:07 - 2012-09-01 05:07 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Kirchheim.xlsx
2012-09-01 05:07 - 2012-09-01 05:07 - 00000165 ___AH C:\Users\Dinchen\Desktop\~$Haus Kirchheim.xlsx
2012-09-01 05:07 - 2011-05-02 09:22 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Sandhausen.xlsx
2012-08-30 09:52 - 2012-08-30 09:52 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-08-28 00:15 - 2012-03-07 09:38 - 00159232 ____A C:\Users\Dinchen\Desktop\Haushaltsbuch.xls
2012-08-16 17:04 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-12 01:32 - 2012-01-06 02:51 - 00002631 ____A C:\Users\Dinchen\Desktop\Microsoft Office Word 2007.lnk
2012-08-02 10:20 - 2006-11-02 04:52 - 00119966 ____A C:\Windows\setupact.log
2012-08-01 09:01 - 2009-09-02 08:58 - 00041472 ____A C:\Users\Dinchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 13:57 - 2012-07-25 13:57 - 00030208 ____H C:\Users\Dinchen\Desktop\~WRL1611.tmp
2012-07-25 03:32 - 2012-07-24 23:32 - 00045056 ____H C:\Users\Dinchen\Desktop\~WRL2947.tmp
2012-07-25 03:32 - 2012-07-12 13:00 - 00294912 ____H C:\Users\Dinchen\Desktop\~WRL3520.tmp
2012-07-15 02:07 - 2012-07-12 13:00 - 00116736 ____H C:\Users\Dinchen\Desktop\~WRL2931.tmp
2012-07-12 13:07 - 2012-07-12 13:00 - 00027648 ____H C:\Users\Dinchen\Desktop\~WRL0417.tmp


ZeroAccess:
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\@
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\00000004.@
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\1afb2d56
C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\80000032.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 4059.99 MB
Available physical RAM: 3701.35 MB
Total Pagefile: 3927.55 MB
Available Pagefile: 3782.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.3 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:449.3 GB) (Free:376.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (BELLA USB) (Removable) (Total:0.94 GB) (Free:0.86 GB) FAT
4 Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.13 GB) NTFS

Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 466 GB 0 B
1 Online 964 MB 0 B



Last Boot: 2012-09-25 09:30

==================== End Of Log ============================

hallo,

es fängt an besser zu werden!

LG Dinchen

Alt 07.11.2012, 15:32   #15
Psychotic
/// Malwareteam
 
Trojaner Bundespolizei: Pc hängt sich ständig auf - Standard

Trojaner Bundespolizei: Pc hängt sich ständig auf



FRST

Erstelle bitte ein neues FRST log!



Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trojaner Bundespolizei: Pc hängt sich ständig auf
78.42.43.62, akamai, audacity, avg secure search, avg security toolbar, babylon toolbar, babylontoolbar, bho, bonjour, browser, cid, error, firefox, flash player, helper, home, homepage, hängt, intranet, launch, limited.com/facebook, locker, logfile, mywinlocker, office 2007, plug-in, problem, realtek, safer networking, scan, secure search, security, senden, siteadvisor, software, svchost.exe, trojaner, updates, usb 2.0, vista, vodafone, vtoolbarupdater, yontoo




Ähnliche Themen: Trojaner Bundespolizei: Pc hängt sich ständig auf


  1. Windows 7 hängt sich ständig auf
    Log-Analyse und Auswertung - 15.03.2015 (27)
  2. Laptop hängt sich ständig auf
    Log-Analyse und Auswertung - 11.01.2014 (3)
  3. Firefox hängt sich ständig auf
    Log-Analyse und Auswertung - 26.07.2013 (1)
  4. System hängt sich ständig auf
    Alles rund um Windows - 25.05.2013 (8)
  5. PC hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (25)
  6. Trojaner? Virus? Mozilla hängt sich ständig auf!
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (6)
  7. PC hängt sich ständig auf...Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2010 (7)
  8. Rechner hängt sich ständig auf.....
    Log-Analyse und Auswertung - 20.08.2010 (6)
  9. Laptop hängt sich ständig auf...
    Alles rund um Windows - 10.08.2010 (7)
  10. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 02.07.2010 (9)
  11. PC hängt sich ständig auf, bzw. Monitor schaltet sich an und aus
    Netzwerk und Hardware - 12.04.2010 (4)
  12. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 10.11.2009 (0)
  13. Pc hängt sich ständig auf :-(
    Log-Analyse und Auswertung - 14.10.2009 (11)
  14. PC hängt sich ständig auf bzw. friert ein
    Log-Analyse und Auswertung - 19.05.2009 (0)
  15. Firefox hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  16. internetseiten bauen sich langsam auf/laptop hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (0)
  17. Explorer hängt sich ständig auf
    Log-Analyse und Auswertung - 14.02.2006 (1)

Zum Thema Trojaner Bundespolizei: Pc hängt sich ständig auf - Hallo liebe Formunsgemeinde. Ich hoffe bei Euch auf Hilfe zu meinem Problem: Vor ca. 1 Woche habe ich mir diesen Bundespolizei Trojaner eingefangen. Draufhin habe ich Malwarebytes drüber laufen lassen - Trojaner Bundespolizei: Pc hängt sich ständig auf...
Archiv
Du betrachtest: Trojaner Bundespolizei: Pc hängt sich ständig auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.