Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2011, 03:49   #1
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Ausrufezeichen

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Guten Morgen!

Ich habe das bekannte Problem mit dem Trojaner, der mir per Sicherheitswarnung Windows blockiert und mich auffordert 50€ zu bezahlen.

Es tritt immer 10-15 Minuten auf, nachdem ich ich im Internet bin. Offline funktioniert Windows bestens.

Ich habe mir per OTL im abgesicherten Modus die anhängenden Logfiles erstellt und hoffe, mir kann jemand von Euch helfen und ich komme um eine Neuinstallation drum herum.

Ich habe den Laptop "Aspire Intel Core i3-370M Processor" und Windows 7-

Ich freue mich über Hilfe! Vielen Dank.

Alt 28.12.2011, 05:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 29.12.2011, 18:35   #3
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Hallo Arne,

vielen Dank für deine Hilfe. Nachdem ich es nun geschafft habe, beide Programme laufen zu lassen findest du hier die beiden Logfiles:

Code:
ATTFilter
 hier steht das Log von Malewarebytes:

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.24.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Wendelin :: WENDELIN-OFFICE [Administrator]

Schutz: Aktiviert

29.12.2011 12:41:23
mbam-log-2011-12-29 (13-43-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 358100
Laufzeit: 1 Stunde(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 4
C:\Users\Wendelin\AppData\Roaming\BC109\98727.exe (Trojan.Dropper.PE4) -> 2176 -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe (Trojan.Dropper.PE4) -> 3004 -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> 4212 -> Keine Aktion durchgeführt.
C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> 4556 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|C4C.exe (Trojan.Dropper.PE4) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent.BH) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Manager (Trojan.MSIL) -> Daten: C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E1D.exe (Trojan.Dropper.PE4) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\E1D.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Daten: C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\Wendelin\AppData\Roaming\BC109\98727.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E1D.exe (Backdoor.CycBot) -> Daten: C:\Program Files (x86)\LP\274B\E1D.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Wendelin\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 26
C:\Users\Wendelin\AppData\Roaming\BC109\98727.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\E1D.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\EA SPORTS\FIFA 2005\FIFA05 Trainer +4.exe (HackTool.GamesCheat.Gen) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MUZMLRM\f[1].exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\b[1].exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\ra[1].exe (Trojan.Agent.BH) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\st[1].exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\0226550.exe (Trojan.Agent.BH) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\0740747.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\24129.exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\2986719.exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\3074274.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\4666271.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\6157700.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\8916743.exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Local\Temp\91525.exe (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\java.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\wmplayer.exe (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\7745.tmp (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\Downloads\PIC05605305.JPG(1).scr (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Users\Wendelin\Downloads\PIC05605305.JPG.scr (Trojan.MSIL) -> Keine Aktion durchgeführt.
C:\Windows\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
 Und hier findest du das Log vom ESSET Online Scan
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9d9f178a7cd2c149bd6e52554a6999bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 03:55:57
# local_time=2011-12-29 04:55:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 548138 61701211 590544 0
# compatibility_mode=5893 16776638 66 94 757184 76794240 0 0
# compatibility_mode=8192 67108863 100 0 4416 4416 0 0
# scanned=186841
# found=42
# cleaned=0
# scan_time=9768
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MUZMLRM\f[1].exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\b[1].exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\fa[1].exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\fa[2].exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\ra[1].exe	a variant of Win32/Kryptik.YCJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\st[1].exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\0193779.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\0226550.exe	a variant of Win32/Kryptik.YCJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\0740747.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\0862275.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\0901116.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\1479797.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\24129.exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\2986719.exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\3074274.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\4666271.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\5469741.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\5501045.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\6157700.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\6930891.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\8274206.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\8658497.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\8916743.exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\8955810.exe	a variant of MSIL/Injector.QY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\91525.exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\firefox.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\java.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\wmplayer.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe	a variant of Win32/Kryptik.YBH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\BC109\549B8.exe	a variant of Win32/Kryptik.YDO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\BC109\98727.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\1EBC.exe	a variant of Win32/Kryptik.XWR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\7745.tmp	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe	a variant of Win32/Kryptik.XYH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe	a variant of Win32/Kryptik.YCJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\Downloads\PIC05605305.JPG(1).scr	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\Downloads\PIC05605305.JPG.scr	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\Downloads\SoftonicDownloader_fuer_adobe-acrobat-professional.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe	a variant of MSIL/Injector.QO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Temp\_ex-68.exe	a variant of Win32/Kryptik.XWR trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	multiple threats	00000000000000000000000000000000	I
         
Soweit von den Programmen Files in de Quarantäne geschickt wurden, habe ich diese bereits gelöscht.

Momentan meldet Malwarebytes immer noch regelmäßig, dass bösartige Datein gefunden und in Quarantäne geschoben wurden. Auch diese lösche ich dann aus dieser...

Die bekannte Meldung mit der Blockierung des ganzesn Laptops kommt leider noch immer, aber davon war ja auszugehen - wenn ich es richtig verstanden habe.

Kannst du mir nochmal helfen bzw. schreiben was nun zu tun ist?

Vielen Dank!!!


P.S. Mir ist noch etwas aufgefallen: Seit einigen Tagen ist der Windows Live Messenger auf meiner Taskleiste und obwohl ich ihn meine nie installiert und inzwischen auch gelöscht habe und sich in der Übersicht nicht unter den Programmen befindet, die auf der TAskleiste angehfetet sind, befindet er sich immer noch dort. Da ich keine Ahnung habe, weiß ich nicht, ob dies ein Indiz auf irgend etwas sein kann außer auf meine Ahnungslosigkeit...
__________________

Geändert von Stuttgart (29.12.2011 um 18:49 Uhr)

Alt 29.12.2011, 23:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.12.2011, 10:12   #5
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Hallo Arne,

nein, ich habe Malwarebytes davor noch nie benutzt.In besagtem Reiter befinden sich noch folgende Dokumente:

Code:
ATTFilter
 
2011/12/29 14:09:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49171, Process: winmgr.exe)
2011/12/29 14:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49172, Process: winmgr.exe)
2011/12/29 14:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49174, Process: winmgr.exe)
2011/12/29 14:09:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49178, Process: winmgr.exe)
2011/12/29 14:09:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49179, Process: winmgr.exe)
2011/12/29 14:09:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49184, Process: winmgr.exe)
2011/12/29 14:09:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49295, Process: winmgr.exe)
2011/12/29 14:09:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49306, Process: winmgr.exe)
2011/12/29 14:09:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49309, Process: winmgr.exe)
2011/12/29 14:09:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49313, Process: winmgr.exe)
2011/12/29 14:09:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49322, Process: winmgr.exe)
2011/12/29 14:09:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49401, Process: winmgr.exe)
2011/12/29 14:10:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49404, Process: winmgr.exe)
2011/12/29 14:10:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49405, Process: winmgr.exe)
2011/12/29 14:10:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49406, Process: winmgr.exe)
2011/12/29 14:10:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49407, Process: winmgr.exe)
2011/12/29 14:10:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49416, Process: winmgr.exe)
2011/12/29 14:10:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49419, Process: winmgr.exe)
2011/12/29 14:10:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49422, Process: winmgr.exe)
2011/12/29 14:10:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49423, Process: winmgr.exe)
2011/12/29 14:10:37 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe	Trojan.Dropper.PE4	DENY
2011/12/29 14:10:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49426, Process: winmgr.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49434, Process: winmgr.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	77.79.4.98 (Type: outgoing, Port: 49440, Process: lvvm.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49455, Process: winmgr.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49457, Process: lvvm.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49459, Process: lvvm.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49461, Process: lvvm.exe)
2011/12/29 14:10:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49463, Process: lvvm.exe)
2011/12/29 14:11:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49464, Process: winmgr.exe)
2011/12/29 14:11:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49491, Process: winmgr.exe)
2011/12/29 14:11:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49492, Process: winmgr.exe)
2011/12/29 14:11:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49494, Process: winmgr.exe)
2011/12/29 14:11:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49495, Process: winmgr.exe)
2011/12/29 14:11:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49503, Process: winmgr.exe)
2011/12/29 14:11:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49504, Process: winmgr.exe)
2011/12/29 14:11:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49511, Process: winmgr.exe)
2011/12/29 14:11:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49520, Process: winmgr.exe)
2011/12/29 14:11:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49527, Process: winmgr.exe)
2011/12/29 14:11:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49609, Process: winmgr.exe)
2011/12/29 14:11:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49610, Process: winmgr.exe)
2011/12/29 14:11:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49629, Process: winmgr.exe)
2011/12/29 14:12:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49644, Process: winmgr.exe)
2011/12/29 14:12:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49645, Process: winmgr.exe)
2011/12/29 14:12:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49646, Process: winmgr.exe)
2011/12/29 14:12:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49650, Process: winmgr.exe)
2011/12/29 14:12:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49651, Process: winmgr.exe)
2011/12/29 14:12:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49656, Process: winmgr.exe)
2011/12/29 14:12:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49657, Process: winmgr.exe)
2011/12/29 14:12:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49658, Process: winmgr.exe)
2011/12/29 14:12:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49659, Process: winmgr.exe)
2011/12/29 14:12:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49660, Process: winmgr.exe)
2011/12/29 14:12:53 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe	Trojan.Dropper.PE4	DENY
2011/12/29 14:12:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49661, Process: winmgr.exe)
2011/12/29 14:13:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49663, Process: winmgr.exe)
2011/12/29 14:13:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49664, Process: winmgr.exe)
2011/12/29 14:13:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49667, Process: winmgr.exe)
2011/12/29 14:13:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49668, Process: winmgr.exe)
2011/12/29 14:13:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49669, Process: winmgr.exe)
2011/12/29 14:13:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49670, Process: winmgr.exe)
2011/12/29 14:13:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49671, Process: winmgr.exe)
2011/12/29 14:13:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49672, Process: winmgr.exe)
2011/12/29 14:13:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49673, Process: winmgr.exe)
2011/12/29 14:13:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49677, Process: winmgr.exe)
2011/12/29 14:13:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49678, Process: winmgr.exe)
2011/12/29 14:13:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49679, Process: winmgr.exe)
2011/12/29 14:14:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49680, Process: winmgr.exe)
2011/12/29 14:14:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49682, Process: winmgr.exe)
2011/12/29 14:14:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49683, Process: winmgr.exe)
2011/12/29 14:14:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49684, Process: winmgr.exe)
2011/12/29 14:14:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49685, Process: winmgr.exe)
2011/12/29 14:14:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49706, Process: winmgr.exe)
2011/12/29 14:14:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49725, Process: winmgr.exe)
2011/12/29 14:14:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49772, Process: winmgr.exe)
2011/12/29 14:14:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49773, Process: winmgr.exe)
2011/12/29 14:14:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49782, Process: winmgr.exe)
2011/12/29 14:14:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49783, Process: winmgr.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49784, Process: winmgr.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49791, Process: lvvm.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49793, Process: lvvm.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49795, Process: lvvm.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49797, Process: lvvm.exe)
2011/12/29 14:14:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49801, Process: lvvm.exe)
2011/12/29 14:14:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49804, Process: winmgr.exe)
2011/12/29 14:14:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49805, Process: winmgr.exe)
2011/12/29 14:14:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49806, Process: winmgr.exe)
2011/12/29 14:15:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49808, Process: winmgr.exe)
2011/12/29 14:15:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49809, Process: winmgr.exe)
2011/12/29 14:15:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49841, Process: lvvm.exe)
2011/12/29 14:15:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49844, Process: lvvm.exe)
2011/12/29 14:15:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49845, Process: winmgr.exe)
2011/12/29 14:15:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49852, Process: winmgr.exe)
2011/12/29 14:15:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49853, Process: winmgr.exe)
2011/12/29 14:15:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49854, Process: winmgr.exe)
2011/12/29 14:15:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49861, Process: lvvm.exe)
2011/12/29 14:15:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49863, Process: lvvm.exe)
2011/12/29 14:15:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49864, Process: winmgr.exe)
2011/12/29 14:15:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49865, Process: winmgr.exe)
2011/12/29 14:15:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49866, Process: winmgr.exe)
2011/12/29 14:15:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49867, Process: winmgr.exe)
2011/12/29 14:16:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49870, Process: winmgr.exe)
2011/12/29 14:16:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49881, Process: winmgr.exe)
2011/12/29 14:16:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49882, Process: winmgr.exe)
2011/12/29 14:16:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49883, Process: winmgr.exe)
2011/12/29 14:16:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 49895, Process: lvvm.exe)
2011/12/29 14:16:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49912, Process: winmgr.exe)
2011/12/29 14:16:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49913, Process: winmgr.exe)
2011/12/29 14:16:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49914, Process: winmgr.exe)
2011/12/29 14:16:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49915, Process: winmgr.exe)
2011/12/29 14:16:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49916, Process: winmgr.exe)
2011/12/29 14:16:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49917, Process: winmgr.exe)
2011/12/29 14:16:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49918, Process: winmgr.exe)
2011/12/29 14:16:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49919, Process: winmgr.exe)
2011/12/29 14:16:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49920, Process: winmgr.exe)
2011/12/29 14:17:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49921, Process: winmgr.exe)
2011/12/29 14:17:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49922, Process: winmgr.exe)
2011/12/29 14:17:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49924, Process: winmgr.exe)
2011/12/29 14:17:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49925, Process: winmgr.exe)
2011/12/29 14:17:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49926, Process: winmgr.exe)
2011/12/29 14:17:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49927, Process: winmgr.exe)
2011/12/29 14:17:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49928, Process: winmgr.exe)
2011/12/29 14:17:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49929, Process: winmgr.exe)
2011/12/29 14:17:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49930, Process: winmgr.exe)
2011/12/29 14:17:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49931, Process: winmgr.exe)
2011/12/29 14:17:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49933, Process: winmgr.exe)
2011/12/29 14:18:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49934, Process: winmgr.exe)
2011/12/29 14:18:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49937, Process: winmgr.exe)
2011/12/29 14:18:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49938, Process: winmgr.exe)
2011/12/29 14:18:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49940, Process: winmgr.exe)
2011/12/29 14:18:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49941, Process: winmgr.exe)
2011/12/29 14:18:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49942, Process: winmgr.exe)
2011/12/29 14:18:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49943, Process: winmgr.exe)
2011/12/29 14:18:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49944, Process: winmgr.exe)
2011/12/29 14:18:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49945, Process: winmgr.exe)
2011/12/29 14:18:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49946, Process: winmgr.exe)
2011/12/29 14:18:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49974, Process: winmgr.exe)
2011/12/29 14:18:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49975, Process: winmgr.exe)
2011/12/29 14:19:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49976, Process: winmgr.exe)
2011/12/29 14:19:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49977, Process: winmgr.exe)
2011/12/29 14:19:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49983, Process: winmgr.exe)
2011/12/29 14:19:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49984, Process: winmgr.exe)
2011/12/29 14:19:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49985, Process: winmgr.exe)
2011/12/29 14:19:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49986, Process: winmgr.exe)
2011/12/29 14:19:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49987, Process: winmgr.exe)
2011/12/29 14:19:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49988, Process: winmgr.exe)
2011/12/29 14:19:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49989, Process: winmgr.exe)
2011/12/29 14:19:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49990, Process: winmgr.exe)
2011/12/29 14:19:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49991, Process: winmgr.exe)
2011/12/29 14:19:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49992, Process: winmgr.exe)
2011/12/29 14:26:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50028, Process: winmgr.exe)
2011/12/29 14:26:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50029, Process: winmgr.exe)
2011/12/29 14:26:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50030, Process: winmgr.exe)
2011/12/29 14:26:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50031, Process: winmgr.exe)
2011/12/29 14:26:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50032, Process: winmgr.exe)
2011/12/29 14:26:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50033, Process: winmgr.exe)
2011/12/29 14:26:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50034, Process: winmgr.exe)
2011/12/29 14:26:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50035, Process: winmgr.exe)
2011/12/29 14:26:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50060, Process: winmgr.exe)
2011/12/29 14:26:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50062, Process: winmgr.exe)
2011/12/29 14:26:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50063, Process: winmgr.exe)
2011/12/29 14:26:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50070, Process: winmgr.exe)
2011/12/29 14:27:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50155, Process: winmgr.exe)
2011/12/29 14:27:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50272, Process: winmgr.exe)
2011/12/29 14:27:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50287, Process: winmgr.exe)
2011/12/29 14:27:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50320, Process: winmgr.exe)
2011/12/29 14:27:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50321, Process: winmgr.exe)
2011/12/29 14:27:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50322, Process: winmgr.exe)
2011/12/29 14:27:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50323, Process: winmgr.exe)
2011/12/29 14:27:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50324, Process: winmgr.exe)
2011/12/29 14:27:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50325, Process: winmgr.exe)
2011/12/29 14:27:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50458, Process: winmgr.exe)
2011/12/29 14:27:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50572, Process: winmgr.exe)
2011/12/29 14:27:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50573, Process: winmgr.exe)
2011/12/29 18:11:23 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe	Trojan.Agent.BH	QUARANTINE
2011/12/29 18:11:23 +0100	WENDELIN-OFFICE	Wendelin	ERROR	Quarantine failed:  DeleteFile failed with error code 5
2011/12/29 18:26:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50868, Process: winmgr.exe)
2011/12/29 18:26:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50869, Process: winmgr.exe)
2011/12/29 18:26:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50887, Process: winmgr.exe)
2011/12/29 18:26:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50888, Process: winmgr.exe)
2011/12/29 18:26:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50895, Process: winmgr.exe)
2011/12/29 18:26:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50909, Process: winmgr.exe)
2011/12/29 18:26:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50910, Process: winmgr.exe)
2011/12/29 18:26:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50911, Process: winmgr.exe)
2011/12/29 18:27:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50925, Process: winmgr.exe)
2011/12/29 18:27:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50927, Process: winmgr.exe)
2011/12/29 18:27:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50930, Process: winmgr.exe)
2011/12/29 18:27:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50932, Process: winmgr.exe)
2011/12/29 18:27:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50933, Process: winmgr.exe)
2011/12/29 18:27:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50934, Process: winmgr.exe)
2011/12/29 18:27:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50944, Process: winmgr.exe)
2011/12/29 18:27:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50951, Process: winmgr.exe)
2011/12/29 18:27:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50964, Process: winmgr.exe)
2011/12/29 18:27:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50965, Process: winmgr.exe)
2011/12/29 18:27:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50966, Process: winmgr.exe)
2011/12/29 18:27:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50967, Process: winmgr.exe)
2011/12/29 18:28:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50968, Process: winmgr.exe)
2011/12/29 18:28:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50971, Process: winmgr.exe)
2011/12/29 18:28:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50975, Process: winmgr.exe)
2011/12/29 18:28:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50976, Process: winmgr.exe)
2011/12/29 18:28:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50988, Process: winmgr.exe)
2011/12/29 18:28:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50989, Process: winmgr.exe)
2011/12/29 18:28:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51080, Process: winmgr.exe)
2011/12/29 18:28:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51161, Process: winmgr.exe)
2011/12/29 18:28:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51162, Process: winmgr.exe)
2011/12/29 18:28:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51164, Process: winmgr.exe)
2011/12/29 18:28:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51165, Process: winmgr.exe)
2011/12/29 18:28:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51166, Process: winmgr.exe)
2011/12/29 18:29:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51167, Process: winmgr.exe)
2011/12/29 18:29:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51168, Process: winmgr.exe)
2011/12/29 18:29:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51172, Process: winmgr.exe)
2011/12/29 18:29:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51175, Process: winmgr.exe)
2011/12/29 18:29:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51176, Process: winmgr.exe)
2011/12/29 18:29:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51177, Process: winmgr.exe)
2011/12/29 18:29:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51179, Process: winmgr.exe)
2011/12/29 18:29:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51180, Process: winmgr.exe)
2011/12/29 18:29:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51181, Process: winmgr.exe)
2011/12/29 18:29:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51182, Process: winmgr.exe)
2011/12/29 18:29:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51183, Process: winmgr.exe)
2011/12/29 18:29:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51184, Process: winmgr.exe)
2011/12/29 18:29:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51185, Process: winmgr.exe)
2011/12/29 18:29:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51186, Process: winmgr.exe)
2011/12/29 18:30:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51187, Process: winmgr.exe)
2011/12/29 18:30:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51188, Process: winmgr.exe)
2011/12/29 18:30:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51189, Process: winmgr.exe)
2011/12/29 18:30:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51190, Process: winmgr.exe)
2011/12/29 18:30:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51191, Process: winmgr.exe)
2011/12/29 18:30:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51192, Process: winmgr.exe)
2011/12/29 18:30:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51193, Process: winmgr.exe)
2011/12/29 18:30:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51194, Process: winmgr.exe)
2011/12/29 18:30:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51195, Process: winmgr.exe)
2011/12/29 18:30:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51197, Process: winmgr.exe)
2011/12/29 18:30:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51198, Process: winmgr.exe)
2011/12/29 18:31:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51199, Process: winmgr.exe)
2011/12/29 18:31:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51200, Process: winmgr.exe)
2011/12/29 18:31:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51201, Process: winmgr.exe)
2011/12/29 18:31:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51202, Process: winmgr.exe)
2011/12/29 18:31:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51203, Process: winmgr.exe)
2011/12/29 18:31:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51204, Process: winmgr.exe)
2011/12/29 18:31:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51205, Process: winmgr.exe)
2011/12/29 18:31:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51206, Process: winmgr.exe)
2011/12/29 18:31:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51207, Process: winmgr.exe)
2011/12/29 18:31:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51208, Process: winmgr.exe)
2011/12/29 18:31:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51209, Process: winmgr.exe)
2011/12/29 18:31:49 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe	Trojan.MSIL	QUARANTINE
2011/12/29 18:31:49 +0100	WENDELIN-OFFICE	Wendelin	ERROR	Quarantine failed:  DeleteFile failed with error code 5
2011/12/29 18:31:50 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe	Trojan.Dropper.PE4	DENY
2011/12/29 18:31:51 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe	Trojan.Agent.BH	DENY
2011/12/29 18:31:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51210, Process: winmgr.exe)
2011/12/29 18:31:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51211, Process: winmgr.exe)
2011/12/29 18:31:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51212, Process: winmgr.exe)
2011/12/29 18:32:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51222, Process: winmgr.exe)
2011/12/29 18:32:07 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe	Trojan.Dropper.PE4	DENY
2011/12/29 18:32:08 +0100	WENDELIN-OFFICE	Wendelin	DETECTION	C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe	Trojan.Agent.BH	DENY
2011/12/29 18:32:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51223, Process: winmgr.exe)
2011/12/29 18:32:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51224, Process: winmgr.exe)
2011/12/29 18:32:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51226, Process: winmgr.exe)
2011/12/29 18:32:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51227, Process: winmgr.exe)
2011/12/29 18:32:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51228, Process: winmgr.exe)
2011/12/29 18:32:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51229, Process: winmgr.exe)
2011/12/29 18:32:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51230, Process: winmgr.exe)
2011/12/29 18:32:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51231, Process: winmgr.exe)
2011/12/29 18:32:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51232, Process: winmgr.exe)
2011/12/29 18:32:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51233, Process: winmgr.exe)
2011/12/29 18:32:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51234, Process: winmgr.exe)
2011/12/29 18:33:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51235, Process: winmgr.exe)
2011/12/29 18:33:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51238, Process: winmgr.exe)
2011/12/29 18:33:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51239, Process: winmgr.exe)
2011/12/29 18:33:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51240, Process: winmgr.exe)
2011/12/29 18:33:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51241, Process: winmgr.exe)
2011/12/29 18:33:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51242, Process: winmgr.exe)
2011/12/29 18:33:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51244, Process: winmgr.exe)
2011/12/29 18:33:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51245, Process: winmgr.exe)
2011/12/29 18:33:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51246, Process: winmgr.exe)
2011/12/29 18:33:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51247, Process: winmgr.exe)
2011/12/29 18:33:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51248, Process: winmgr.exe)
2011/12/29 18:33:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51249, Process: winmgr.exe)
2011/12/29 18:33:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51250, Process: winmgr.exe)
2011/12/29 18:34:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51251, Process: winmgr.exe)
2011/12/29 18:34:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51252, Process: winmgr.exe)
2011/12/29 18:34:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51253, Process: winmgr.exe)
2011/12/29 18:34:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51254, Process: winmgr.exe)
2011/12/29 18:34:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51255, Process: winmgr.exe)
2011/12/29 18:34:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51256, Process: winmgr.exe)
2011/12/29 18:34:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51257, Process: winmgr.exe)
2011/12/29 18:34:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51258, Process: winmgr.exe)
2011/12/29 18:34:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51259, Process: winmgr.exe)
2011/12/29 18:34:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51261, Process: winmgr.exe)
2011/12/29 18:34:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51262, Process: winmgr.exe)
2011/12/29 18:35:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51263, Process: winmgr.exe)
2011/12/29 18:35:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51264, Process: winmgr.exe)
2011/12/29 18:35:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51265, Process: winmgr.exe)
2011/12/29 18:35:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51266, Process: winmgr.exe)
2011/12/29 18:35:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51268, Process: winmgr.exe)
2011/12/29 18:35:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51269, Process: winmgr.exe)
2011/12/29 18:35:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51333, Process: winmgr.exe)
2011/12/29 18:35:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51334, Process: winmgr.exe)
2011/12/29 18:35:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51335, Process: winmgr.exe)
2011/12/29 18:35:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51336, Process: winmgr.exe)
2011/12/29 18:35:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51337, Process: winmgr.exe)
2011/12/29 18:35:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51338, Process: winmgr.exe)
2011/12/29 18:35:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51339, Process: winmgr.exe)
2011/12/29 18:35:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51340, Process: winmgr.exe)
2011/12/29 18:35:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51341, Process: winmgr.exe)
2011/12/29 18:36:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51343, Process: winmgr.exe)
2011/12/29 18:36:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51344, Process: winmgr.exe)
2011/12/29 18:36:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51345, Process: winmgr.exe)
2011/12/29 18:36:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51346, Process: winmgr.exe)
2011/12/29 18:36:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51347, Process: winmgr.exe)
2011/12/29 18:36:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51348, Process: winmgr.exe)
2011/12/29 18:36:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51449, Process: winmgr.exe)
2011/12/29 18:36:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51452, Process: winmgr.exe)
2011/12/29 18:36:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51455, Process: winmgr.exe)
2011/12/29 18:36:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51500, Process: winmgr.exe)
2011/12/29 18:36:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51501, Process: winmgr.exe)
2011/12/29 18:37:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51502, Process: winmgr.exe)
2011/12/29 18:37:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51503, Process: winmgr.exe)
2011/12/29 18:37:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51504, Process: winmgr.exe)
2011/12/29 18:37:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51524, Process: winmgr.exe)
2011/12/29 18:37:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51617, Process: winmgr.exe)
2011/12/29 18:37:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51618, Process: winmgr.exe)
2011/12/29 18:37:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51661, Process: winmgr.exe)
2011/12/29 18:37:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51666, Process: winmgr.exe)
2011/12/29 18:37:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51667, Process: winmgr.exe)
2011/12/29 18:37:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51668, Process: winmgr.exe)
2011/12/29 18:37:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51669, Process: winmgr.exe)
2011/12/29 18:38:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51674, Process: winmgr.exe)
2011/12/29 18:38:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51677, Process: winmgr.exe)
2011/12/29 18:41:42 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting protection
2011/12/29 18:41:46 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Protection started successfully
2011/12/29 18:41:49 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting IP protection
2011/12/29 18:41:50 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection started successfully
2011/12/29 18:43:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49168, Process: winmgr.exe)
2011/12/29 18:43:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49359, Process: winmgr.exe)
2011/12/29 18:43:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49372, Process: winmgr.exe)
2011/12/29 18:43:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	77.79.4.98 (Type: outgoing, Port: 49376, Process: 549b8.exe)
2011/12/29 18:43:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49383, Process: winmgr.exe)
2011/12/29 18:43:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49543, Process: winmgr.exe)
2011/12/29 18:43:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49544, Process: winmgr.exe)
2011/12/29 18:43:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49545, Process: winmgr.exe)
2011/12/29 18:43:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49546, Process: winmgr.exe)
2011/12/29 18:44:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49554, Process: winmgr.exe)
2011/12/29 18:44:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49555, Process: winmgr.exe)
2011/12/29 18:44:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49574, Process: winmgr.exe)
2011/12/29 18:44:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49575, Process: winmgr.exe)
2011/12/29 18:44:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49576, Process: winmgr.exe)
2011/12/29 18:44:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49595, Process: winmgr.exe)
2011/12/29 18:44:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49596, Process: winmgr.exe)
2011/12/29 18:44:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49605, Process: winmgr.exe)
2011/12/29 18:44:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49608, Process: winmgr.exe)
2011/12/29 18:44:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49609, Process: winmgr.exe)
2011/12/29 18:45:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49610, Process: winmgr.exe)
2011/12/29 18:45:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49611, Process: winmgr.exe)
2011/12/29 18:45:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49612, Process: winmgr.exe)
2011/12/29 18:45:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49613, Process: winmgr.exe)
2011/12/29 18:45:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49614, Process: winmgr.exe)
2011/12/29 18:45:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49615, Process: winmgr.exe)
2011/12/29 18:45:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49616, Process: winmgr.exe)
2011/12/29 18:45:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49617, Process: winmgr.exe)
2011/12/29 18:45:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49618, Process: winmgr.exe)
2011/12/29 18:45:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49619, Process: winmgr.exe)
2011/12/29 18:45:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49620, Process: winmgr.exe)
2011/12/29 18:45:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49621, Process: winmgr.exe)
2011/12/29 18:46:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49622, Process: winmgr.exe)
2011/12/29 18:46:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49623, Process: winmgr.exe)
2011/12/29 18:46:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49624, Process: winmgr.exe)
2011/12/29 18:46:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49626, Process: winmgr.exe)
2011/12/29 18:46:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49627, Process: winmgr.exe)
2011/12/29 18:46:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49628, Process: winmgr.exe)
2011/12/29 18:46:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49629, Process: winmgr.exe)
2011/12/29 18:46:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49630, Process: winmgr.exe)
2011/12/29 18:46:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49631, Process: winmgr.exe)
2011/12/29 18:46:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49632, Process: winmgr.exe)
2011/12/29 18:46:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49633, Process: winmgr.exe)
2011/12/29 18:46:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49634, Process: winmgr.exe)
2011/12/29 18:46:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49635, Process: winmgr.exe)
2011/12/29 18:47:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49636, Process: winmgr.exe)
2011/12/29 18:47:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49637, Process: winmgr.exe)
2011/12/29 18:47:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49638, Process: winmgr.exe)
2011/12/29 18:47:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49639, Process: winmgr.exe)
2011/12/29 18:47:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49640, Process: winmgr.exe)
2011/12/29 18:47:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49641, Process: winmgr.exe)
2011/12/29 18:47:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49642, Process: winmgr.exe)
2011/12/29 18:47:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49644, Process: winmgr.exe)
2011/12/29 18:47:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49645, Process: winmgr.exe)
2011/12/29 18:47:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49646, Process: winmgr.exe)
2011/12/29 18:47:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49647, Process: winmgr.exe)
2011/12/29 18:47:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49648, Process: winmgr.exe)
2011/12/29 18:48:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49649, Process: winmgr.exe)
2011/12/29 18:48:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49650, Process: winmgr.exe)
2011/12/29 18:48:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49651, Process: winmgr.exe)
2011/12/29 18:48:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49652, Process: winmgr.exe)
2011/12/29 18:48:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49653, Process: winmgr.exe)
2011/12/29 18:48:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49654, Process: winmgr.exe)
2011/12/29 18:48:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49655, Process: winmgr.exe)
2011/12/29 18:48:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49656, Process: winmgr.exe)
2011/12/29 18:48:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49657, Process: winmgr.exe)
2011/12/29 18:48:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49658, Process: winmgr.exe)
2011/12/29 18:48:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49659, Process: winmgr.exe)
2011/12/29 18:48:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49660, Process: winmgr.exe)
2011/12/29 18:49:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49661, Process: winmgr.exe)
2011/12/29 18:49:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49662, Process: winmgr.exe)
2011/12/29 18:49:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49663, Process: winmgr.exe)
2011/12/29 18:49:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49668, Process: winmgr.exe)
2011/12/29 18:49:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49669, Process: winmgr.exe)
2011/12/29 18:49:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49670, Process: winmgr.exe)
2011/12/29 22:05:26 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting protection
2011/12/29 22:05:28 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Protection started successfully
2011/12/29 22:05:31 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting IP protection
2011/12/29 22:05:32 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection started successfully
2011/12/29 22:06:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49170, Process: winmgr.exe)
2011/12/29 22:06:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49287, Process: winmgr.exe)
2011/12/29 22:07:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49291, Process: winmgr.exe)
2011/12/29 22:07:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49292, Process: winmgr.exe)
2011/12/29 22:07:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49301, Process: winmgr.exe)
2011/12/29 22:07:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49304, Process: winmgr.exe)
2011/12/29 22:07:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49305, Process: winmgr.exe)
2011/12/29 22:07:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49307, Process: winmgr.exe)
2011/12/29 22:07:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49308, Process: winmgr.exe)
2011/12/29 22:07:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49311, Process: winmgr.exe)
2011/12/29 22:07:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49464, Process: winmgr.exe)
2011/12/29 22:07:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49465, Process: winmgr.exe)
2011/12/29 22:07:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49468, Process: winmgr.exe)
2011/12/29 22:08:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49537, Process: winmgr.exe)
2011/12/29 22:08:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49538, Process: winmgr.exe)
2011/12/29 22:08:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49539, Process: winmgr.exe)
2011/12/29 22:08:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49540, Process: winmgr.exe)
2011/12/29 22:08:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49559, Process: winmgr.exe)
2011/12/29 22:08:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49562, Process: winmgr.exe)
2011/12/29 22:08:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49575, Process: winmgr.exe)
2011/12/29 22:08:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49584, Process: winmgr.exe)
2011/12/29 22:08:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49613, Process: winmgr.exe)
2011/12/29 22:08:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49721, Process: winmgr.exe)
2011/12/29 22:08:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49728, Process: winmgr.exe)
2011/12/29 22:08:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49751, Process: winmgr.exe)
2011/12/29 22:09:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49817, Process: winmgr.exe)
2011/12/29 22:09:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49820, Process: winmgr.exe)
2011/12/29 22:09:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49841, Process: winmgr.exe)
2011/12/29 22:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49874, Process: winmgr.exe)
2011/12/29 22:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49877, Process: winmgr.exe)
2011/12/29 22:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49878, Process: winmgr.exe)
2011/12/29 22:09:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49879, Process: winmgr.exe)
2011/12/29 22:09:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49880, Process: winmgr.exe)
2011/12/29 22:09:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49885, Process: winmgr.exe)
2011/12/29 22:09:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49912, Process: winmgr.exe)
2011/12/29 22:09:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49920, Process: winmgr.exe)
2011/12/29 22:09:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49921, Process: winmgr.exe)
2011/12/29 22:09:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49924, Process: winmgr.exe)
2011/12/29 22:10:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49927, Process: winmgr.exe)
2011/12/29 22:10:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49932, Process: winmgr.exe)
2011/12/29 22:10:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49933, Process: winmgr.exe)
2011/12/29 22:10:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49971, Process: winmgr.exe)
2011/12/29 22:10:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50281, Process: winmgr.exe)
2011/12/29 22:10:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50282, Process: winmgr.exe)
2011/12/29 22:10:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50283, Process: winmgr.exe)
2011/12/29 22:10:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50284, Process: winmgr.exe)
2011/12/29 22:10:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50287, Process: winmgr.exe)
2011/12/29 22:10:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50290, Process: winmgr.exe)
2011/12/29 22:10:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50317, Process: winmgr.exe)
2011/12/29 22:10:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50352, Process: winmgr.exe)
2011/12/29 22:11:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50359, Process: winmgr.exe)
2011/12/29 22:11:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50362, Process: winmgr.exe)
2011/12/29 22:11:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50363, Process: winmgr.exe)
2011/12/29 22:11:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50368, Process: winmgr.exe)
2011/12/29 22:11:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50371, Process: winmgr.exe)
2011/12/29 22:11:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50374, Process: winmgr.exe)
2011/12/29 22:11:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50375, Process: winmgr.exe)
2011/12/29 22:11:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50376, Process: winmgr.exe)
2011/12/29 22:11:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50377, Process: winmgr.exe)
2011/12/29 22:11:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50378, Process: winmgr.exe)
2011/12/29 22:11:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50395, Process: winmgr.exe)
2011/12/29 22:11:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50396, Process: winmgr.exe)
2011/12/29 22:11:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50397, Process: winmgr.exe)
2011/12/29 22:12:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50405, Process: winmgr.exe)
2011/12/29 22:12:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50410, Process: winmgr.exe)
2011/12/29 22:12:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50413, Process: winmgr.exe)
2011/12/29 22:12:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50418, Process: winmgr.exe)
2011/12/29 22:12:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50419, Process: winmgr.exe)
2011/12/29 22:12:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50420, Process: winmgr.exe)
2011/12/29 22:12:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50423, Process: winmgr.exe)
2011/12/29 22:12:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50428, Process: winmgr.exe)
2011/12/29 22:12:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50441, Process: winmgr.exe)
2011/12/29 22:12:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50454, Process: winmgr.exe)
2011/12/29 22:12:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50477, Process: winmgr.exe)
2011/12/29 22:12:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50482, Process: winmgr.exe)
2011/12/29 22:13:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50485, Process: winmgr.exe)
2011/12/29 22:13:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50486, Process: winmgr.exe)
2011/12/29 22:13:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50487, Process: winmgr.exe)
2011/12/29 22:13:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50490, Process: winmgr.exe)
2011/12/29 22:13:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50491, Process: winmgr.exe)
2011/12/29 22:13:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50492, Process: winmgr.exe)
2011/12/29 22:13:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50496, Process: winmgr.exe)
2011/12/29 22:13:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50498, Process: winmgr.exe)
2011/12/29 22:13:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50501, Process: winmgr.exe)
2011/12/29 22:13:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50504, Process: winmgr.exe)
2011/12/29 22:13:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50505, Process: winmgr.exe)
2011/12/29 22:13:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50508, Process: winmgr.exe)
2011/12/29 22:13:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50511, Process: winmgr.exe)
2011/12/29 22:14:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50514, Process: winmgr.exe)
2011/12/29 22:14:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50519, Process: winmgr.exe)
2011/12/29 22:14:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50542, Process: winmgr.exe)
2011/12/29 22:14:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50547, Process: winmgr.exe)
2011/12/29 22:14:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50560, Process: winmgr.exe)
2011/12/29 22:14:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50590, Process: winmgr.exe)
2011/12/29 22:14:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50593, Process: winmgr.exe)
2011/12/29 22:14:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50602, Process: winmgr.exe)
2011/12/29 22:14:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50627, Process: winmgr.exe)
2011/12/29 22:14:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50632, Process: winmgr.exe)
2011/12/29 22:14:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50643, Process: winmgr.exe)
2011/12/29 22:14:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50662, Process: winmgr.exe)
2011/12/29 22:15:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50671, Process: winmgr.exe)
2011/12/29 22:15:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50682, Process: winmgr.exe)
2011/12/29 22:15:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50707, Process: winmgr.exe)
2011/12/29 22:15:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50716, Process: winmgr.exe)
2011/12/29 22:15:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50731, Process: winmgr.exe)
2011/12/29 22:15:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50742, Process: winmgr.exe)
2011/12/29 22:15:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50755, Process: winmgr.exe)
2011/12/29 22:15:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50758, Process: winmgr.exe)
2011/12/29 22:15:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50769, Process: winmgr.exe)
2011/12/29 22:15:43 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50780, Process: winmgr.exe)
2011/12/29 22:15:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50832, Process: winmgr.exe)
2011/12/29 22:15:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50837, Process: winmgr.exe)
2011/12/29 22:15:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50838, Process: winmgr.exe)
2011/12/29 22:16:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50841, Process: winmgr.exe)
2011/12/29 22:16:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50842, Process: winmgr.exe)
2011/12/29 22:16:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50845, Process: winmgr.exe)
2011/12/29 22:16:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50868, Process: winmgr.exe)
2011/12/29 22:16:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50881, Process: winmgr.exe)
2011/12/29 22:16:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50882, Process: winmgr.exe)
2011/12/29 22:16:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50899, Process: winmgr.exe)
2011/12/29 22:16:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50905, Process: winmgr.exe)
2011/12/29 22:16:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50910, Process: winmgr.exe)
2011/12/29 22:16:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50937, Process: winmgr.exe)
2011/12/29 22:16:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50942, Process: winmgr.exe)
2011/12/29 22:16:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50949, Process: winmgr.exe)
2011/12/29 22:17:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50980, Process: winmgr.exe)
2011/12/29 22:17:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50991, Process: winmgr.exe)
2011/12/29 22:17:12 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50996, Process: winmgr.exe)
2011/12/29 22:17:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51027, Process: winmgr.exe)
2011/12/29 22:17:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51034, Process: winmgr.exe)
2011/12/29 22:17:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51064, Process: winmgr.exe)
2011/12/29 22:17:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51070, Process: winmgr.exe)
2011/12/29 22:17:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51071, Process: winmgr.exe)
2011/12/29 22:17:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51075, Process: winmgr.exe)
2011/12/29 22:17:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51101, Process: winmgr.exe)
2011/12/29 22:17:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51106, Process: winmgr.exe)
2011/12/29 22:18:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51109, Process: winmgr.exe)
2011/12/29 22:18:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51126, Process: winmgr.exe)
2011/12/29 22:18:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51135, Process: winmgr.exe)
2011/12/29 22:18:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51138, Process: winmgr.exe)
2011/12/29 22:18:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51159, Process: winmgr.exe)
2011/12/29 22:18:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51178, Process: winmgr.exe)
2011/12/29 22:18:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51181, Process: winmgr.exe)
2011/12/29 22:18:32 +0100	WENDELIN-OFFICE	(null)	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51188, Process: winmgr.exe)
2011/12/29 22:22:40 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting protection
2011/12/29 22:22:43 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Protection started successfully
2011/12/29 22:22:46 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting IP protection
2011/12/29 22:22:47 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection started successfully
2011/12/29 22:24:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49175, Process: winmgr.exe)
2011/12/29 22:24:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49503, Process: winmgr.exe)
2011/12/29 22:24:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49506, Process: winmgr.exe)
2011/12/29 22:24:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49511, Process: winmgr.exe)
2011/12/29 22:24:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49542, Process: winmgr.exe)
2011/12/29 22:24:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49547, Process: winmgr.exe)
2011/12/29 22:24:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49550, Process: winmgr.exe)
2011/12/29 22:24:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49569, Process: winmgr.exe)
2011/12/29 22:25:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49572, Process: winmgr.exe)
2011/12/29 22:25:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49577, Process: winmgr.exe)
2011/12/29 22:25:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49590, Process: winmgr.exe)
2011/12/29 22:25:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49593, Process: winmgr.exe)
2011/12/29 22:25:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49594, Process: winmgr.exe)
2011/12/29 22:25:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49615, Process: winmgr.exe)
2011/12/29 22:25:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49626, Process: winmgr.exe)
2011/12/29 22:25:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49633, Process: winmgr.exe)
2011/12/29 22:25:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49649, Process: winmgr.exe)
2011/12/29 22:25:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49658, Process: winmgr.exe)
2011/12/29 22:25:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49665, Process: winmgr.exe)
2011/12/29 22:25:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49674, Process: winmgr.exe)
2011/12/29 22:25:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49687, Process: winmgr.exe)
2011/12/29 22:25:58 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49690, Process: winmgr.exe)
2011/12/29 22:26:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49716, Process: winmgr.exe)
2011/12/29 22:26:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49729, Process: winmgr.exe)
2011/12/29 22:26:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49730, Process: winmgr.exe)
2011/12/29 22:26:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49745, Process: winmgr.exe)
2011/12/29 22:26:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49748, Process: winmgr.exe)
2011/12/29 22:26:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49753, Process: winmgr.exe)
2011/12/29 22:26:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49776, Process: winmgr.exe)
2011/12/29 22:26:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49783, Process: winmgr.exe)
2011/12/29 22:26:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49798, Process: winmgr.exe)
2011/12/29 22:26:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49807, Process: winmgr.exe)
2011/12/29 22:26:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49822, Process: winmgr.exe)
2011/12/29 22:26:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49829, Process: winmgr.exe)
2011/12/29 22:27:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49846, Process: winmgr.exe)
2011/12/29 22:27:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49847, Process: winmgr.exe)
2011/12/29 22:27:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49866, Process: winmgr.exe)
2011/12/29 22:27:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49885, Process: winmgr.exe)
2011/12/29 22:27:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49898, Process: winmgr.exe)
2011/12/29 22:27:27 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49907, Process: winmgr.exe)
2011/12/29 22:27:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49931, Process: winmgr.exe)
2011/12/29 22:27:35 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49936, Process: winmgr.exe)
2011/12/29 22:27:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49949, Process: winmgr.exe)
2011/12/29 22:27:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49956, Process: winmgr.exe)
2011/12/29 22:27:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49967, Process: winmgr.exe)
2011/12/29 22:28:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49974, Process: winmgr.exe)
2011/12/29 22:28:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49983, Process: winmgr.exe)
2011/12/29 22:28:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49998, Process: winmgr.exe)
2011/12/29 22:28:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49999, Process: winmgr.exe)
2011/12/29 22:28:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50006, Process: winmgr.exe)
2011/12/29 22:28:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50019, Process: winmgr.exe)
2011/12/29 22:28:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50022, Process: winmgr.exe)
2011/12/29 22:28:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50027, Process: winmgr.exe)
2011/12/29 22:28:40 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50047, Process: winmgr.exe)
2011/12/29 22:28:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50064, Process: winmgr.exe)
2011/12/29 22:28:48 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50065, Process: winmgr.exe)
2011/12/29 22:28:56 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50070, Process: winmgr.exe)
2011/12/29 22:29:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50127, Process: winmgr.exe)
2011/12/29 22:29:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50134, Process: winmgr.exe)
2011/12/29 22:29:04 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50161, Process: winmgr.exe)
2011/12/29 22:29:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50170, Process: winmgr.exe)
2011/12/29 22:29:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50221, Process: winmgr.exe)
2011/12/29 22:29:20 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50252, Process: winmgr.exe)
2011/12/29 22:29:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50315, Process: winmgr.exe)
2011/12/29 22:29:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50316, Process: winmgr.exe)
2011/12/29 22:29:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50317, Process: winmgr.exe)
2011/12/29 22:29:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50318, Process: winmgr.exe)
2011/12/29 22:29:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50319, Process: winmgr.exe)
2011/12/29 22:29:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50320, Process: winmgr.exe)
2011/12/29 22:30:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50409, Process: winmgr.exe)
2011/12/29 22:30:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50410, Process: winmgr.exe)
2011/12/29 22:30:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50411, Process: winmgr.exe)
2011/12/29 22:30:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50412, Process: winmgr.exe)
2011/12/29 22:30:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50413, Process: winmgr.exe)
2011/12/29 22:30:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50414, Process: winmgr.exe)
2011/12/29 22:30:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50487, Process: winmgr.exe)
2011/12/29 22:30:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50496, Process: winmgr.exe)
2011/12/29 22:30:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50499, Process: winmgr.exe)
2011/12/29 22:30:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50532, Process: winmgr.exe)
2011/12/29 22:30:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50536, Process: winmgr.exe)
2011/12/29 22:30:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50537, Process: winmgr.exe)
2011/12/29 22:30:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50552, Process: winmgr.exe)
2011/12/29 22:30:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50557, Process: winmgr.exe)
2011/12/29 22:31:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50558, Process: winmgr.exe)
2011/12/29 22:31:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50567, Process: winmgr.exe)
2011/12/29 22:31:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50568, Process: winmgr.exe)
2011/12/29 22:31:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50569, Process: winmgr.exe)
2011/12/29 22:31:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50575, Process: winmgr.exe)
2011/12/29 22:31:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50576, Process: winmgr.exe)
2011/12/29 22:31:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50577, Process: winmgr.exe)
2011/12/29 22:31:37 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50584, Process: winmgr.exe)
2011/12/29 22:31:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50585, Process: winmgr.exe)
2011/12/29 22:31:45 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50586, Process: winmgr.exe)
2011/12/29 22:31:53 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50599, Process: winmgr.exe)
2011/12/29 22:32:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50602, Process: winmgr.exe)
2011/12/29 22:32:01 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50605, Process: winmgr.exe)
2011/12/29 22:32:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50614, Process: winmgr.exe)
2011/12/29 22:32:09 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50625, Process: winmgr.exe)
2011/12/29 22:32:17 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50630, Process: winmgr.exe)
2011/12/29 22:32:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50649, Process: winmgr.exe)
2011/12/29 22:32:25 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50652, Process: winmgr.exe)
2011/12/29 22:32:33 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50657, Process: winmgr.exe)
2011/12/29 22:32:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50675, Process: winmgr.exe)
2011/12/29 22:32:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50680, Process: winmgr.exe)
2011/12/29 22:32:41 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50681, Process: winmgr.exe)
2011/12/29 22:32:49 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50702, Process: winmgr.exe)
2011/12/29 22:32:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50705, Process: winmgr.exe)
2011/12/29 22:32:57 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50708, Process: winmgr.exe)
2011/12/29 22:33:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50717, Process: winmgr.exe)
2011/12/29 22:33:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50721, Process: winmgr.exe)
2011/12/29 22:33:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50737, Process: winmgr.exe)
2011/12/29 22:33:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50744, Process: winmgr.exe)
2011/12/29 22:33:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50753, Process: winmgr.exe)
2011/12/29 22:33:30 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50756, Process: winmgr.exe)
2011/12/29 22:33:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50765, Process: winmgr.exe)
2011/12/29 22:33:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50766, Process: winmgr.exe)
2011/12/29 22:33:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50769, Process: winmgr.exe)
2011/12/29 22:33:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50776, Process: winmgr.exe)
2011/12/29 22:33:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50791, Process: winmgr.exe)
2011/12/29 22:33:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50809, Process: winmgr.exe)
2011/12/29 22:34:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50815, Process: winmgr.exe)
2011/12/29 22:34:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50816, Process: winmgr.exe)
2011/12/29 22:34:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50825, Process: winmgr.exe)
2011/12/29 22:34:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50873, Process: winmgr.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50884, Process: winmgr.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50887, Process: winmgr.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50890, Process: 549b8.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50893, Process: 549b8.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50895, Process: 549b8.exe)
2011/12/29 22:34:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50897, Process: 549b8.exe)
2011/12/29 22:34:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50899, Process: 549b8.exe)
2011/12/29 22:34:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50900, Process: winmgr.exe)
2011/12/29 22:34:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50903, Process: winmgr.exe)
2011/12/29 22:34:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50904, Process: winmgr.exe)
2011/12/29 22:34:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50907, Process: winmgr.exe)
2011/12/29 22:34:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 50909, Process: 549b8.exe)
2011/12/29 22:34:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50914, Process: winmgr.exe)
2011/12/29 22:34:50 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 50939, Process: winmgr.exe)
2011/12/29 22:35:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51183, Process: winmgr.exe)
2011/12/29 22:35:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51186, Process: winmgr.exe)
2011/12/29 22:35:06 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51187, Process: winmgr.exe)
2011/12/29 22:35:14 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 51191, Process: winmgr.exe)
2011/12/29 22:35:22 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	78.140.161.61 (Type: outgoing, Port: 51205, Process: 549b8.exe)
         
und
Code:
ATTFilter
 
2011/12/30 10:04:27 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting protection
2011/12/30 10:04:30 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Protection started successfully
2011/12/30 10:04:33 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting IP protection
2011/12/30 10:04:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection started successfully
2011/12/30 10:05:05 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49175, Process: winmgr.exe)
2011/12/30 10:05:13 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49281, Process: winmgr.exe)
2011/12/30 10:05:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49284, Process: winmgr.exe)
2011/12/30 10:05:21 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49287, Process: winmgr.exe)
2011/12/30 10:05:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49289, Process: winmgr.exe)
2011/12/30 10:05:29 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49290, Process: winmgr.exe)
2011/12/30 10:05:38 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49291, Process: winmgr.exe)
2011/12/30 10:05:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49292, Process: winmgr.exe)
2011/12/30 10:05:46 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49293, Process: winmgr.exe)
2011/12/30 10:05:54 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49295, Process: winmgr.exe)
2011/12/30 10:06:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49296, Process: winmgr.exe)
2011/12/30 10:06:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49299, Process: winmgr.exe)
2011/12/30 10:06:02 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49300, Process: winmgr.exe)
2011/12/30 10:06:10 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49301, Process: winmgr.exe)
2011/12/30 10:06:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49302, Process: winmgr.exe)
2011/12/30 10:06:18 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49303, Process: winmgr.exe)
2011/12/30 10:06:26 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49304, Process: winmgr.exe)
2011/12/30 10:06:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49305, Process: winmgr.exe)
2011/12/30 10:06:34 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49306, Process: winmgr.exe)
2011/12/30 10:06:42 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49311, Process: winmgr.exe)
2011/12/30 10:06:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49312, Process: winmgr.exe)
2011/12/30 10:06:51 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49313, Process: winmgr.exe)
2011/12/30 10:06:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49314, Process: winmgr.exe)
2011/12/30 10:06:59 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49315, Process: winmgr.exe)
2011/12/30 10:07:07 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49316, Process: winmgr.exe)
2011/12/30 10:07:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49317, Process: winmgr.exe)
2011/12/30 10:07:15 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49318, Process: winmgr.exe)
2011/12/30 10:07:23 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49319, Process: winmgr.exe)
2011/12/30 10:07:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49320, Process: winmgr.exe)
2011/12/30 10:07:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49321, Process: winmgr.exe)
2011/12/30 10:07:31 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49322, Process: winmgr.exe)
2011/12/30 10:07:39 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49339, Process: winmgr.exe)
2011/12/30 10:07:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49346, Process: winmgr.exe)
2011/12/30 10:07:47 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49347, Process: winmgr.exe)
2011/12/30 10:07:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49348, Process: winmgr.exe)
2011/12/30 10:07:55 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49353, Process: winmgr.exe)
2011/12/30 10:08:03 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49361, Process: winmgr.exe)
2011/12/30 10:08:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49372, Process: winmgr.exe)
2011/12/30 10:08:11 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49373, Process: winmgr.exe)
2011/12/30 10:08:19 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49374, Process: winmgr.exe)
2011/12/30 10:08:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49375, Process: winmgr.exe)
2011/12/30 10:08:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49376, Process: winmgr.exe)
2011/12/30 10:08:28 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49377, Process: winmgr.exe)
2011/12/30 10:08:36 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49378, Process: winmgr.exe)
2011/12/30 10:08:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49379, Process: winmgr.exe)
2011/12/30 10:08:44 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49380, Process: winmgr.exe)
2011/12/30 10:08:52 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49381, Process: winmgr.exe)
2011/12/30 10:09:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49382, Process: winmgr.exe)
2011/12/30 10:09:00 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49383, Process: winmgr.exe)
2011/12/30 10:09:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49384, Process: winmgr.exe)
2011/12/30 10:09:08 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49385, Process: winmgr.exe)
2011/12/30 10:09:16 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49386, Process: winmgr.exe)
2011/12/30 10:09:19 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Executing scheduled update:  Daily
2011/12/30 10:09:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49387, Process: winmgr.exe)
2011/12/30 10:09:24 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49398, Process: winmgr.exe)
2011/12/30 10:09:32 +0100	WENDELIN-OFFICE	Wendelin	IP-BLOCK	193.39.78.74 (Type: outgoing, Port: 49417, Process: winmgr.exe)
2011/12/30 10:09:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Scheduled update executed successfully:  database updated from version v2011.12.24.05 to version v2011.12.30.01
2011/12/30 10:09:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting database refresh
2011/12/30 10:09:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Stopping IP protection
2011/12/30 10:10:33 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection stopped
2011/12/30 10:10:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Database refreshed successfully
2011/12/30 10:10:34 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	Starting IP protection
2011/12/30 10:10:36 +0100	WENDELIN-OFFICE	Wendelin	MESSAGE	IP Protection started successfully
         
Neueste Entwicklung: Der bzw. ein Virus/Trojaner verschickt Links (vermutlich wiederum Viren/Trojaner) an alle meine Kontakte bei Facebook.


Alt 30.12.2011, 18:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Zitat:
Keine Aktion durchgeführt.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
--> Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt

Alt 30.12.2011, 20:39   #7
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Das habe ich schon gemacht. Alle aus der Quarantäne mit "alles löschen" entfernt.

Was kann ich jetzt noch tun?

Alt 30.12.2011, 20:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Ich will das Log dazu auch sehen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.12.2011, 08:59   #9
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Hallo Arne,

das Log dazu war das obere von MWB (29.12.2011 12:41:23). Aber du hast Recht, dort steht nichts davon, dass ich alles gelöscht habe. Dabei bin ich mir sicher...

naja egal, ich hab´s nochmals gemacht und nun neu gestartet- jetzt steht es auch im Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Wendelin :: WENDELIN-OFFICE [Administrator]

Schutz: Deaktiviert

31.12.2011 05:55:55
mbam-log-2011-12-31 (05-55-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 358839
Laufzeit: 1 Stunde(n), 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 5
C:\Users\Wendelin\AppData\Roaming\BC109\549B8.exe (Trojan.Downloader.BH) -> 2820 -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe (Trojan.Dropper.PE4) -> 3532 -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\E1D.exe (Trojan.Dropper.PE4) -> 3596 -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> 3676 -> Löschen bei Neustart.
C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> 3008 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E1D.exe (Trojan.Dropper.PE4) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\E1D.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent.BH) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Manager (Trojan.MSIL) -> Daten: C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|C4C.exe (Trojan.Dropper.PE4) -> Daten: C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Daten: C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\Wendelin\AppData\Roaming\BC109\549B8.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E1D.exe (Backdoor.CycBot) -> Daten: C:\Program Files (x86)\LP\274B\E1D.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Dropper.PE4) -> Bösartig: (C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Wendelin\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Löschen bei Neustart.

Infizierte Dateien: 45
C:\Users\Wendelin\AppData\Roaming\BC109\549B8.exe (Trojan.Downloader.BH) -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\0967A\lvvm.exe (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\E1D.exe (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> Löschen bei Neustart.
C:\Users\Wendelin\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> Löschen bei Neustart.
C:\Users\Wendelin\AppData\Roaming\Microsoft\B8AB\C4C.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\EA SPORTS\FIFA 2005\FIFA05 Trainer +4.exe (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MUZMLRM\f[1].exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MUZMLRM\st[1].exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP4JZSJF\fa[1].exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\b[1].exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\fa[1].exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\fa[2].exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\ra[1].exe (Trojan.Agent.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9264QKT\st[1].exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\0193779.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\0226550.exe (Trojan.Agent.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\0740747.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\0862275.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\0901116.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\1479797.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\24129.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\2986719.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\3074274.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\4666271.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\4885882.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\5469741.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\5501045.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\6157700.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\6930891.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\8274206.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\8658497.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\8916743.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\8955810.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\9048297.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\91525.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Local\Temp\msimg32.dll (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Roaming\java.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Roaming\wmplayer.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Roaming\BC109\98727.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\AppData\Roaming\Microsoft\274B\7745.tmp (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\Downloads\PIC05605305.JPG(1).scr (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wendelin\Downloads\PIC05605305.JPG.scr (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Was steht jetzt an?

(Zwischendurch schon mal vielen Dank für deine Mühe!!!)

Alt 31.12.2011, 15:45   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.01.2012, 11:08   #11
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Das ist mein neues OTL-Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.01.2012 10:46:17 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Wendelin\Desktop\Trojaner
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 60,62% Memory free
7,73 Gb Paging File | 6,13 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 216,50 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
Drive D: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WENDELIN-OFFICE | User Name: Wendelin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.28 03:08:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wendelin\Desktop\Trojaner\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.09.07 11:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.07.02 00:53:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011.04.27 09:37:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.06.28 14:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 14:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.05.27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.03 22:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2009.03.03 11:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.16 21:25:47 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8762c6ea69969fd8563f7922a16adc17\IAStorUtil.ni.dll
MOD - [2011.10.15 13:01:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 13:00:45 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.15 13:00:38 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.15 13:00:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.15 13:00:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.15 13:00:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.15 13:00:14 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.15 13:00:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.09.15 09:51:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.28 14:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.14 14:00:54 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.05.27 05:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.08.12 11:54:04 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Wendelin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.07.02 00:53:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 09:37:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.14 14:04:48 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.07.13 12:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 14:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.12 20:55:02 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.07.02 00:53:21 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 00:53:21 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 10:50:27 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 05:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011.02.18 10:50:28 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010.11.29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64081
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.2.5.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f7d0b4f1-5f54-43ba-a8e1-c80fb97baf55&apn_ptnrs=^AAA&apn_sauid=F64561BD-ACCE-4E2C-A2B3-077526E1CE68&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64081
FF - prefs.js..network.proxy.type: 4
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.25 21:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.25 10:41:28 | 000,000,000 | ---D | M]
 
[2011.01.18 08:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Extensions
[2011.12.06 22:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions
[2011.12.06 22:55:19 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.12.06 22:55:20 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.18 08:33:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.13 20:23:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com
[2011.12.16 03:11:42 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com
[2011.02.12 16:19:42 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar
[2012.01.01 10:32:59 | 000,002,404 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\askcom.xml
[2011.08.12 11:54:07 | 000,001,132 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\conduit.xml
[2011.08.12 11:54:07 | 000,001,722 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\web-search.xml
[2011.08.12 11:54:07 | 000,002,078 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3C731744-D122-404A-8A0E-3132EE50749A}.xml
[2011.08.12 11:54:07 | 000,001,871 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3F0C1425-1571-4800-AD8B-7581E1004FA0}.xml
[2011.08.12 11:54:07 | 000,002,189 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{91BD6160-477D-41D5-9122-A8F9863F0EB7}.xml
[2011.06.21 16:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.23 07:01:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.23 19:42:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\WENDELIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M148689S.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.06.25 21:18:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.01.23 19:42:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.12 11:54:07 | 000,001,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 11:54:07 | 000,001,936 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 11:54:07 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 11:54:07 | 000,007,052 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 11:54:07 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 11:54:07 | 000,001,171 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.12.22 21:52:30 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Wendelin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - Startup: C:\Users\Wendelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.07 02:02:07 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.09.07 01:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.09.07 01:56:14 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.08.27 07:16:57 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2005.09.07 01:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.28 07:03:43 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\Malwarebytes
[2011.12.28 07:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 07:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 07:03:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.28 07:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.28 03:30:16 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\Desktop\Trojaner
[2011.12.28 03:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0967A
[2011.12.28 03:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.26 22:27:12 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\FILEminimizerPictures
[2011.12.22 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\0967A
[2011.12.22 21:47:11 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\BC109
[2011.12.22 21:47:05 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\Tracing
[2011.12.08 00:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.12.05 05:18:06 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Local\Cyberlink
[2011.12.05 05:17:58 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\Documents\CyberLink
[2011.12.05 05:17:57 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\CyberLink
[2011.12.05 05:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.01 10:33:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:33:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:29:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.01 10:28:11 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.01 10:26:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.01 10:26:21 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 12:08:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.31 12:08:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.12.31 08:43:44 | 001,184,254 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.31 08:43:44 | 000,774,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.31 08:43:44 | 000,297,820 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.31 08:43:44 | 000,257,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.31 08:43:44 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.29 15:02:59 | 000,006,656 | ---- | M] () -- C:\Users\Wendelin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.29 13:54:54 | 000,005,854 | ---- | M] () -- C:\Users\Wendelin\Desktop\Flensburg_Preisergänzung.odt
[2011.12.28 02:56:40 | 000,000,162 | -H-- | M] () -- C:\Users\Wendelin\Desktop\~$rusbericht.odt
[2011.12.23 10:21:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.23 08:50:41 | 000,041,061 | ---- | M] () -- C:\Users\Wendelin\Desktop\8.-11.12.11_Schmidt Nico.pdf
[2011.12.23 06:55:47 | 000,009,051 | ---- | M] () -- C:\Users\Wendelin\Desktop\Konto.odt
[2011.12.23 06:55:31 | 000,004,140 | ---- | M] () -- C:\Users\Wendelin\Desktop\Berlin.ods
[2011.12.23 05:46:08 | 000,006,184 | ---- | M] () -- C:\Users\Wendelin\Desktop\Manfred Kaiser.odt
[2011.12.22 21:52:30 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.22 17:26:41 | 000,739,598 | ---- | M] () -- C:\Users\Wendelin\Desktop\Rechnung_Lochmuehle.pdf
[2011.12.16 15:57:11 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.12.15 16:25:18 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.15 03:01:01 | 000,408,031 | ---- | M] () -- C:\Users\Wendelin\Desktop\Fiorentina.odt
[2011.12.15 03:00:59 | 000,000,131 | -H-- | M] () -- C:\Users\Wendelin\Desktop\.~lock.Fiorentina.odt#
[2011.12.14 19:13:48 | 000,009,573 | ---- | M] () -- C:\Users\Wendelin\Desktop\Titel.odt
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.08 01:48:26 | 000,003,414 | ---- | M] () -- C:\Users\Wendelin\Desktop\Logo_Web_180pxl.jpg
[2011.12.07 18:26:33 | 000,006,729 | ---- | M] () -- C:\Users\Wendelin\Desktop\Wiedemeyer.odt
[2011.12.06 13:26:44 | 011,192,638 | ---- | M] () -- C:\Users\Wendelin\Desktop\VID 00003-20111205-2207.3gp
[2011.12.06 13:24:09 | 005,980,943 | ---- | M] () -- C:\Users\Wendelin\Desktop\VID 00002-20111205-2013.3gp
[2011.12.06 13:21:16 | 005,828,594 | ---- | M] () -- C:\Users\Wendelin\Desktop\VID 00001-20111203-1932.3gp
[2011.12.05 22:46:32 | 000,010,706 | ---- | M] () -- C:\Users\Wendelin\Desktop\themen.odt
[2011.12.05 22:39:13 | 000,010,706 | ---- | M] () -- C:\Users\Wendelin\Desktop\Waldwoche.odt
 
========== Files Created - No Company Name ==========
 
[2011.12.31 14:07:58 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.12.29 13:54:06 | 000,005,854 | ---- | C] () -- C:\Users\Wendelin\Desktop\Flensburg_Preisergänzung.odt
[2011.12.28 02:56:40 | 000,000,162 | -H-- | C] () -- C:\Users\Wendelin\Desktop\~$rusbericht.odt
[2011.12.23 10:21:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.23 08:50:41 | 000,041,061 | ---- | C] () -- C:\Users\Wendelin\Desktop\8.-11.12.11_Schmidt Nico.pdf
[2011.12.23 06:55:29 | 000,004,140 | ---- | C] () -- C:\Users\Wendelin\Desktop\Berlin.ods
[2011.12.23 05:46:04 | 000,006,184 | ---- | C] () -- C:\Users\Wendelin\Desktop\Manfred Kaiser.odt
[2011.12.22 22:04:23 | 000,009,051 | ---- | C] () -- C:\Users\Wendelin\Desktop\Konto.odt
[2011.12.22 17:26:41 | 000,739,598 | ---- | C] () -- C:\Users\Wendelin\Desktop\Rechnung_Lochmuehle.pdf
[2011.12.15 03:00:59 | 000,000,131 | -H-- | C] () -- C:\Users\Wendelin\Desktop\.~lock.Fiorentina.odt#
[2011.12.15 03:00:57 | 000,408,031 | ---- | C] () -- C:\Users\Wendelin\Desktop\Fiorentina.odt
[2011.12.14 19:13:17 | 000,009,573 | ---- | C] () -- C:\Users\Wendelin\Desktop\Titel.odt
[2011.12.08 01:48:26 | 000,003,414 | ---- | C] () -- C:\Users\Wendelin\Desktop\Logo_Web_180pxl.jpg
[2011.12.07 18:26:31 | 000,006,729 | ---- | C] () -- C:\Users\Wendelin\Desktop\Wiedemeyer.odt
[2011.12.06 13:00:07 | 005,980,943 | ---- | C] () -- C:\Users\Wendelin\Desktop\VID 00002-20111205-2013.3gp
[2011.12.06 12:57:36 | 011,192,638 | ---- | C] () -- C:\Users\Wendelin\Desktop\VID 00003-20111205-2207.3gp
[2011.12.06 12:57:10 | 005,828,594 | ---- | C] () -- C:\Users\Wendelin\Desktop\VID 00001-20111203-1932.3gp
[2011.12.05 22:46:30 | 000,010,706 | ---- | C] () -- C:\Users\Wendelin\Desktop\themen.odt
[2011.12.05 22:39:11 | 000,010,706 | ---- | C] () -- C:\Users\Wendelin\Desktop\Waldwoche.odt
[2011.10.23 22:20:50 | 000,006,656 | ---- | C] () -- C:\Users\Wendelin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.03 11:06:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.03 11:06:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.14 15:21:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.04.01 15:32:55 | 000,005,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.19 17:48:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.19 01:34:27 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2011.dat
[2011.01.18 08:28:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.15 00:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.15 00:02:18 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 13:07:42 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 12:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.07.13 12:15:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004.12.08 13:52:03 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\Bmp2Jpeg.dll
[2004.12.08 13:52:03 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
 
========== LOP Check ==========
 
[2011.12.31 06:59:35 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\0967A
[2011.12.31 06:59:35 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\BC109
[2011.07.26 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\DVDVideoSoft
[2011.06.25 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.26 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\FILEminimizerPictures
[2011.02.16 14:11:25 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\GetRightToGo
[2011.06.21 16:45:53 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\go
[2011.02.03 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\IrfanView
[2011.08.09 09:54:11 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Leadertech
[2011.08.12 11:54:04 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\OCS
[2011.01.18 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\OpenOffice.org
[2011.08.12 11:54:07 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Opera
[2011.12.31 18:02:44 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\SoftGrid Client
[2011.04.01 15:33:44 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\TP
[2011.02.16 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\TuneUp Software
[2011.07.12 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Verbindungsassistent
[2011.12.27 22:53:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.31 06:59:35 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\0967A
[2011.01.23 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Adobe
[2011.02.21 12:47:41 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Avira
[2011.12.31 06:59:35 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\BC109
[2011.12.05 05:18:00 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\CyberLink
[2011.07.26 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\DVDVideoSoft
[2011.06.25 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.26 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\FILEminimizerPictures
[2011.02.16 14:11:25 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\GetRightToGo
[2011.06.21 16:45:53 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\go
[2011.01.18 07:09:14 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Google
[2011.01.18 07:07:30 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Identities
[2011.01.18 07:08:01 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Intel Corporation
[2011.02.03 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\IrfanView
[2011.08.09 09:54:11 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Leadertech
[2011.01.18 07:07:54 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Macromedia
[2011.12.28 07:03:43 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Media Center Programs
[2011.12.24 14:53:41 | 000,000,000 | --SD | M] -- C:\Users\Wendelin\AppData\Roaming\Microsoft
[2011.01.18 08:28:40 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Mozilla
[2011.08.12 11:54:04 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\OCS
[2011.01.18 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\OpenOffice.org
[2011.08.12 11:54:07 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Opera
[2011.08.09 10:04:03 | 000,000,000 | RH-D | M] -- C:\Users\Wendelin\AppData\Roaming\SecuROM
[2011.12.31 08:38:56 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Skype
[2011.05.29 07:01:54 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\skypePM
[2011.12.31 18:02:44 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\SoftGrid Client
[2011.04.01 15:33:44 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\TP
[2011.02.16 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\TuneUp Software
[2011.07.12 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\Wendelin\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2011.03.08 15:45:11 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Wendelin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.21 19:43:29 | 003,623,592 | ---- | M] (Ask) -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2011.08.12 11:54:04 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Wendelin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.08.12 11:54:04 | 000,040,960 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         
--- --- ---
[/code]

Die Symptome scheinen seit dem letzten Scan mit MWB behoben. Inzwischen kann ich wieder problemlos und stundenlang online sein, ohne die bekannte Meldung, die mein System lahm legt.

Meine Fragen:

1. Ist dieser Trojaner nun "ausgestanden"?
2. Wie kann ich mein System gegenüber künftigen Trojanern besser sichern? Bisher habe ich die kostenlose Version von Avira und die Internet Security von Ad-Aare. Was würdest du mir empfehlen?

In jedem Fall möchte ich mich für die tolle Unterstützung von dir bedanken. Das war große Klasse und ohne diese wäre ich hilflos da gestanden. Danke!

Alt 02.01.2012, 11:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Neinm wir sind hier noch nicht durc. Um die Bereinigung nicht zu unterbrechen wäre es besser wenn du diese Fragen zum Schluss stellst.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118125l04e4z115v47k2259p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64081
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f7d0b4f1-5f54-43ba-a8e1-c80fb97baf55&apn_ptnrs=^AAA&apn_sauid=F64561BD-ACCE-4E2C-A2B3-077526E1CE68&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64081
FF - prefs.js..network.proxy.type: 4
() (No name found) -- C:\USERS\WENDELIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M148689S.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.12.06 22:55:19 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.12.06 22:55:20 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.18 08:33:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.13 20:23:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com
[2011.12.16 03:11:42 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com
[2011.02.12 16:19:42 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar
[2012.01.01 10:32:59 | 000,002,404 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\askcom.xml
[2011.08.12 11:54:07 | 000,001,132 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\conduit.xml
[2011.08.12 11:54:07 | 000,001,722 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\web-search.xml
[2011.08.12 11:54:07 | 000,002,078 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3C731744-D122-404A-8A0E-3132EE50749A}.xml
[2011.08.12 11:54:07 | 000,001,871 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3F0C1425-1571-4800-AD8B-7581E1004FA0}.xml
[2011.08.12 11:54:07 | 000,002,189 | ---- | M] () -- C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{91BD6160-477D-41D5-9122-A8F9863F0EB7}.xml
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.07 02:02:07 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.09.07 01:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.09.07 01:56:14 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.08.27 07:16:57 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2005.09.07 01:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.)
[2011.12.28 03:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0967A
[2011.12.28 03:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.22 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\0967A
[2011.12.22 21:47:11 | 000,000,000 | ---D | C] -- C:\Users\Wendelin\AppData\Roaming\BC109
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.01.2012, 10:38   #13
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Jetzt war ich einige Tag nicht da; um den Faden aber wieder aufzunehmen, hier der Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Updater.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Program Files (x86)\Freeware.de\tbFree.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\tbFree.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=f7d0b4f1-5f54-43ba-a8e1-c80fb97baf55&apn_ptnrs=^AAA&apn_sauid=F64561BD-ACCE-4E2C-A2B3-077526E1CE68&apn_dtid=^YYYYYY^YY^DE&&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 64081 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\searchplugin folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\modules folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\META-INF folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\defaults folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-16-42-14-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-06-Oct-2011-20-13-58-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Jul-2011-17-34-39-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-25-Jun-2011-23-22-36-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-21-12-05-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-14-Oct-2011-16-42-05-GMT folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\mozilla\Firefox\Profiles\m148689s.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\askcom.xml moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\conduit.xml moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\web-search.xml moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3C731744-D122-404A-8A0E-3132EE50749A}.xml moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{3F0C1425-1571-4800-AD8B-7581E1004FA0}.xml moved successfully.
C:\Users\Wendelin\AppData\Roaming\Mozilla\Firefox\Profiles\m148689s.default\searchplugins\{91BD6160-477D-41D5-9122-A8F9863F0EB7}.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\tbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\tbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
File C:\Program Files (x86)\Freeware.de\tbFree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e2f77ad-acb7-11e0-af10-5cac4c549b8a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e2f77b2-acb7-11e0-af10-5cac4c549b8a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91591091-c053-11df-a649-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91591091-c053-11df-a649-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91591091-c053-11df-a649-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
C:\Program Files (x86)\0967A folder moved successfully.
C:\Program Files (x86)\LP\B8AB folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\0967A folder moved successfully.
C:\Users\Wendelin\AppData\Roaming\BC109 folder moved successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Wendelin
->Temp folder emptied: 763381768 bytes
->Temporary Internet Files folder emptied: 37577641 bytes
->Java cache emptied: 274083601 bytes
->FireFox cache emptied: 47598941 bytes
->Google Chrome cache emptied: 6430390 bytes
->Flash cache emptied: 57005 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 655636585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 8827764 bytes
 
Total Files Cleaned = 1.711,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01062012_101413

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot.
C:\Users\Wendelin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Was sollte ich als nächstes tun?

Alt 06.01.2012, 14:42   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.01.2012, 17:13   #15
Stuttgart
 
Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Standard

Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt



Hier nun das Log von Kaspersky:

Code:
ATTFilter
   
17:01:00.0865 4516	Boot type: Normal boot
17:01:00.0865 4516	============================================================
17:01:01.0402 4516	Initialize success
17:02:30.0786 4948	============================================================
17:02:30.0786 4948	Scan started
17:02:30.0786 4948	Mode: Manual; SigCheck; TDLFS; 
17:02:30.0786 4948	============================================================
17:02:31.0019 4948	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:02:31.0190 4948	1394ohci - ok
17:02:31.0289 4948	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:02:31.0319 4948	ACPI - ok
17:02:31.0341 4948	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:02:31.0447 4948	AcpiPmi - ok
17:02:31.0563 4948	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:31.0604 4948	adp94xx - ok
17:02:31.0707 4948	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:02:31.0736 4948	adpahci - ok
17:02:31.0846 4948	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:02:31.0882 4948	adpu320 - ok
17:02:31.0941 4948	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:02:32.0019 4948	AFD - ok
17:02:32.0121 4948	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:02:32.0150 4948	agp440 - ok
17:02:32.0277 4948	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:02:32.0295 4948	aliide - ok
17:02:32.0387 4948	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:02:32.0414 4948	amdide - ok
17:02:32.0449 4948	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:02:32.0500 4948	AmdK8 - ok
17:02:32.0742 4948	amdkmdag        (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
17:02:33.0045 4948	amdkmdag - ok
17:02:33.0152 4948	amdkmdap        (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
17:02:33.0208 4948	amdkmdap - ok
17:02:33.0304 4948	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:02:33.0368 4948	AmdPPM - ok
17:02:33.0486 4948	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:02:33.0517 4948	amdsata - ok
17:02:33.0569 4948	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:33.0590 4948	amdsbs - ok
17:02:33.0673 4948	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:02:33.0691 4948	amdxata - ok
17:02:33.0839 4948	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:02:33.0937 4948	AppID - ok
17:02:34.0044 4948	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:02:34.0073 4948	arc - ok
17:02:34.0089 4948	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:02:34.0109 4948	arcsas - ok
17:02:34.0162 4948	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:34.0322 4948	AsyncMac - ok
17:02:34.0422 4948	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:02:34.0443 4948	atapi - ok
17:02:34.0518 4948	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
17:02:34.0574 4948	athr - ok
17:02:34.0688 4948	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:02:34.0765 4948	avgntflt - ok
17:02:34.0867 4948	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:02:34.0890 4948	avipbb - ok
17:02:35.0005 4948	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:02:35.0072 4948	b06bdrv - ok
17:02:35.0174 4948	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:02:35.0228 4948	b57nd60a - ok
17:02:35.0333 4948	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:02:35.0418 4948	Beep - ok
17:02:35.0528 4948	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:02:35.0564 4948	blbdrive - ok
17:02:35.0673 4948	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:02:35.0745 4948	bowser - ok
17:02:35.0840 4948	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:02:35.0910 4948	BrFiltLo - ok
17:02:35.0989 4948	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:02:36.0038 4948	BrFiltUp - ok
17:02:36.0066 4948	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:02:36.0128 4948	Brserid - ok
17:02:36.0210 4948	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:02:36.0273 4948	BrSerWdm - ok
17:02:36.0377 4948	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:02:36.0425 4948	BrUsbMdm - ok
17:02:36.0434 4948	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:02:36.0466 4948	BrUsbSer - ok
17:02:36.0566 4948	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:02:36.0624 4948	BTHMODEM - ok
17:02:36.0725 4948	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:02:36.0811 4948	cdfs - ok
17:02:36.0913 4948	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:02:36.0962 4948	cdrom - ok
17:02:37.0072 4948	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:02:37.0128 4948	circlass - ok
17:02:37.0290 4948	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:02:37.0320 4948	CLFS - ok
17:02:37.0409 4948	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:37.0452 4948	CmBatt - ok
17:02:37.0510 4948	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:02:37.0533 4948	cmdide - ok
17:02:37.0600 4948	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:02:37.0650 4948	CNG - ok
17:02:37.0720 4948	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:02:37.0743 4948	Compbatt - ok
17:02:37.0851 4948	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:02:37.0900 4948	CompositeBus - ok
17:02:38.0009 4948	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:02:38.0033 4948	crcdisk - ok
17:02:38.0183 4948	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:02:38.0239 4948	DfsC - ok
17:02:38.0327 4948	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:02:38.0382 4948	discache - ok
17:02:38.0485 4948	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:02:38.0514 4948	Disk - ok
17:02:38.0610 4948	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:02:38.0647 4948	drmkaud - ok
17:02:38.0784 4948	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:02:38.0824 4948	DXGKrnl - ok
17:02:38.0975 4948	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:02:39.0162 4948	ebdrv - ok
17:02:39.0283 4948	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:02:39.0328 4948	elxstor - ok
17:02:39.0424 4948	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:02:39.0471 4948	ErrDev - ok
17:02:39.0595 4948	ETD             (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
17:02:39.0620 4948	ETD - ok
17:02:39.0724 4948	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:02:39.0816 4948	exfat - ok
17:02:39.0845 4948	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:02:39.0898 4948	fastfat - ok
17:02:40.0000 4948	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:02:40.0034 4948	fdc - ok
17:02:40.0140 4948	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:02:40.0165 4948	FileInfo - ok
17:02:40.0178 4948	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:02:40.0248 4948	Filetrace - ok
17:02:40.0357 4948	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:40.0396 4948	flpydisk - ok
17:02:40.0425 4948	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:02:40.0460 4948	FltMgr - ok
17:02:40.0539 4948	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:02:40.0562 4948	FsDepends - ok
17:02:40.0579 4948	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:02:40.0592 4948	Fs_Rec - ok
17:02:40.0655 4948	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:02:40.0692 4948	fvevol - ok
17:02:40.0775 4948	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:02:40.0801 4948	gagp30kx - ok
17:02:40.0948 4948	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:02:41.0002 4948	hcw85cir - ok
17:02:41.0101 4948	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:02:41.0176 4948	HdAudAddService - ok
17:02:41.0271 4948	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:02:41.0305 4948	HDAudBus - ok
17:02:41.0397 4948	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:02:41.0422 4948	HECIx64 - ok
17:02:41.0460 4948	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:02:41.0498 4948	HidBatt - ok
17:02:41.0587 4948	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:02:41.0643 4948	HidBth - ok
17:02:41.0741 4948	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:02:41.0774 4948	HidIr - ok
17:02:41.0807 4948	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:02:41.0841 4948	HidUsb - ok
17:02:41.0946 4948	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:02:41.0976 4948	HpSAMD - ok
17:02:42.0013 4948	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:02:42.0093 4948	HTTP - ok
17:02:42.0191 4948	hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:02:42.0240 4948	hwdatacard - ok
17:02:42.0333 4948	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:02:42.0355 4948	hwpolicy - ok
17:02:42.0384 4948	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:02:42.0408 4948	i8042prt - ok
17:02:42.0506 4948	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
17:02:42.0537 4948	iaStor - ok
17:02:42.0682 4948	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:02:42.0718 4948	iaStorV - ok
17:02:42.0807 4948	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:02:42.0829 4948	iirsp - ok
17:02:43.0004 4948	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
17:02:43.0065 4948	IntcAzAudAddService - ok
17:02:43.0157 4948	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:02:43.0178 4948	intelide - ok
17:02:43.0202 4948	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:02:43.0230 4948	intelppm - ok
17:02:43.0341 4948	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:43.0409 4948	IpFilterDriver - ok
17:02:43.0439 4948	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:02:43.0481 4948	IPMIDRV - ok
17:02:43.0583 4948	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:02:43.0677 4948	IPNAT - ok
17:02:43.0764 4948	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:02:43.0855 4948	IRENUM - ok
17:02:43.0961 4948	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:02:43.0986 4948	isapnp - ok
17:02:44.0005 4948	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:02:44.0031 4948	iScsiPrt - ok
17:02:44.0146 4948	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:02:44.0184 4948	k57nd60a - ok
17:02:44.0238 4948	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:02:44.0256 4948	kbdclass - ok
17:02:44.0321 4948	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:02:44.0374 4948	kbdhid - ok
17:02:44.0464 4948	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:02:44.0494 4948	KSecDD - ok
17:02:44.0513 4948	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:02:44.0533 4948	KSecPkg - ok
17:02:44.0621 4948	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:02:44.0695 4948	ksthunk - ok
17:02:44.0809 4948	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:02:44.0822 4948	Lavasoft Kernexplorer - ok
17:02:44.0930 4948	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:02:44.0956 4948	Lbd - ok
17:02:45.0037 4948	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:02:45.0108 4948	lltdio - ok
17:02:45.0239 4948	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:02:45.0268 4948	LSI_FC - ok
17:02:45.0394 4948	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:02:45.0423 4948	LSI_SAS - ok
17:02:45.0442 4948	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:02:45.0457 4948	LSI_SAS2 - ok
17:02:45.0545 4948	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:02:45.0577 4948	LSI_SCSI - ok
17:02:45.0597 4948	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:02:45.0645 4948	luafv - ok
17:02:45.0763 4948	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:02:45.0779 4948	MBAMProtector - ok
17:02:45.0820 4948	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:02:45.0842 4948	megasas - ok
17:02:45.0935 4948	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:02:45.0973 4948	MegaSR - ok
17:02:46.0000 4948	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:02:46.0062 4948	Modem - ok
17:02:46.0154 4948	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:02:46.0197 4948	monitor - ok
17:02:46.0302 4948	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:02:46.0326 4948	mouclass - ok
17:02:46.0363 4948	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:02:46.0383 4948	mouhid - ok
17:02:46.0484 4948	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:02:46.0509 4948	mountmgr - ok
17:02:46.0534 4948	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:02:46.0553 4948	mpio - ok
17:02:46.0569 4948	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:02:46.0623 4948	mpsdrv - ok
17:02:46.0716 4948	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:02:46.0773 4948	MRxDAV - ok
17:02:46.0852 4948	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:46.0934 4948	mrxsmb - ok
17:02:47.0004 4948	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:47.0057 4948	mrxsmb10 - ok
17:02:47.0126 4948	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:47.0177 4948	mrxsmb20 - ok
17:02:47.0250 4948	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:02:47.0276 4948	msahci - ok
17:02:47.0330 4948	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:02:47.0360 4948	msdsm - ok
17:02:47.0425 4948	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:02:47.0486 4948	Msfs - ok
17:02:47.0530 4948	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:02:47.0583 4948	mshidkmdf - ok
17:02:47.0648 4948	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:02:47.0672 4948	msisadrv - ok
17:02:47.0783 4948	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:02:47.0847 4948	MSKSSRV - ok
17:02:47.0875 4948	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:47.0915 4948	MSPCLOCK - ok
17:02:47.0991 4948	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:02:48.0066 4948	MSPQM - ok
17:02:48.0092 4948	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:02:48.0113 4948	MsRPC - ok
17:02:48.0207 4948	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:02:48.0228 4948	mssmbios - ok
17:02:48.0259 4948	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:02:48.0331 4948	MSTEE - ok
17:02:48.0426 4948	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:02:48.0456 4948	MTConfig - ok
17:02:48.0479 4948	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:02:48.0492 4948	Mup - ok
17:02:48.0581 4948	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:02:48.0600 4948	mwlPSDFilter - ok
17:02:48.0618 4948	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:02:48.0634 4948	mwlPSDNServ - ok
17:02:48.0726 4948	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:02:48.0748 4948	mwlPSDVDisk - ok
17:02:48.0875 4948	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:02:48.0966 4948	NativeWifiP - ok
17:02:49.0087 4948	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:02:49.0131 4948	NDIS - ok
17:02:49.0224 4948	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:02:49.0294 4948	NdisCap - ok
17:02:49.0386 4948	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:49.0469 4948	NdisTapi - ok
17:02:49.0568 4948	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:49.0635 4948	Ndisuio - ok
17:02:49.0659 4948	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:49.0726 4948	NdisWan - ok
17:02:49.0822 4948	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:02:49.0897 4948	NDProxy - ok
17:02:49.0916 4948	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:02:49.0977 4948	NetBIOS - ok
17:02:50.0071 4948	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:02:50.0175 4948	NetBT - ok
17:02:50.0313 4948	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:02:50.0335 4948	nfrd960 - ok
17:02:50.0438 4948	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:02:50.0504 4948	Npfs - ok
17:02:50.0527 4948	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:02:50.0580 4948	nsiproxy - ok
17:02:50.0709 4948	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:02:50.0776 4948	Ntfs - ok
17:02:50.0885 4948	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
17:02:50.0905 4948	NTIDrvr - ok
17:02:50.0932 4948	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:02:51.0029 4948	Null - ok
17:02:51.0148 4948	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:02:51.0181 4948	nvraid - ok
17:02:51.0289 4948	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:02:51.0317 4948	nvstor - ok
17:02:51.0413 4948	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:02:51.0439 4948	nv_agp - ok
17:02:51.0458 4948	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:02:51.0488 4948	ohci1394 - ok
17:02:51.0594 4948	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:02:51.0640 4948	Parport - ok
17:02:51.0662 4948	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:02:51.0684 4948	partmgr - ok
17:02:51.0773 4948	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:02:51.0792 4948	pci - ok
17:02:51.0827 4948	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:02:51.0842 4948	pciide - ok
17:02:51.0932 4948	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:02:51.0965 4948	pcmcia - ok
17:02:51.0985 4948	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:02:51.0999 4948	pcw - ok
17:02:52.0057 4948	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:02:52.0143 4948	PEAUTH - ok
17:02:52.0279 4948	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:02:52.0354 4948	PptpMiniport - ok
17:02:52.0368 4948	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:02:52.0393 4948	Processor - ok
17:02:52.0509 4948	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:02:52.0595 4948	Psched - ok
17:02:52.0730 4948	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:02:52.0790 4948	ql2300 - ok
17:02:52.0880 4948	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:02:52.0913 4948	ql40xx - ok
17:02:52.0933 4948	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:02:52.0967 4948	QWAVEdrv - ok
17:02:53.0066 4948	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:02:53.0125 4948	RasAcd - ok
17:02:53.0171 4948	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:02:53.0238 4948	RasAgileVpn - ok
17:02:53.0389 4948	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:53.0457 4948	Rasl2tp - ok
17:02:53.0560 4948	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:53.0647 4948	RasPppoe - ok
17:02:53.0746 4948	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:02:53.0804 4948	RasSstp - ok
17:02:53.0822 4948	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:02:53.0881 4948	rdbss - ok
17:02:53.0973 4948	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:02:54.0012 4948	rdpbus - ok
17:02:54.0108 4948	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:54.0181 4948	RDPCDD - ok
17:02:54.0202 4948	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:02:54.0253 4948	RDPENCDD - ok
17:02:54.0353 4948	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:02:54.0430 4948	RDPREFMP - ok
17:02:54.0454 4948	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:02:54.0505 4948	RDPWD - ok
17:02:54.0603 4948	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:02:54.0634 4948	rdyboost - ok
17:02:54.0758 4948	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:02:54.0836 4948	rspndr - ok
17:02:54.0940 4948	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\System32\Drivers\RtsUStor.sys
17:02:54.0968 4948	RSUSBSTOR - ok
17:02:55.0086 4948	RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
17:02:55.0119 4948	RTHDMIAzAudService - ok
17:02:55.0144 4948	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:02:55.0161 4948	sbp2port - ok
17:02:55.0252 4948	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:02:55.0349 4948	scfilter - ok
17:02:55.0461 4948	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:02:55.0516 4948	secdrv - ok
17:02:55.0636 4948	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:02:55.0674 4948	Serenum - ok
17:02:55.0770 4948	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:02:55.0802 4948	Serial - ok
17:02:55.0824 4948	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:02:55.0861 4948	sermouse - ok
17:02:55.0957 4948	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:02:56.0003 4948	sffdisk - ok
17:02:56.0088 4948	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:02:56.0125 4948	sffp_mmc - ok
17:02:56.0135 4948	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:02:56.0159 4948	sffp_sd - ok
17:02:56.0255 4948	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:02:56.0294 4948	sfloppy - ok
17:02:56.0426 4948	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:02:56.0465 4948	Sftfs - ok
17:02:56.0577 4948	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:02:56.0602 4948	Sftplay - ok
17:02:56.0613 4948	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:02:56.0624 4948	Sftredir - ok
17:02:56.0714 4948	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:02:56.0733 4948	Sftvol - ok
17:02:56.0845 4948	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:02:56.0874 4948	SiSRaid2 - ok
17:02:56.0890 4948	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:02:56.0916 4948	SiSRaid4 - ok
17:02:57.0016 4948	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:02:57.0089 4948	Smb - ok
17:02:57.0195 4948	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:02:57.0217 4948	spldr - ok
17:02:57.0277 4948	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:02:57.0325 4948	srv - ok
17:02:57.0433 4948	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:02:57.0473 4948	srv2 - ok
17:02:57.0502 4948	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:02:57.0530 4948	srvnet - ok
17:02:57.0636 4948	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:02:57.0658 4948	stexstor - ok
17:02:57.0690 4948	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:02:57.0706 4948	swenum - ok
17:02:57.0855 4948	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:02:57.0935 4948	Tcpip - ok
17:02:58.0071 4948	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:02:58.0120 4948	TCPIP6 - ok
17:02:58.0210 4948	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:02:58.0293 4948	tcpipreg - ok
17:02:58.0313 4948	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:02:58.0365 4948	TDPIPE - ok
17:02:58.0461 4948	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:02:58.0538 4948	TDTCP - ok
17:02:58.0639 4948	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:02:58.0717 4948	tdx - ok
17:02:58.0737 4948	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:02:58.0751 4948	TermDD - ok
17:02:58.0849 4948	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:58.0924 4948	tssecsrv - ok
17:02:59.0021 4948	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
17:02:59.0040 4948	TuneUpUtilitiesDrv - ok
17:02:59.0135 4948	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:02:59.0201 4948	tunnel - ok
17:02:59.0214 4948	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:02:59.0228 4948	uagp35 - ok
17:02:59.0253 4948	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
17:02:59.0265 4948	UBHelper - ok
17:02:59.0354 4948	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:02:59.0439 4948	udfs - ok
17:02:59.0549 4948	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:02:59.0576 4948	uliagpkx - ok
17:02:59.0608 4948	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:02:59.0640 4948	umbus - ok
17:02:59.0732 4948	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:02:59.0772 4948	UmPass - ok
17:02:59.0818 4948	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:59.0887 4948	usbccgp - ok
17:02:59.0999 4948	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:03:00.0053 4948	usbcir - ok
17:03:00.0096 4948	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
17:03:00.0116 4948	usbehci - ok
17:03:00.0229 4948	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:03:00.0263 4948	usbhub - ok
17:03:00.0285 4948	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:03:00.0327 4948	usbohci - ok
17:03:00.0431 4948	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:03:00.0508 4948	usbprint - ok
17:03:00.0633 4948	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:03:00.0689 4948	USBSTOR - ok
17:03:00.0794 4948	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:03:00.0840 4948	usbuhci - ok
17:03:00.0950 4948	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:03:01.0012 4948	usbvideo - ok
17:03:01.0143 4948	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:03:01.0170 4948	vdrvroot - ok
17:03:01.0278 4948	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:03:01.0315 4948	vga - ok
17:03:01.0336 4948	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:03:01.0386 4948	VgaSave - ok
17:03:01.0529 4948	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:03:01.0570 4948	vhdmp - ok
17:03:01.0674 4948	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:03:01.0700 4948	viaide - ok
17:03:01.0796 4948	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:03:01.0823 4948	volmgr - ok
17:03:01.0845 4948	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:03:01.0875 4948	volmgrx - ok
17:03:01.0960 4948	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:03:01.0998 4948	volsnap - ok
17:03:02.0024 4948	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:03:02.0043 4948	vsmraid - ok
17:03:02.0137 4948	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:03:02.0180 4948	vwifibus - ok
17:03:02.0283 4948	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:03:02.0336 4948	vwififlt - ok
17:03:02.0434 4948	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:03:02.0484 4948	vwifimp - ok
17:03:02.0589 4948	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:03:02.0632 4948	WacomPen - ok
17:03:02.0728 4948	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:03:02.0823 4948	WANARP - ok
17:03:02.0843 4948	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:03:02.0882 4948	Wanarpv6 - ok
17:03:02.0986 4948	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:03:03.0006 4948	Wd - ok
17:03:03.0038 4948	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:03:03.0062 4948	Wdf01000 - ok
17:03:03.0172 4948	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:03:03.0232 4948	WfpLwf - ok
17:03:03.0253 4948	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:03:03.0266 4948	WIMMount - ok
17:03:03.0409 4948	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:03:03.0453 4948	WinUsb - ok
17:03:03.0525 4948	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:03:03.0570 4948	WmiAcpi - ok
17:03:03.0671 4948	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:03:03.0730 4948	ws2ifsl - ok
17:03:03.0860 4948	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:03:03.0940 4948	WudfPf - ok
17:03:04.0050 4948	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:03:04.0139 4948	WUDFRd - ok
17:03:04.0182 4948	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:03:04.0342 4948	\Device\Harddisk0\DR0 - ok
17:03:04.0346 4948	Boot (0x1200)   (5c4e81e65cbde4cdc754d5345cd87e15) \Device\Harddisk0\DR0\Partition0
17:03:04.0348 4948	\Device\Harddisk0\DR0\Partition0 - ok
17:03:04.0382 4948	Boot (0x1200)   (86d9a4f3b1a5a83644e618965d504110) \Device\Harddisk0\DR0\Partition1
17:03:04.0384 4948	\Device\Harddisk0\DR0\Partition1 - ok
17:03:04.0384 4948	============================================================
17:03:04.0384 4948	Scan finished
17:03:04.0384 4948	============================================================
17:03:04.0403 4260	Detected object count: 0
17:03:04.0403 4260	Actual detected object count: 0
         
Der Ordner "Dokumente" lässt sich problemlos öffnen.

Was ist als nächstes dran?

Antwort

Themen zu Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt
5 minuten, 50€ zahlen, 50€zahlen, abgesicherten, anhänge, beste, blockiert, erstellt, funktioniert, guten, hilfe!, intel, interne, internet, laptop, logfile, logfiles, minuten, modus, morgen, neuinstallation, offline, problem, sicherheitswarnung, trojaner, windows, zahlen



Ähnliche Themen: Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt


  1. Wie entferne ich "Conduit.com"? (logfiles bereits erstellt und gepostet)
    Log-Analyse und Auswertung - 20.01.2014 (11)
  2. "Polizei: Cyber Crime Investigation Department" Trojaner: habe bereits OTL.Txt und Extras.Txt. erstellt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (16)
  3. Winlock-Trojaner "Aus Sicherheitsgründen muss Windows blockiert werden"
    Log-Analyse und Auswertung - 23.05.2012 (1)
  4. "Windows aus Sicherheitsgründen gesperrt" - 50€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  5. das bereits altbekannte "Windows wurde aus Sicherheitsgründen gesperrt" Problem
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  6. "Ihr Windows wurde blockiert" Logs bereits angehangen.
    Log-Analyse und Auswertung - 22.03.2012 (17)
  7. "windows wurde aus sicherheitsgründen blockiert" Trojaner - HILFE!
    Log-Analyse und Auswertung - 12.03.2012 (1)
  8. "Windows wurde aus Sicherheitsgründen blockiert" - Ukash-Trojaner?
    Log-Analyse und Auswertung - 29.02.2012 (5)
  9. "Windows Blockiert 50e Virus" OTL files schon erstellt!
    Log-Analyse und Auswertung - 28.02.2012 (1)
  10. "Ihr Windows-System wurde blockiert-Zahlen sie bitte 50 EURO"
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (11)
  11. "Achtung - Aus Sicherheitsgründen wurde Windows blockiert" OTL LOG bereits vorhanden
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (17)
  12. "Windows wird aus Sicherheitsgründen gesperrt + 50e zahlen für Wiederherstellung"
    Log-Analyse und Auswertung - 23.01.2012 (1)
  13. "Aus Sicherheitsgründen wurde ihr System (...)" Trojaner & mehr - Logfiles bereits vorhanden
    Log-Analyse und Auswertung - 12.01.2012 (21)
  14. "Windows aus Sicherheitsgründen blockiert - Bezahlen und herunterladen" Der 50Euro Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (9)
  15. "Ihr Windows-System wurde aus Sicherheitsgründen blockiert"-Trojaner
    Log-Analyse und Auswertung - 07.01.2012 (10)
  16. "Windows wird aus Sicherheitsgründen blockiert"Virus blockiert System
    Log-Analyse und Auswertung - 22.12.2011 (4)
  17. "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" logfile mbam-log-2011-12-08 (08-08-36).tx
    Log-Analyse und Auswertung - 08.12.2011 (1)

Zum Thema Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt - Guten Morgen! Ich habe das bekannte Problem mit dem Trojaner, der mir per Sicherheitswarnung Windows blockiert und mich auffordert 50€ zu bezahlen. Es tritt immer 10-15 Minuten auf, nachdem ich - Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt...
Archiv
Du betrachtest: Trojaner "Windows blockiert aus Sicherheitsgründen, 50€ zahlen" Logfile bereits erstellt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.