|
Trojaner Bundespolizei: Pc hängt sich ständig auf Hallo liebe Formunsgemeinde. Ich hoffe bei Euch auf Hilfe zu meinem Problem: Vor ca. 1 Woche habe ich mir diesen Bundespolizei Trojaner eingefangen. Draufhin habe ich Malwarebytes drüber laufen lassen und der Pc geht jetzt zumindest wieder an. Bei Malwarebytes wurden insgesamt 8 infizierte Datein gefunden und diese wurden wenn ich mich recht erinnere in die Quarantäne geschoben. Mein Problem nun ist: wenn ich den PC anmache und irgendetwas machen möchte hängt er sich auf. D.h. es geht nichts mehr, auch Str Alt+ entf. geht nicht. Ich habe mich nun an die Anleitungen hier im Forum gehalten und folgendes gemacht: 1. defogger installiert und gestartet, ging problemlos. 2. OTL Hier die Dateien OTL logfile created on: 18.09.2012 12:53:52 - Run 1 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Dinchen\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,09% Memory free 6,13 Gb Paging File | 4,69 Gb Available in Paging File | 76,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 449,30 Gb Total Space | 376,98 Gb Free Space | 83,90% Space Free | Partition Type: NTFS Computer Name: DINCHEN-PC | User Name: Dinchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.18 12:52:42 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Dinchen\Desktop\OTL.exe PRC - [2012.08.30 19:53:41 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.08.30 19:52:40 | 000,722,528 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dinchen\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.18 22:19:09 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgtray.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010.02.11 17:44:57 | 000,349,640 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\bin\IncMail.exe PRC - [2010.02.11 17:44:56 | 000,247,240 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\bin\ImApp.exe PRC - [2009.08.22 16:32:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe PRC - [2009.08.22 16:32:45 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.22 16:32:28 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe PRC - [2009.08.22 16:32:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe PRC - [2009.08.22 16:32:09 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.04.15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.04.15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009.04.13 16:20:08 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.04.13 16:20:00 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.04.13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.04.13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.03.26 20:38:38 | 000,305,448 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.03.26 20:38:28 | 000,345,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.03.25 11:33:50 | 003,560,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\PdtWzd.exe PRC - [2009.03.25 11:33:50 | 003,444,224 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\BASVC.exe PRC - [2009.03.25 11:33:40 | 003,353,600 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.05 09:42:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.02.11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009.01.21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2008.12.02 09:19:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.16 15:12:32 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 19:53:41 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.08.30 19:52:43 | 000,564,832 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012.08.30 19:52:41 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.02.11 17:45:00 | 000,071,112 | ---- | M] () -- C:\Programme\IncrediMail\bin\wlessfp1.dll MOD - [2010.02.11 17:44:58 | 000,255,432 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImLookExU.dll MOD - [2010.02.11 17:44:57 | 000,132,552 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImComUtlU.dll MOD - [2010.02.11 17:44:57 | 000,079,304 | ---- | M] () -- C:\Programme\IncrediMail\bin\ImAppRU.dll MOD - [2009.04.13 16:20:12 | 000,877,864 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.04.13 16:20:06 | 000,013,096 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2009.04.13 11:09:00 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.09.06 20:35:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.08.30 19:52:40 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.22 16:32:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009.08.22 16:32:09 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2009.04.13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.03.26 20:38:38 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.03.25 11:33:50 | 003,444,224 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Programme\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.01.21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2012.09.18 12:32:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.30 19:52:41 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.08.22 16:32:46 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.22 16:32:46 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.07.21 21:12:01 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.03.11 19:34:00 | 000,055,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.03.11 19:33:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.01.21 07:03:00 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.11 18:16:38 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.11.11 18:16:38 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.11.11 18:16:38 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 14:25:24 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=880d53a40000000000000022fa274d5c IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE338&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=ONX8fOldab8R3Jxssc2QCg2Bcns?q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={207870CE-8BFD-41B9-8829-850487286418}&mid=172cc276c55ea7b2191bd377504f5970-0735c1d6e10e2762dc2f540a5e08dcd2b3089b0d&lang=de&ds=AVG&pr=fr&d=2011-12-03 18:14:30&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dinchen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.08.30 19:52:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.11 01:24:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.06 20:13:27 | 000,000,000 | ---D | M] [2012.09.06 20:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.08 15:26:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.06 20:13:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.06.16 19:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 19:53:41 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.07.07 15:56:15 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.06.16 19:33:35 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.16 19:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.16 19:33:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.16 19:33:36 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - Extension: SiteAdvisor = \Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1\ CHR - Extension: SiteAdvisor = \Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Facebook Update] "C:\Users\Dinchen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.klaudia-und-sascha.de/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CA84E0-025B-4CD5-B5C4-E1244BA38AED}: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Dinchen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dinchen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c5f17e4-d6a3-11e1-9e27-00238bce299a}\Shell - "" = AutoRun O33 - MountPoints2\{1c5f17e4-d6a3-11e1-9e27-00238bce299a}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{3e506ddb-9bbb-11df-ab04-00238bce299a}\Shell - "" = AutoRun O33 - MountPoints2\{3e506ddb-9bbb-11df-ab04-00238bce299a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{eaaafac8-369a-11e0-949e-00238bce299a}\Shell - "" = AutoRun O33 - MountPoints2\{eaaafac8-369a-11e0-949e-00238bce299a}\Shell\AutoRun\command - "" = E:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.18 12:32:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.06 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.06 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.06 21:09:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.06 21:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.06 20:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.06 20:14:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.06 20:14:43 | 000,000,000 | -HSD | C] -- \Config.Msi [2012.09.06 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ywdhofafskfsjhe [2012.08.30 19:52:41 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [1 C:\*.tmp files -> C:\*.tmp -> ] [1 \*.tmp files -> \*.tmp -> ] [1 \*.tmp files -> \*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.18 12:55:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job [2012.09.18 12:51:44 | 000,000,000 | ---- | M] () -- C:\Users\Dinchen\defogger_reenable [2012.09.18 12:43:44 | 000,245,777 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.18 12:43:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 12:43:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 12:43:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 12:43:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.18 12:43:08 | 3182,362,624 | -HS- | M] () -- C:\hiberfil.sys [2012.09.18 12:32:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.18 12:32:00 | 057,824,586 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012.09.13 14:43:36 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.11 21:55:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job [2012.09.10 13:57:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.10 13:57:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.10 13:57:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.10 13:57:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.06 21:09:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.09.06 20:35:30 | 000,245,777 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.06 19:55:07 | 003,653,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.06 15:01:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\dsdebiyskdmnkuo [2012.08.30 19:52:41 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.18 12:51:44 | 000,000,000 | ---- | C] () -- C:\Users\Dinchen\defogger_reenable [2012.09.18 12:29:47 | 3182,362,624 | -HS- | C] () -- C:\hiberfil.sys [2012.09.18 12:29:47 | 3182,362,624 | -HS- | C] () -- \hiberfil.sys [2012.09.06 21:09:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.09.06 15:01:33 | 000,000,051 | ---- | C] () -- C:\ProgramData\dsdebiyskdmnkuo [2012.07.07 15:56:34 | 000,000,249 | ---- | C] () -- \user.js [2012.06.05 21:41:21 | 000,719,596 | ---- | C] () -- C:\Users\Dinchen\1471-2482-11-24.pdf [2012.06.05 21:28:46 | 000,217,714 | ---- | C] () -- C:\Users\Dinchen\Cosmesis and body image after laparoscopic-assisted and open ileocolic resection for Crohn's disease..pdf [2012.02.24 13:18:34 | 000,003,213 | ---- | C] () -- C:\Windows\GWS.INI [2011.03.02 22:30:17 | 000,000,081 | ---- | C] () -- C:\Users\Dinchen\CTX.DAT [2011.02.13 11:54:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.18 18:17:43 | 000,001,091 | ---- | C] () -- C:\Windows\disney.ini [2011.01.18 18:17:37 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2011.01.18 18:17:37 | 000,000,000 | RHS- | C] () -- \IO.SYS [2010.11.14 13:36:32 | 000,093,384 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2009.07.22 01:28:59 | 000,245,777 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.12 15:59:36 | 000,245,777 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.12 15:46:58 | 000,000,020 | ---- | C] () -- \Medion.ini [2009.05.22 09:03:53 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2009.05.22 09:03:51 | 000,333,203 | RHS- | C] () -- \bootmgr [2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2011.12.20 12:37:12 | 000,000,090 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt [2012.01.07 12:47:12 | 000,000,088 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt [2011.12.27 16:12:10 | 000,000,090 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[3].txt [2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar [2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\chrome [2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\components [2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\locale [2012.08.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\modules [2010.02.15 12:16:38 | 000,000,136 | ---- | M] () -- C:\Windows\Temp\Cookies\dinchen@mcafee[2].txt [2010.10.15 15:48:59 | 000,002,048 | -HS- | M] () -- C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\@ [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.09.11 21:55:05 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job [2012.09.18 12:55:00 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job [2012.09.11 22:16:18 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914 < End of report > OTL Extras logfile created on: 18.09.2012 12:53:52 - Run 1 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Dinchen\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,09% Memory free 6,13 Gb Paging File | 4,69 Gb Available in Paging File | 76,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 449,30 Gb Total Space | 376,98 Gb Free Space | 83,90% Space Free | Partition Type: NTFS Computer Name: DINCHEN-PC | User Name: Dinchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18899628-E238-4959-B458-1AE3F92DE2C4}" = lport=2869 | protocol=6 | dir=in | app=system | "{20C41E65-CFED-4562-9184-38269D2DA9EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2499D8F5-6AE3-4E0A-B670-60C8D0D643CC}" = lport=138 | protocol=17 | dir=in | app=system | "{42E9F830-7C47-46B8-ACD6-DCF91D3043D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4B71EBC4-1FF3-48DE-A3A5-5DB76E24EEEC}" = lport=445 | protocol=6 | dir=in | app=system | "{64EFEA13-CB4A-4EB0-B9A0-4B725D2997D6}" = rport=137 | protocol=17 | dir=out | app=system | "{66399142-8B8E-4AF5-BDB8-EF60F33A12F3}" = rport=445 | protocol=6 | dir=out | app=system | "{AF71558F-F50C-4F5A-88FF-777CA18EFA17}" = rport=138 | protocol=17 | dir=out | app=system | "{B943E45E-D952-41FA-B0E3-B084F105D09B}" = rport=139 | protocol=6 | dir=out | app=system | "{D86E7B11-FFC6-4701-B2E5-E4C2C8FB3A4C}" = lport=139 | protocol=6 | dir=in | app=system | "{E72C53CC-3929-49F1-B948-6710AFB7E4AD}" = lport=137 | protocol=17 | dir=in | app=system | "{FF5F4E96-3721-4F10-AA37-F2704D961F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03BFB00C-19F7-4827-A333-80666E700EC2}" = dir=in | app=c:\program files\itunes\itunes.exe | "{071A8094-D970-4CA3-8B92-DA8A6CCFBF53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C753FBE-D123-4C07-8005-FEC0C220E229}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1CEFDDE2-EBC5-4193-84F2-4775989E7100}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{234E5443-E093-4507-88CD-642F99A9A659}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23F4B866-A69C-4933-9AA1-FB8F7D79F8C7}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{2874264A-7D69-49FF-985A-32DF51905224}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "{299E75F2-0DA3-4321-9EE6-38CF946DB9EF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{36F646CA-58F6-4E63-A3D5-AEC4B7DE8410}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4596D15B-02ED-4C1A-991C-AC49A7929459}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{46A89B9B-D7E2-4A02-B51C-EE9DAB24A111}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4EEC9E4E-7B47-4F29-A799-46B63C46B30B}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{5221B812-AFC4-4E51-82F8-15861FECE4D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69ED492E-5D48-4986-992D-C86D90070A19}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{6C262C0F-D6CB-4B8F-8328-555B572A01E5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{7B8A714C-CABF-4373-B6CE-CAE958CAD087}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7CCAD52E-BC7F-4AB7-B54D-8E8BB15F8CDA}" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe | "{7D86C00B-1D35-4E3F-8F14-D80CB4ABD205}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8A9BC726-3A5F-43B6-BC92-2235798DCAF7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{8DAE819F-8726-443A-976A-04723812D0C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9A451472-5B50-47DC-A5C7-FAFB8BBD5496}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{A10BF91A-6628-4F4C-B705-D2DB41F58884}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A5D47474-3664-4A73-A76B-AA20A359C1F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B849AD0B-DD2A-4D9A-8B0B-7C6AE3D20936}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{C3EC4F75-F6FC-4570-B630-9B902B3BEB29}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{D3893BF0-B54A-4DE7-A6BE-C64440E0ACEB}" = dir=in | app=c:\users\dinchen\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{D4833A81-97CA-460E-987E-0160FABD4732}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DA5FC70D-7383-49B2-9A1A-633C529ADE5B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{DD58AA59-8CEA-4FEC-9820-D4C989339692}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{ECCE9CC8-9A1D-43B0-92C2-850575013694}" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe | "{F55F5892-39C9-48E6-9FCE-8D56811D7A98}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{03A3A7B7-CF1B-4BDE-9153-6736B5824326}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe | "TCP Query User{1A035366-4C8F-438C-ADDC-DAB72985E6DA}C:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe | "TCP Query User{22F68744-D650-48A6-A2C4-C7225D3A7B94}C:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{6F94A090-9416-4ABF-8C0B-225B09C5F5AF}C:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe | "TCP Query User{80492050-56F9-43E9-A129-0D28CCD54BCB}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe | "TCP Query User{92A7B7BF-F175-4AE1-81F3-E4B477C7DA10}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{95032E46-5C7C-41BC-BD29-E5C169AE7267}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{DE350C2E-0304-479D-8D08-3446B5490182}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{0CE8075E-E724-4677-8D95-E267CAD01BEF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2C9AC6DD-0F8E-4A4A-AF8D-0867CB74B079}C:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{5B3AAE4C-F6B5-43FC-A675-06A1229D729B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6920DC22-5A12-4C90-A49C-CDA34BE6FC99}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{721F9C9C-A3E0-4C30-9D70-532CD5E61A81}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe | "UDP Query User{7E238CC2-D2DF-4349-93EB-E668C12FF080}C:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\opera.exe | "UDP Query User{9781BADF-90CC-4792-8D60-4C563F3726F0}C:\users\dinchen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\akamai\netsession_win.exe | "UDP Query User{BD2AD599-1069-4D11-A4E3-873759715184}C:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\dinchen\appdata\local\temp\cprogram filesopera\operaupgrader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A20B067C-8A58-44BF-9FC7-11E92D916AD2}" = Nuvoton CIR Device Drivers "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.72.108 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Akamai" = Akamai NetSession Interface Service "Audacity_is1" = Audacity 1.2.6 "AVG8Uninstall" = AVG Free 8.5 "BabylonToolbar" = Babylon toolbar on IE "Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cisco Connect" = Cisco Connect "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ElsterFormular 13.2.0.8623p" = ElsterFormular "ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2 "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IncrediMail" = IncrediMail 2.0 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.64.1403" = Opera 11.64 "PhotoMail" = PhotoMail Maker "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 2.0.1 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.05.2011 21:03:56 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 17276096 Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 17277173 Error - 11.05.2011 21:03:57 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 17277173 Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 17278280 Error - 11.05.2011 21:03:58 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 17278280 Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 17279388 Error - 11.05.2011 21:03:59 | Computer Name = Dinchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 17279388 [ OSession Events ] Error - 05.01.2012 20:31:11 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 133055 seconds with 960 seconds of active time. This session ended with a crash. Error - 15.07.2012 17:11:14 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40815 seconds with 780 seconds of active time. This session ended with a crash. Error - 25.07.2012 03:56:47 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51395 seconds with 3240 seconds of active time. This session ended with a crash. Error - 25.07.2012 04:18:40 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1297 seconds with 300 seconds of active time. This session ended with a crash. Error - 29.07.2012 16:22:29 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 428 seconds with 60 seconds of active time. This session ended with a crash. Error - 02.08.2012 07:02:28 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 869 seconds with 360 seconds of active time. This session ended with a crash. Error - 20.08.2012 11:08:07 | Computer Name = Dinchen-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82051 seconds with 1020 seconds of active time. This session ended with a crash. [ System Events ] Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.09.2012 11:38:19 | Computer Name = Dinchen-PC | Source = Service Control Manager | ID = 7001 Description = Error - 18.09.2012 06:29:52 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 17.09.2012 um 20:55:47 unerwartet heruntergefahren. Error - 18.09.2012 06:29:54 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016 Description = Error - 18.09.2012 06:36:46 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 18.09.2012 um 12:33:36 unerwartet heruntergefahren. Error - 18.09.2012 06:36:49 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016 Description = Error - 18.09.2012 06:43:13 | Computer Name = Dinchen-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 18.09.2012 um 12:41:09 unerwartet heruntergefahren. Error - 18.09.2012 06:43:16 | Computer Name = Dinchen-PC | Source = HTTP | ID = 15016 Description = < End of report > GMER Datei folgt. PC hängt sich ständig auf. ich hoffe, Ihr könnt mir helfen! Vielen Dank |
Zitat:
|
Oh sorry! Muss ich überlesen haben, dass Ihr das auch braucht.. Hier dann mal die Log Daten des Malwarebytes Durchlaufes 1. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.07.11 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Dinchen :: DINCHEN-PC [Administrator] Schutz: Aktiviert 07.09.2012 21:35:29 mbam-log-2012-09-07 (21-35-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 46886 Laufzeit: 3 Minute(n), 27 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dbfbaqsr.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.07.11 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Dinchen :: DINCHEN-PC [Administrator] Schutz: Aktiviert 07.09.2012 21:42:50 mbam-log-2012-09-07 (21-42-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221274 Laufzeit: 12 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Dinchen\0.2690011122474091.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Roaming\Adobe\plugs\mmc19.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Roaming\Adobe\plugs\mmc195.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.07.11 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Dinchen :: DINCHEN-PC [Administrator] Schutz: Aktiviert 11.09.2012 19:59:00 mbam-log-2012-09-11 (19-59-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 157885 Laufzeit: 2 Stunde(n), 14 Minute(n), 7 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\n (Trojan.Agent.BVXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\00000004.@ (Rootkit.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 4. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.07.11 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.6001.19088 Dinchen :: DINCHEN-PC [Administrator] Schutz: Deaktiviert 17.09.2012 17:39:58 mbam-log-2012-09-17 (17-39-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 411976 Laufzeit: 1 Stunde(n), 6 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 5. 012/09/06 21:09:55 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:09:59 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 21:10:02 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:14:31 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:21:37 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:21:40 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 21:21:43 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:21:45 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting database refresh 2012/09/06 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Stopping IP protection 2012/09/06 21:22:42 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection stopped 2012/09/06 21:22:46 +0200 DINCHEN-PC Dinchen MESSAGE Database refreshed successfully 2012/09/06 21:22:46 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:22:49 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 21:22:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 51324, Process: explorer.exe) 2012/09/06 21:29:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:29:11 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 21:29:14 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:29:17 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 21:29:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:29:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:29:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.136.197.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.68.232.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:30:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:15 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:31:55 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:32:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:35 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:33:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.57.55.252 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 71.228.235.239 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:34:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 195.3.145.57 (Type: outgoing, Port: 63346, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:39 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:35:47 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:43 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:51 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:36:59 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:37:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:20 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:38:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.240.162.5 (Type: outgoing, Port: 51962, Process: explorer.exe) 2012/09/06 21:44:46 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:44:49 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 21:44:52 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:44:55 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 21:45:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:45:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 52354, Process: explorer.exe) 2012/09/06 21:51:07 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 21:51:10 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 21:51:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 21:51:17 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 21:51:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:51:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:51:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:51:53 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:54:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:54:11 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:54:11 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:55:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:56:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:56:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:58:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:58:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:58:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 21:59:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:00:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:00:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:00:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:02:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:02:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:03:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:04 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:04:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:06:46 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:07:02 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:07:02 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:38 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:08:54 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:11:03 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:11:19 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:11:19 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:12:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:13:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:13:13 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:15:22 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:15:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:15:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:34 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:50 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:16:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:17:14 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:17:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:17:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:19:31 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:19:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:19:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:20:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:20:52 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:21:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:23:49 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:24:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:24:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:10 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:18 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:26 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:25:58 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:28:07 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:28:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:28:23 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.78.249.9 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:28 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:36 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:29:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:30:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:30:08 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:30:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:32:25 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:32:33 +0200 DINCHEN-PC Dinchen IP-BLOCK 76.27.132.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:33:46 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 55666, Process: explorer.exe) 2012/09/06 22:48:03 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/06 22:48:06 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/06 22:48:09 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/06 22:48:12 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/06 22:48:17 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 54749, Process: explorer.exe) 2012/09/06 22:48:42 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 54749, Process: explorer.exe) 2012/09/06 22:49:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 49693, Process: avgnsx.exe) 2012/09/06 22:49:06 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 49715, Process: avgnsx.exe) 2012/09/06 22:49:30 +0200 DINCHEN-PC Dinchen IP-BLOCK 64.111.214.2 (Type: outgoing, Port: 49778, Process: avgnsx.exe) 6. 2012/09/07 20:37:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 20:37:04 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/07 20:37:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/07 20:37:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/07 20:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.68.232.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:37:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:38:44 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.73.56.250 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:00 +0200 DINCHEN-PC Dinchen IP-BLOCK 94.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:09 +0200 DINCHEN-PC Dinchen IP-BLOCK 173.21.136.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:16 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/07 20:39:25 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.110.129.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:41 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:49 +0200 DINCHEN-PC Dinchen IP-BLOCK 174.110.129.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Scheduled update executed successfully: database updated from version v2012.09.06.11 to version v2012.09.07.11 2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Starting database refresh 2012/09/07 20:39:54 +0200 DINCHEN-PC Dinchen MESSAGE Stopping IP protection 2012/09/07 20:39:56 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection stopped 2012/09/07 20:39:59 +0200 DINCHEN-PC Dinchen MESSAGE Database refreshed successfully 2012/09/07 20:39:59 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/07 20:40:03 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/07 20:40:16 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:24 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:32 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 197.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:40:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:21 +0200 DINCHEN-PC Dinchen IP-BLOCK 81.226.90.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:29 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 1.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 75.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 77.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:37 +0200 DINCHEN-PC Dinchen IP-BLOCK 88.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 169.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:41:45 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.254.254.254 (Type: outgoing, Port: 58015, Process: explorer.exe) 2012/09/07 20:55:03 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 21:22:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 21:22:45 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/07 21:35:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 21:35:16 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/07 21:35:19 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/07 21:35:22 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/07 21:36:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 184.63.54.254 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:36:40 +0200 DINCHEN-PC Dinchen IP-BLOCK 24.5.5.251 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:36:48 +0200 DINCHEN-PC Dinchen IP-BLOCK 66.229.189.254 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:36:56 +0200 DINCHEN-PC Dinchen IP-BLOCK 67.190.137.250 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:37:12 +0200 DINCHEN-PC Dinchen IP-BLOCK 131.155.68.250 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:38:57 +0200 DINCHEN-PC Dinchen IP-BLOCK 190.253.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:39:05 +0200 DINCHEN-PC Dinchen IP-BLOCK 212.253.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:39:13 +0200 DINCHEN-PC Dinchen IP-BLOCK 117.254.254.254 (Type: outgoing, Port: 61324, Process: explorer.exe) 2012/09/07 21:42:48 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 21:42:51 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/07 21:42:54 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/07 21:42:57 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/07 21:59:38 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/07 21:59:41 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/07 21:59:44 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/07 21:59:47 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 7. 2012/09/08 11:43:57 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/08 11:44:03 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/08 11:44:03 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/08 11:44:05 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 2012/09/08 11:44:06 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/08 11:44:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/08 11:49:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/08 11:49:53 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/08 11:49:56 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/08 11:49:58 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 8. 2012/09/09 16:18:02 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/09 16:18:05 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/09 16:18:08 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/09 16:18:11 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/09 16:25:33 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/09 16:25:35 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/09 16:25:35 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 2012/09/09 16:25:37 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/09 16:25:40 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/09 16:25:43 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 9. 2012/09/10 13:55:09 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/10 13:55:13 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/10 13:55:17 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/10 13:55:20 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 10. 2012/09/11 18:36:26 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/11 18:36:27 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/11 18:36:31 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/11 18:36:31 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 2012/09/11 18:43:06 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/11 18:43:09 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/11 18:43:12 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/11 18:43:14 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/11 18:49:15 +0200 DINCHEN-PC Dinchen DETECTION C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\80000000.@ Trojan.Small QUARANTINE 2012/09/11 19:46:28 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/11 19:46:31 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/11 19:46:34 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/11 19:46:37 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/11 22:19:38 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/11 22:19:42 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/11 22:19:45 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/11 22:19:48 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/11 23:25:21 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/11 23:25:23 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 11. 2012/09/12 18:58:05 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/12 18:58:09 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 12. 2012/09/13 14:27:49 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/13 14:27:50 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/13 14:27:51 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 2012/09/13 14:27:53 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/13 14:27:56 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/13 14:28:00 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 13. 2012/09/16 08:50:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/16 08:50:14 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/16 08:50:16 +0200 DINCHEN-PC Dinchen ERROR Scheduled update failed: Host not found failed with error code 0 2012/09/16 08:50:18 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/16 21:50:13 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/16 21:50:16 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/16 21:50:19 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/16 21:50:22 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 14. 2012/09/18 12:32:12 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/18 12:32:18 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/18 12:32:18 +0200 DINCHEN-PC Dinchen MESSAGE Executing scheduled update: Daily 2012/09/18 12:32:21 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/18 12:32:24 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/18 12:40:17 +0200 DINCHEN-PC Medi MESSAGE Starting protection 2012/09/18 12:45:33 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/18 12:45:37 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/18 12:45:40 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/18 12:45:43 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/18 15:52:41 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/18 15:52:44 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/18 15:52:47 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/18 15:52:50 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/18 15:57:01 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/18 15:57:04 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully 2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting protection 2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Protection started successfully 2012/09/18 16:03:50 +0200 DINCHEN-PC Dinchen MESSAGE Starting IP protection 2012/09/18 16:03:53 +0200 DINCHEN-PC Dinchen MESSAGE IP Protection started successfully So, ich hoffe ich hab das richtige kopiert. Vielen Dank fürs anschauen! |
Gmer Bitte
|
Hallo, leider klappt das mit dem Gmer nicht. Der Scan läuft, und irgendwann hängt der PC sich auf. Gestern ist der Scan fast bis zum Schluss gelaufen, vermute ich zumindest mal. Immerhin ist das Programm bis zum Verzeichnis Windows/System gekommen. Das war das Weiteste. Ich habe mich an alles gehalten. Virenprogramme und alle Programme sind aus. Ich mache nichts am PC, und es funktioniert trotzdem nicht. |
Dann mach stattdessen das hier: Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
Endlich, geschafft. Und das mit nur einmal Aufhängen. Hier die asw-Datei: aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-23 19:09:40 ----------------------------- 19:09:40.414 OS Version: Windows 6.0.6001 Service Pack 1 19:09:40.429 Number of processors: 2 586 0x170A 19:09:40.429 ComputerName: DINCHEN-PC UserName: Medi 19:10:07.994 Initialize success 19:12:40.770 AVAST engine defs: 12092300 19:13:02.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:13:02.517 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 19:13:02.532 Disk 0 MBR read successfully 19:13:02.548 Disk 0 MBR scan 19:13:02.548 Disk 0 unknown MBR code 19:13:02.564 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 19:13:02.579 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 460083 MB offset 27265024 19:13:02.610 Disk 0 Partition 3 00 12 Compaq diag NTFS 3543 MB offset 969515008 19:13:02.626 Disk 0 scanning sectors +976771072 19:13:02.688 Disk 0 scanning C:\Windows\system32\drivers 19:13:13.203 Service scanning 19:13:35.542 Modules scanning 19:13:40.004 Disk 0 trace - called modules: 19:13:40.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 19:13:40.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86606ac8] 19:13:40.050 3 CLASSPNP.SYS[8ab9e745] -> nt!IofCallDriver -> [0x8607cc60] 19:13:40.050 5 acpi.sys[806986a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85add028] 19:13:42.765 AVAST engine scan C:\Windows 19:13:47.601 AVAST engine scan C:\Windows\system32 19:16:47.299 AVAST engine scan C:\Windows\system32\drivers 19:17:03.961 AVAST engine scan C:\Users\Medi 19:18:13.677 AVAST engine scan C:\ProgramData 19:21:38.350 Scan finished successfully 19:44:15.889 Disk 0 MBR has been saved successfully to "C:\Users\Medi\Desktop\MBR.dat" 19:44:15.905 The log file has been saved successfully to "C:\Users\Medi\Desktop\aswMBR.txt" Und hier die TDSS-Killer: 19:44:50.0450 3056 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 19:44:50.0684 3056 ============================================================ 19:44:50.0684 3056 Current date / time: 2012/09/23 19:44:50.0684 19:44:50.0684 3056 SystemInfo: 19:44:50.0684 3056 19:44:50.0684 3056 OS Version: 6.0.6001 ServicePack: 1.0 19:44:50.0684 3056 Product type: Workstation 19:44:50.0684 3056 ComputerName: DINCHEN-PC 19:44:50.0684 3056 UserName: Medi 19:44:50.0684 3056 Windows directory: C:\Windows 19:44:50.0684 3056 System windows directory: C:\Windows 19:44:50.0684 3056 Processor architecture: Intel x86 19:44:50.0684 3056 Number of processors: 2 19:44:50.0684 3056 Page size: 0x1000 19:44:50.0684 3056 Boot type: Normal boot 19:44:50.0684 3056 ============================================================ 19:44:51.0120 3056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:44:51.0152 3056 ============================================================ 19:44:51.0152 3056 \Device\Harddisk0\DR0: 19:44:51.0152 3056 MBR partitions: 19:44:51.0152 3056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x38299800 19:44:51.0152 3056 ============================================================ 19:44:51.0183 3056 C: <-> \Device\Harddisk0\DR0\Partition1 19:44:51.0183 3056 ============================================================ 19:44:51.0183 3056 Initialize success 19:44:51.0183 3056 ============================================================ 19:46:09.0822 5776 ============================================================ 19:46:09.0822 5776 Scan started 19:46:09.0822 5776 Mode: Manual; TDLFS; 19:46:09.0822 5776 ============================================================ 19:46:10.0041 5776 ================ Scan system memory ======================== 19:46:10.0041 5776 System memory - ok 19:46:10.0041 5776 ================ Scan services ============================= 19:46:10.0212 5776 acedrv11 - ok 19:46:10.0244 5776 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 19:46:10.0244 5776 ACPI - ok 19:46:10.0275 5776 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:46:10.0275 5776 adp94xx - ok 19:46:10.0306 5776 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:46:10.0322 5776 adpahci - ok 19:46:10.0337 5776 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 19:46:10.0337 5776 adpu160m - ok 19:46:10.0353 5776 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:46:10.0368 5776 adpu320 - ok 19:46:10.0400 5776 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:46:10.0400 5776 AeLookupSvc - ok 19:46:10.0446 5776 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 19:46:10.0462 5776 AFD - ok 19:46:10.0524 5776 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe 19:46:10.0524 5776 AgereModemAudio - ok 19:46:10.0556 5776 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 19:46:10.0571 5776 AgereSoftModem - ok 19:46:10.0618 5776 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:46:10.0618 5776 agp440 - ok 19:46:10.0665 5776 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 19:46:10.0665 5776 aic78xx - ok 19:46:10.0868 5776 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll 19:46:10.0868 5776 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76 19:46:10.0868 5776 Akamai ( HiddenFile.Multi.Generic ) - warning 19:46:10.0868 5776 Akamai - detected HiddenFile.Multi.Generic (1) 19:46:10.0961 5776 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\drivers\AlfaFF.sys 19:46:10.0961 5776 AlfaFF - ok 19:46:10.0992 5776 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 19:46:10.0992 5776 ALG - ok 19:46:11.0024 5776 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 19:46:11.0024 5776 aliide - ok 19:46:11.0070 5776 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:46:11.0070 5776 amdagp - ok 19:46:11.0086 5776 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 19:46:11.0086 5776 amdide - ok 19:46:11.0102 5776 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 19:46:11.0102 5776 AmdK7 - ok 19:46:11.0117 5776 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:46:11.0117 5776 AmdK8 - ok 19:46:11.0148 5776 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 19:46:11.0164 5776 Appinfo - ok 19:46:11.0226 5776 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:46:11.0226 5776 Apple Mobile Device - ok 19:46:11.0258 5776 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 19:46:11.0258 5776 arc - ok 19:46:11.0289 5776 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:46:11.0289 5776 arcsas - ok 19:46:11.0304 5776 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:46:11.0304 5776 AsyncMac - ok 19:46:11.0320 5776 [ 0FD275041F8B2197EE964361B4192A18 ] atapi C:\Windows\system32\drivers\atapi.sys 19:46:11.0320 5776 atapi - ok 19:46:11.0351 5776 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:46:11.0351 5776 AudioEndpointBuilder - ok 19:46:11.0367 5776 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:46:11.0382 5776 Audiosrv - ok 19:46:11.0507 5776 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe 19:46:11.0507 5776 AVG Security Toolbar Service - ok 19:46:11.0554 5776 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe 19:46:11.0585 5776 avg8emc - ok 19:46:11.0648 5776 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 19:46:11.0648 5776 avg8wd - ok 19:46:11.0710 5776 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys 19:46:11.0726 5776 AvgLdx86 - ok 19:46:11.0741 5776 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys 19:46:11.0741 5776 AvgMfx86 - ok 19:46:11.0772 5776 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys 19:46:11.0772 5776 AvgTdiX - ok 19:46:11.0850 5776 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 19:46:11.0850 5776 avgtp - ok 19:46:11.0913 5776 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 19:46:11.0913 5776 Beep - ok 19:46:11.0944 5776 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll 19:46:11.0944 5776 BFE - ok 19:46:11.0975 5776 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 19:46:11.0975 5776 blbdrive - ok 19:46:12.0053 5776 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:46:12.0069 5776 Bonjour Service - ok 19:46:12.0131 5776 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:46:12.0131 5776 bowser - ok 19:46:12.0162 5776 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 19:46:12.0162 5776 BrFiltLo - ok 19:46:12.0194 5776 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 19:46:12.0194 5776 BrFiltUp - ok 19:46:12.0209 5776 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 19:46:12.0209 5776 Browser - ok 19:46:12.0256 5776 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 19:46:12.0256 5776 Brserid - ok 19:46:12.0272 5776 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 19:46:12.0272 5776 BrSerWdm - ok 19:46:12.0287 5776 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 19:46:12.0303 5776 BrUsbMdm - ok 19:46:12.0303 5776 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 19:46:12.0303 5776 BrUsbSer - ok 19:46:12.0318 5776 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:46:12.0318 5776 BTHMODEM - ok 19:46:12.0381 5776 [ B6C870EE321AA8678198EA003DCFBB02 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:46:12.0412 5776 btwdins - ok 19:46:12.0428 5776 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:46:12.0428 5776 cdfs - ok 19:46:12.0459 5776 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:46:12.0459 5776 cdrom - ok 19:46:12.0490 5776 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 19:46:12.0490 5776 CertPropSvc - ok 19:46:12.0490 5776 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:46:12.0506 5776 circlass - ok 19:46:12.0521 5776 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 19:46:12.0521 5776 CLFS - ok 19:46:12.0584 5776 [ D8E2AF3D5BAA4C683F14C5774B2CD99A ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 19:46:12.0584 5776 CLHNService - ok 19:46:12.0662 5776 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:46:12.0662 5776 clr_optimization_v2.0.50727_32 - ok 19:46:12.0771 5776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:46:12.0771 5776 clr_optimization_v4.0.30319_32 - ok 19:46:12.0802 5776 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:46:12.0802 5776 CmBatt - ok 19:46:12.0833 5776 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:46:12.0833 5776 cmdide - ok 19:46:12.0864 5776 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:46:12.0864 5776 Compbatt - ok 19:46:12.0864 5776 COMSysApp - ok 19:46:12.0896 5776 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:46:12.0896 5776 crcdisk - ok 19:46:12.0927 5776 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 19:46:12.0927 5776 Crusoe - ok 19:46:12.0974 5776 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:46:12.0974 5776 CryptSvc - ok 19:46:13.0005 5776 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 19:46:13.0005 5776 CVirtA - ok 19:46:13.0161 5776 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 19:46:13.0192 5776 CVPND - ok 19:46:13.0239 5776 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 19:46:13.0239 5776 CVPNDRVA - ok 19:46:13.0301 5776 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:46:13.0317 5776 DcomLaunch - ok 19:46:13.0364 5776 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:46:13.0364 5776 DfsC - ok 19:46:13.0442 5776 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 19:46:13.0473 5776 DFSR - ok 19:46:13.0520 5776 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 19:46:13.0520 5776 Dhcp - ok 19:46:13.0535 5776 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 19:46:13.0535 5776 disk - ok 19:46:13.0582 5776 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 19:46:13.0582 5776 DKbFltr - ok 19:46:13.0644 5776 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 19:46:13.0644 5776 DNE - ok 19:46:13.0691 5776 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:46:13.0691 5776 Dnscache - ok 19:46:13.0722 5776 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 19:46:13.0722 5776 dot3svc - ok 19:46:13.0754 5776 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 19:46:13.0754 5776 DPS - ok 19:46:13.0800 5776 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:46:13.0800 5776 drmkaud - ok 19:46:13.0832 5776 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:46:13.0847 5776 DXGKrnl - ok 19:46:13.0863 5776 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 19:46:13.0863 5776 E1G60 - ok 19:46:13.0894 5776 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 19:46:13.0894 5776 EapHost - ok 19:46:13.0941 5776 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 19:46:13.0941 5776 Ecache - ok 19:46:13.0988 5776 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:46:13.0988 5776 ehRecvr - ok 19:46:14.0003 5776 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 19:46:14.0003 5776 ehSched - ok 19:46:14.0019 5776 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 19:46:14.0019 5776 ehstart - ok 19:46:14.0066 5776 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:46:14.0081 5776 elxstor - ok 19:46:14.0128 5776 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll 19:46:14.0144 5776 EMDMgmt - ok 19:46:14.0222 5776 [ 4186146FD69EACC966DC755655B91C9C ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 19:46:14.0237 5776 ePowerSvc - ok 19:46:14.0268 5776 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:46:14.0268 5776 ErrDev - ok 19:46:14.0300 5776 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll 19:46:14.0300 5776 EventSystem - ok 19:46:14.0346 5776 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys 19:46:14.0346 5776 exfat - ok 19:46:14.0362 5776 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:46:14.0362 5776 fastfat - ok 19:46:14.0378 5776 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:46:14.0393 5776 fdc - ok 19:46:14.0409 5776 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 19:46:14.0409 5776 fdPHost - ok 19:46:14.0424 5776 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 19:46:14.0424 5776 FDResPub - ok 19:46:14.0456 5776 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:46:14.0456 5776 FileInfo - ok 19:46:14.0487 5776 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:46:14.0487 5776 Filetrace - ok 19:46:14.0502 5776 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:46:14.0502 5776 flpydisk - ok 19:46:14.0534 5776 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:46:14.0534 5776 FltMgr - ok 19:46:14.0612 5776 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:46:14.0612 5776 FontCache3.0.0.0 - ok 19:46:14.0627 5776 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:46:14.0643 5776 Fs_Rec - ok 19:46:14.0658 5776 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:46:14.0658 5776 gagp30kx - ok 19:46:14.0674 5776 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:46:14.0674 5776 GEARAspiWDM - ok 19:46:14.0768 5776 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 19:46:14.0768 5776 GoogleDesktopManager-051210-111108 - ok 19:46:14.0799 5776 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll 19:46:14.0830 5776 gpsvc - ok 19:46:14.0877 5776 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca0dc76fc8fc00 C:\Program Files\Google\Update\GoogleUpdate.exe 19:46:14.0892 5776 gupdate1ca0dc76fc8fc00 - ok 19:46:14.0892 5776 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 19:46:14.0892 5776 gupdatem - ok 19:46:14.0939 5776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 19:46:14.0939 5776 gusvc - ok 19:46:14.0986 5776 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:46:14.0986 5776 HdAudAddService - ok 19:46:15.0002 5776 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:46:15.0002 5776 HDAudBus - ok 19:46:15.0033 5776 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:46:15.0033 5776 HidBth - ok 19:46:15.0064 5776 [ 5A87127718873BD7F3BD7AC42B951D8E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:46:15.0064 5776 HidIr - ok 19:46:15.0095 5776 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 19:46:15.0095 5776 hidserv - ok 19:46:15.0126 5776 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:46:15.0126 5776 HidUsb - ok 19:46:15.0142 5776 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:46:15.0158 5776 hkmsvc - ok 19:46:15.0173 5776 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 19:46:15.0173 5776 HpCISSs - ok 19:46:15.0204 5776 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:46:15.0220 5776 HTTP - ok 19:46:15.0236 5776 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 19:46:15.0236 5776 i2omp - ok 19:46:15.0267 5776 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:46:15.0267 5776 i8042prt - ok 19:46:15.0345 5776 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 19:46:15.0360 5776 IAANTMON - ok 19:46:15.0392 5776 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:46:15.0392 5776 iaStor - ok 19:46:15.0423 5776 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 19:46:15.0423 5776 iaStorV - ok 19:46:15.0501 5776 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:46:15.0532 5776 idsvc - ok 19:46:15.0672 5776 [ DDEC2C42258A32B6F4AFE6C7A935244D ] IGBASVC C:\Program Files\Acer Bio Protection\BASVC.exe 19:46:15.0750 5776 IGBASVC - ok 19:46:15.0782 5776 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:46:15.0782 5776 iirsp - ok 19:46:15.0828 5776 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll 19:46:15.0844 5776 IKEEXT - ok 19:46:15.0860 5776 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys 19:46:15.0860 5776 int15 - ok 19:46:15.0953 5776 [ EB988FC0CACCDE2A67C4854128BAC5E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 19:46:15.0969 5776 IntcAzAudAddService - ok 19:46:16.0016 5776 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 19:46:16.0016 5776 intelide - ok 19:46:16.0062 5776 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:46:16.0062 5776 intelppm - ok 19:46:16.0078 5776 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:46:16.0094 5776 IPBusEnum - ok 19:46:16.0109 5776 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:46:16.0109 5776 IpFilterDriver - ok 19:46:16.0140 5776 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:46:16.0156 5776 iphlpsvc - ok 19:46:16.0156 5776 IpInIp - ok 19:46:16.0187 5776 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 19:46:16.0187 5776 IPMIDRV - ok 19:46:16.0203 5776 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 19:46:16.0203 5776 IPNAT - ok 19:46:16.0265 5776 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:46:16.0296 5776 iPod Service - ok 19:46:16.0328 5776 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:46:16.0328 5776 IRENUM - ok 19:46:16.0343 5776 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:46:16.0343 5776 isapnp - ok 19:46:16.0390 5776 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 19:46:16.0390 5776 iScsiPrt - ok 19:46:16.0406 5776 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 19:46:16.0406 5776 iteatapi - ok 19:46:16.0468 5776 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 19:46:16.0468 5776 iteraid - ok 19:46:16.0484 5776 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:46:16.0484 5776 kbdclass - ok 19:46:16.0499 5776 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:46:16.0499 5776 kbdhid - ok 19:46:16.0546 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe 19:46:16.0546 5776 KeyIso - ok 19:46:16.0577 5776 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:46:16.0577 5776 KSecDD - ok 19:46:16.0608 5776 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 19:46:16.0608 5776 KtmRm - ok 19:46:16.0671 5776 [ D2862BF2E43718DBDD24664EF4B6C0F0 ] L1C C:\Windows\system32\DRIVERS\L1C60x86.sys 19:46:16.0671 5776 L1C - ok 19:46:16.0702 5776 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:46:16.0702 5776 LanmanServer - ok 19:46:16.0764 5776 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:46:16.0764 5776 LanmanWorkstation - ok 19:46:16.0796 5776 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:46:16.0796 5776 lltdio - ok 19:46:16.0811 5776 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:46:16.0811 5776 lltdsvc - ok 19:46:16.0827 5776 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:46:16.0827 5776 lmhosts - ok 19:46:16.0858 5776 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:46:16.0858 5776 LSI_FC - ok 19:46:16.0889 5776 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:46:16.0889 5776 LSI_SAS - ok 19:46:16.0905 5776 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:46:16.0905 5776 LSI_SCSI - ok 19:46:16.0920 5776 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 19:46:16.0920 5776 luafv - ok 19:46:16.0936 5776 massfilter - ok 19:46:16.0983 5776 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:46:16.0983 5776 MBAMProtector - ok 19:46:17.0045 5776 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:46:17.0061 5776 MBAMScheduler - ok 19:46:17.0076 5776 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 19:46:17.0108 5776 MBAMService - ok 19:46:17.0139 5776 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:46:17.0139 5776 Mcx2Svc - ok 19:46:17.0186 5776 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 19:46:17.0186 5776 megasas - ok 19:46:17.0232 5776 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 19:46:17.0232 5776 MegaSR - ok 19:46:17.0264 5776 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 19:46:17.0264 5776 MMCSS - ok 19:46:17.0295 5776 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 19:46:17.0295 5776 Modem - ok 19:46:17.0295 5776 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:46:17.0310 5776 monitor - ok 19:46:17.0326 5776 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:46:17.0326 5776 mouclass - ok 19:46:17.0326 5776 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:46:17.0326 5776 mouhid - ok 19:46:17.0342 5776 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 19:46:17.0342 5776 MountMgr - ok 19:46:17.0388 5776 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 19:46:17.0388 5776 mpio - ok 19:46:17.0420 5776 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:46:17.0420 5776 mpsdrv - ok 19:46:17.0451 5776 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll 19:46:17.0451 5776 MpsSvc - ok 19:46:17.0482 5776 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 19:46:17.0482 5776 Mraid35x - ok 19:46:17.0482 5776 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:46:17.0482 5776 MRxDAV - ok 19:46:17.0529 5776 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:46:17.0529 5776 mrxsmb - ok 19:46:17.0576 5776 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:46:17.0576 5776 mrxsmb10 - ok 19:46:17.0576 5776 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:46:17.0576 5776 mrxsmb20 - ok 19:46:17.0607 5776 [ 1544DE2B6A41DE218A679EB59F3C3F50 ] msahci C:\Windows\system32\drivers\msahci.sys 19:46:17.0607 5776 msahci - ok 19:46:17.0622 5776 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:46:17.0622 5776 msdsm - ok 19:46:17.0654 5776 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 19:46:17.0654 5776 MSDTC - ok 19:46:17.0669 5776 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:46:17.0669 5776 Msfs - ok 19:46:17.0700 5776 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:46:17.0700 5776 msisadrv - ok 19:46:17.0732 5776 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:46:17.0732 5776 MSiSCSI - ok 19:46:17.0732 5776 msiserver - ok 19:46:17.0763 5776 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:46:17.0778 5776 MSKSSRV - ok 19:46:17.0810 5776 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:46:17.0810 5776 MSPCLOCK - ok 19:46:17.0841 5776 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:46:17.0841 5776 MSPQM - ok 19:46:17.0856 5776 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:46:17.0856 5776 MsRPC - ok 19:46:17.0872 5776 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:46:17.0872 5776 mssmbios - ok 19:46:17.0903 5776 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:46:17.0903 5776 MSTEE - ok 19:46:17.0919 5776 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys 19:46:17.0919 5776 Mup - ok 19:46:17.0950 5776 [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 19:46:17.0950 5776 mwlPSDFilter - ok 19:46:17.0966 5776 [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 19:46:17.0966 5776 mwlPSDNServ - ok 19:46:17.0981 5776 [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 19:46:17.0981 5776 mwlPSDVDisk - ok 19:46:18.0028 5776 [ E71AEEE54F8F0739C85E8F58F2A8280C ] MWLService C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe 19:46:18.0028 5776 MWLService - ok 19:46:18.0059 5776 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll 19:46:18.0075 5776 napagent - ok 19:46:18.0090 5776 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:46:18.0090 5776 NativeWifiP - ok 19:46:18.0122 5776 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:46:18.0137 5776 NDIS - ok 19:46:18.0153 5776 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:46:18.0153 5776 NdisTapi - ok 19:46:18.0168 5776 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:46:18.0168 5776 Ndisuio - ok 19:46:18.0200 5776 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:46:18.0200 5776 NdisWan - ok 19:46:18.0200 5776 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:46:18.0200 5776 NDProxy - ok 19:46:18.0215 5776 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:46:18.0215 5776 NetBIOS - ok 19:46:18.0231 5776 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 19:46:18.0231 5776 netbt - ok 19:46:18.0246 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe 19:46:18.0246 5776 Netlogon - ok 19:46:18.0293 5776 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 19:46:18.0293 5776 Netman - ok 19:46:18.0309 5776 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 19:46:18.0324 5776 netprofm - ok 19:46:18.0356 5776 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:46:18.0371 5776 NetTcpPortSharing - ok 19:46:18.0496 5776 [ 83F310BF50985F2A52121F2614787C38 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 19:46:18.0512 5776 NETw5v32 - ok 19:46:18.0558 5776 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:46:18.0558 5776 nfrd960 - ok 19:46:18.0574 5776 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:46:18.0590 5776 NlaSvc - ok 19:46:18.0590 5776 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:46:18.0590 5776 Npfs - ok 19:46:18.0605 5776 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 19:46:18.0605 5776 nsi - ok 19:46:18.0621 5776 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:46:18.0621 5776 nsiproxy - ok 19:46:18.0668 5776 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:46:18.0683 5776 Ntfs - ok 19:46:18.0761 5776 [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 19:46:18.0761 5776 NTI IScheduleSvc - ok 19:46:18.0808 5776 [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 19:46:18.0808 5776 NTIBackupSvc - ok 19:46:18.0839 5776 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys 19:46:18.0839 5776 NTIDrvr - ok 19:46:18.0870 5776 [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 19:46:18.0870 5776 NTISchedulerSvc - ok 19:46:18.0917 5776 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 19:46:18.0917 5776 ntrigdigi - ok 19:46:18.0933 5776 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 19:46:18.0933 5776 Null - ok 19:46:18.0964 5776 [ C228B9678AE777699603A7BA0F4F7FCD ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 19:46:18.0964 5776 NVHDA - ok 19:46:19.0167 5776 [ 7FAA756FEFDD371745C88F8AE3141F0F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:46:19.0276 5776 nvlddmkm - ok 19:46:19.0307 5776 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:46:19.0307 5776 nvraid - ok 19:46:19.0323 5776 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:46:19.0323 5776 nvstor - ok 19:46:19.0338 5776 [ 4CB7BCA1918EB21BEE0140AC6C69E481 ] nvsvc C:\Windows\system32\nvvsvc.exe 19:46:19.0354 5776 nvsvc - ok 19:46:19.0370 5776 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:46:19.0370 5776 nv_agp - ok 19:46:19.0385 5776 NwlnkFlt - ok 19:46:19.0385 5776 NwlnkFwd - ok 19:46:19.0479 5776 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:46:19.0494 5776 odserv - ok 19:46:19.0541 5776 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:46:19.0541 5776 ohci1394 - ok 19:46:19.0572 5776 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:46:19.0572 5776 ose - ok 19:46:19.0619 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll 19:46:19.0650 5776 p2pimsvc - ok 19:46:19.0666 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll 19:46:19.0666 5776 p2psvc - ok 19:46:19.0682 5776 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 19:46:19.0682 5776 Parport - ok 19:46:19.0697 5776 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:46:19.0713 5776 partmgr - ok 19:46:19.0728 5776 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 19:46:19.0728 5776 Parvdm - ok 19:46:19.0760 5776 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 19:46:19.0760 5776 PcaSvc - ok 19:46:19.0775 5776 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys 19:46:19.0775 5776 pci - ok 19:46:19.0791 5776 [ 01CD2860A161F3D89C8C63E65B3AD100 ] pciide C:\Windows\system32\drivers\pciide.sys 19:46:19.0791 5776 pciide - ok 19:46:19.0822 5776 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:46:19.0822 5776 pcmcia - ok 19:46:19.0869 5776 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:46:19.0884 5776 PEAUTH - ok 19:46:19.0947 5776 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 19:46:19.0978 5776 pla - ok 19:46:20.0009 5776 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:46:20.0009 5776 PlugPlay - ok 19:46:20.0040 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 19:46:20.0040 5776 PNRPAutoReg - ok 19:46:20.0072 5776 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll 19:46:20.0072 5776 PNRPsvc - ok 19:46:20.0103 5776 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:46:20.0103 5776 PolicyAgent - ok 19:46:20.0150 5776 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:46:20.0150 5776 PptpMiniport - ok 19:46:20.0165 5776 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 19:46:20.0181 5776 Processor - ok 19:46:20.0212 5776 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll 19:46:20.0212 5776 ProfSvc - ok 19:46:20.0228 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:46:20.0228 5776 ProtectedStorage - ok 19:46:20.0243 5776 [ 12B318FEA3F8A63BE8E7C13D8BA97564 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 19:46:20.0243 5776 PSched - ok 19:46:20.0306 5776 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:46:20.0321 5776 ql2300 - ok 19:46:20.0321 5776 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:46:20.0321 5776 ql40xx - ok 19:46:20.0352 5776 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 19:46:20.0368 5776 QWAVE - ok 19:46:20.0384 5776 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:46:20.0384 5776 QWAVEdrv - ok 19:46:20.0384 5776 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:46:20.0399 5776 RasAcd - ok 19:46:20.0415 5776 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 19:46:20.0415 5776 RasAuto - ok 19:46:20.0430 5776 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:46:20.0430 5776 Rasl2tp - ok 19:46:20.0446 5776 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll 19:46:20.0462 5776 RasMan - ok 19:46:20.0477 5776 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:46:20.0477 5776 RasPppoe - ok 19:46:20.0493 5776 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:46:20.0493 5776 RasSstp - ok 19:46:20.0508 5776 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:46:20.0524 5776 rdbss - ok 19:46:20.0524 5776 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:46:20.0524 5776 RDPCDD - ok 19:46:20.0555 5776 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 19:46:20.0571 5776 rdpdr - ok 19:46:20.0571 5776 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:46:20.0571 5776 RDPENCDD - ok 19:46:20.0602 5776 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:46:20.0602 5776 RDPWD - ok 19:46:20.0649 5776 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:46:20.0649 5776 RemoteAccess - ok 19:46:20.0664 5776 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:46:20.0680 5776 RemoteRegistry - ok 19:46:20.0696 5776 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 19:46:20.0696 5776 RpcLocator - ok 19:46:20.0727 5776 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll 19:46:20.0727 5776 RpcSs - ok 19:46:20.0742 5776 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:46:20.0742 5776 rspndr - ok 19:46:20.0805 5776 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe 19:46:20.0805 5776 RS_Service - ok 19:46:20.0852 5776 [ 05FF3C3100F163558E37D0A975BEF05C ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 19:46:20.0852 5776 RTSTOR - ok 19:46:20.0852 5776 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe 19:46:20.0852 5776 SamSs - ok 19:46:20.0867 5776 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:46:20.0867 5776 sbp2port - ok 19:46:21.0008 5776 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 19:46:21.0039 5776 SBSDWSCService - ok 19:46:21.0070 5776 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:46:21.0070 5776 SCardSvr - ok 19:46:21.0117 5776 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll 19:46:21.0132 5776 Schedule - ok 19:46:21.0148 5776 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll 19:46:21.0148 5776 SCPolicySvc - ok 19:46:21.0164 5776 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:46:21.0164 5776 SDRSVC - ok 19:46:21.0179 5776 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:46:21.0179 5776 secdrv - ok 19:46:21.0195 5776 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 19:46:21.0195 5776 seclogon - ok 19:46:21.0195 5776 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 19:46:21.0210 5776 SENS - ok 19:46:21.0242 5776 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 19:46:21.0242 5776 Serenum - ok 19:46:21.0257 5776 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 19:46:21.0257 5776 Serial - ok 19:46:21.0273 5776 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:46:21.0273 5776 sermouse - ok 19:46:21.0304 5776 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 19:46:21.0304 5776 SessionEnv - ok 19:46:21.0335 5776 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:46:21.0335 5776 sffdisk - ok 19:46:21.0351 5776 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:46:21.0351 5776 sffp_mmc - ok 19:46:21.0366 5776 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:46:21.0366 5776 sffp_sd - ok 19:46:21.0382 5776 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:46:21.0382 5776 sfloppy - ok 19:46:21.0413 5776 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:46:21.0429 5776 SharedAccess - ok 19:46:21.0476 5776 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:46:21.0476 5776 ShellHWDetection - ok 19:46:21.0491 5776 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:46:21.0491 5776 sisagp - ok 19:46:21.0507 5776 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 19:46:21.0507 5776 SiSRaid2 - ok 19:46:21.0538 5776 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:46:21.0538 5776 SiSRaid4 - ok 19:46:21.0616 5776 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe 19:46:21.0663 5776 slsvc - ok 19:46:21.0694 5776 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll 19:46:21.0694 5776 SLUINotify - ok 19:46:21.0710 5776 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:46:21.0710 5776 Smb - ok 19:46:21.0725 5776 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:46:21.0725 5776 SNMPTRAP - ok 19:46:21.0741 5776 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 19:46:21.0741 5776 spldr - ok 19:46:21.0788 5776 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe 19:46:21.0788 5776 Spooler - ok 19:46:21.0834 5776 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:46:21.0834 5776 srv - ok 19:46:21.0881 5776 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:46:21.0881 5776 srv2 - ok 19:46:21.0944 5776 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:46:21.0944 5776 srvnet - ok 19:46:21.0959 5776 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:46:21.0959 5776 SSDPSRV - ok 19:46:21.0990 5776 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:46:22.0006 5776 SstpSvc - ok 19:46:22.0037 5776 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll 19:46:22.0037 5776 stisvc - ok 19:46:22.0068 5776 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:46:22.0068 5776 swenum - ok 19:46:22.0146 5776 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:46:22.0146 5776 SwitchBoard - ok 19:46:22.0178 5776 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll 19:46:22.0178 5776 swprv - ok 19:46:22.0209 5776 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 19:46:22.0209 5776 Symc8xx - ok 19:46:22.0240 5776 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 19:46:22.0240 5776 Sym_hi - ok 19:46:22.0256 5776 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 19:46:22.0256 5776 Sym_u3 - ok 19:46:22.0302 5776 [ 60CD166AE4261920B4008A1A114AE97C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:46:22.0302 5776 SynTP - ok 19:46:22.0318 5776 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll 19:46:22.0349 5776 SysMain - ok 19:46:22.0380 5776 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:46:22.0380 5776 TabletInputService - ok 19:46:22.0396 5776 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll 19:46:22.0396 5776 TapiSrv - ok 19:46:22.0412 5776 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 19:46:22.0412 5776 TBS - ok 19:46:22.0474 5776 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:46:22.0490 5776 Tcpip - ok 19:46:22.0505 5776 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 19:46:22.0521 5776 Tcpip6 - ok 19:46:22.0552 5776 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:46:22.0552 5776 tcpipreg - ok 19:46:22.0599 5776 [ D623A84FEAF092AB2FCFBF68D194A3DF ] TcUsb C:\Windows\system32\Drivers\tcusb.sys 19:46:22.0599 5776 TcUsb - ok 19:46:22.0614 5776 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:46:22.0614 5776 TDPIPE - ok 19:46:22.0646 5776 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:46:22.0646 5776 TDTCP - ok 19:46:22.0661 5776 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:46:22.0661 5776 tdx - ok 19:46:22.0677 5776 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:46:22.0677 5776 TermDD - ok 19:46:22.0708 5776 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll 19:46:22.0739 5776 TermService - ok 19:46:22.0755 5776 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll 19:46:22.0755 5776 Themes - ok 19:46:22.0770 5776 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 19:46:22.0770 5776 THREADORDER - ok 19:46:22.0786 5776 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 19:46:22.0786 5776 TrkWks - ok 19:46:22.0848 5776 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:46:22.0848 5776 TrustedInstaller - ok 19:46:22.0864 5776 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:46:22.0864 5776 tssecsrv - ok 19:46:22.0895 5776 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 19:46:22.0911 5776 tunmp - ok 19:46:22.0926 5776 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:46:22.0926 5776 tunnel - ok 19:46:22.0942 5776 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:46:22.0942 5776 uagp35 - ok 19:46:22.0973 5776 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 19:46:22.0973 5776 UBHelper - ok 19:46:23.0004 5776 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:46:23.0004 5776 udfs - ok 19:46:23.0020 5776 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:46:23.0036 5776 UI0Detect - ok 19:46:23.0051 5776 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:46:23.0051 5776 uliagpkx - ok 19:46:23.0082 5776 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 19:46:23.0082 5776 uliahci - ok 19:46:23.0098 5776 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 19:46:23.0098 5776 UlSata - ok 19:46:23.0129 5776 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 19:46:23.0129 5776 ulsata2 - ok 19:46:23.0160 5776 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:46:23.0160 5776 umbus - ok 19:46:23.0176 5776 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 19:46:23.0176 5776 upnphost - ok 19:46:23.0223 5776 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 19:46:23.0238 5776 USBAAPL - ok 19:46:23.0285 5776 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:46:23.0285 5776 usbaudio - ok 19:46:23.0316 5776 [ 6FF750CFD323BCE636886189D79D00F8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:46:23.0316 5776 usbccgp - ok 19:46:23.0348 5776 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:46:23.0348 5776 usbcir - ok 19:46:23.0379 5776 [ 155457EE83ABDAEE737F2874EE028B64 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:46:23.0379 5776 usbehci - ok 19:46:23.0394 5776 [ 49D8CE41C61DDA10E126C34713595A16 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:46:23.0394 5776 usbhub - ok 19:46:23.0426 5776 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:46:23.0426 5776 usbohci - ok 19:46:23.0457 5776 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:46:23.0457 5776 usbprint - ok 19:46:23.0504 5776 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:46:23.0504 5776 usbscan - ok 19:46:23.0535 5776 [ 1AA742316F1AF7EC4B139F17F6C7C31A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:46:23.0535 5776 USBSTOR - ok 19:46:23.0550 5776 [ 5708192F0D64D19AF1F1B6EAC8B884AD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:46:23.0550 5776 usbuhci - ok 19:46:23.0566 5776 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:46:23.0566 5776 usbvideo - ok 19:46:23.0597 5776 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll 19:46:23.0597 5776 UxSms - ok 19:46:23.0613 5776 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe 19:46:23.0628 5776 vds - ok 19:46:23.0644 5776 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:46:23.0644 5776 vga - ok 19:46:23.0660 5776 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 19:46:23.0660 5776 VgaSave - ok 19:46:23.0691 5776 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:46:23.0691 5776 viaagp - ok 19:46:23.0706 5776 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 19:46:23.0706 5776 ViaC7 - ok 19:46:23.0722 5776 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 19:46:23.0722 5776 viaide - ok 19:46:23.0862 5776 [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 19:46:23.0862 5776 VMCService - ok 19:46:23.0878 5776 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:46:23.0878 5776 volmgr - ok 19:46:23.0909 5776 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:46:23.0909 5776 volmgrx - ok 19:46:23.0925 5776 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:46:23.0925 5776 volsnap - ok 19:46:23.0956 5776 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:46:23.0956 5776 vsmraid - ok 19:46:24.0003 5776 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe 19:46:24.0034 5776 VSS - ok 19:46:24.0221 5776 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 19:46:24.0237 5776 vToolbarUpdater12.2.6 - ok 19:46:24.0284 5776 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll 19:46:24.0284 5776 W32Time - ok 19:46:24.0330 5776 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:46:24.0330 5776 WacomPen - ok 19:46:24.0362 5776 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 19:46:24.0362 5776 Wanarp - ok 19:46:24.0362 5776 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:46:24.0362 5776 Wanarpv6 - ok 19:46:24.0393 5776 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:46:24.0408 5776 wcncsvc - ok 19:46:24.0424 5776 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:46:24.0424 5776 WcsPlugInService - ok 19:46:24.0455 5776 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 19:46:24.0455 5776 Wd - ok 19:46:24.0486 5776 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:46:24.0486 5776 Wdf01000 - ok 19:46:24.0502 5776 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:46:24.0502 5776 WdiServiceHost - ok 19:46:24.0502 5776 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:46:24.0502 5776 WdiSystemHost - ok 19:46:24.0518 5776 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll 19:46:24.0518 5776 WebClient - ok 19:46:24.0549 5776 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:46:24.0549 5776 Wecsvc - ok 19:46:24.0564 5776 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:46:24.0580 5776 wercplsupport - ok 19:46:24.0580 5776 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll 19:46:24.0596 5776 WerSvc - ok 19:46:24.0627 5776 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys 19:46:24.0642 5776 winbondcir - ok 19:46:24.0674 5776 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:46:24.0689 5776 WinDefend - ok 19:46:24.0689 5776 WinHttpAutoProxySvc - ok 19:46:24.0736 5776 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:46:24.0736 5776 Winmgmt - ok 19:46:24.0798 5776 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 19:46:24.0830 5776 WinRM - ok 19:46:24.0892 5776 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:46:24.0908 5776 Wlansvc - ok 19:46:24.0954 5776 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 19:46:24.0954 5776 WmiAcpi - ok 19:46:24.0986 5776 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:46:24.0986 5776 wmiApSrv - ok 19:46:25.0048 5776 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:46:25.0079 5776 WMPNetworkSvc - ok 19:46:25.0095 5776 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:46:25.0095 5776 WPCSvc - ok 19:46:25.0110 5776 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:46:25.0110 5776 WPDBusEnum - ok 19:46:25.0173 5776 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 19:46:25.0173 5776 WpdUsb - ok 19:46:25.0298 5776 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 19:46:25.0329 5776 WPFFontCache_v0400 - ok 19:46:25.0360 5776 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:46:25.0360 5776 ws2ifsl - ok 19:46:25.0391 5776 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll 19:46:25.0391 5776 wscsvc - ok 19:46:25.0391 5776 WSearch - ok 19:46:25.0438 5776 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:46:25.0438 5776 WUDFRd - ok 19:46:25.0454 5776 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:46:25.0454 5776 wudfsvc - ok 19:46:25.0469 5776 ZTEusbmdm6k - ok 19:46:25.0500 5776 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys 19:46:25.0500 5776 ZTEusbnet - ok 19:46:25.0532 5776 ZTEusbnmea - ok 19:46:25.0547 5776 ZTEusbser6k - ok 19:46:25.0594 5776 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys 19:46:25.0594 5776 ZTEusbvoice - ok 19:46:25.0610 5776 ================ Scan global =============================== 19:46:25.0641 5776 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 19:46:25.0688 5776 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 19:46:25.0703 5776 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 19:46:25.0734 5776 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe 19:46:25.0734 5776 [Global] - ok 19:46:25.0734 5776 ================ Scan MBR ================================== 19:46:25.0750 5776 [ 5586EABCC0D095DB340D873E2B236896 ] \Device\Harddisk0\DR0 19:46:26.0483 5776 \Device\Harddisk0\DR0 - ok 19:46:26.0483 5776 ================ Scan VBR ================================== 19:46:26.0499 5776 [ A9040BC551382649AF40930B3ABA1E73 ] \Device\Harddisk0\DR0\Partition1 19:46:26.0499 5776 \Device\Harddisk0\DR0\Partition1 - ok 19:46:26.0499 5776 ============================================================ 19:46:26.0499 5776 Scan finished 19:46:26.0499 5776 ============================================================ 19:46:26.0499 2492 Detected object count: 1 19:46:26.0499 2492 Actual detected object count: 1 19:46:57.0699 2492 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 19:46:57.0699 2492 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip |
Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist |
Hallo, sorry war über das WE nicht da. Brauche leider immer noch Hilfe: hängt sich leider immer noch auf. Combofix läuft nicht durch: bei ca. der Hälfte hängt sich der PC auf. LG Dinchen |
Mist! FRST Downloade dir bitte FRST und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
|
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist |
Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
Hallo, ja, leider benötige ich immer noch Hilfe :-( ok, jetzt hat es doch geklapp mit dem FRST hier die Datei: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 Ran by SYSTEM at 09-10-2012 20:55:15 Running from E:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-01] (Google) HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2008-12-01] (EgisTec Inc.) HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-03-26] (EgisTec Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated) HKLM\...\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k [249600 2009-04-11] (NewTech Infosystems, Inc.) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-11] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-11] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-22] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated) HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.) HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-04-15] (Acer Incorporated) HKLM\...\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe" [3560448 2009-03-25] (Egis Technology Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [156968 2009-04-13] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [202024 2009-04-13] (CyberLink) HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2011-10-18] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [947808 2012-08-30] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.) HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-23] () HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>) HKU\Default User\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>) HKU\Dinchen\...\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c [349640 2010-02-11] (IncrediMail, Ltd.) HKU\Dinchen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Dinchen\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.) HKU\Dinchen\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Dinchen\...\Run: [Akamai NetSession Interface] "C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.) HKU\Dinchen\...\Run: [Facebook Update] "C:\Users\Dinchen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x] HKU\Dinchen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.) HKU\Medi\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X] Tcpip\Parameters: [DhcpNameServer] 78.42.43.62 82.212.62.62 AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico () ==================== Services (Whitelisted) =================== 2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-01-20] (Agere Systems) 3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () 2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-22] (AVG Technologies CZ, s.r.o.) 2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-22] (AVG Technologies CZ, s.r.o.) 2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-14] () 2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.) 2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-01] (Google) 2 gupdate1ca0dc76fc8fc00; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-07-26] (Google Inc.) 2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-03-26] (EgisTec Inc.) 2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.) 2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) 2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-04] (Acer Incorporated) 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-04-20] (Vodafone) 2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] () 2 Akamai; c:\program files\common files\akamai/netsession_win_5891ae0.dll [x] ==================== Drivers (Whitelisted) ==================== 0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation) 1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-22] (AVG Technologies CZ, s.r.o.) 1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-22] (AVG Technologies CZ, s.r.o.) 1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-07-21] (AVG Technologies CZ, s.r.o.) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies) 3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) 2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) 3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) 2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] () 3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [50176 2009-04-07] (Atheros Communications, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation) 1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-11-11] (Egis Incorporated.) 1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-11-11] (Egis Incorporated.) 1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-11-11] (Egis Incorporated.) 3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation) 3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation) 3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated) 2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x] 3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x] 3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-10-09 20:55 - 2012-10-09 20:55 - 00000000 ____D C:\FRST 2012-09-24 10:58 - 2012-09-28 09:17 - 00000000 ___SD C:\32788R22FWJFW 2012-09-24 10:58 - 2012-09-24 10:58 - 00000000 ____D C:\Windows\erdnt 2012-09-24 10:46 - 2012-09-28 09:17 - 04757745 ____R (Swearware) C:\Users\Medi\Desktop\ComboFix.exe 2012-09-23 09:44 - 2012-09-23 09:44 - 00002005 ____A C:\Users\Medi\Desktop\aswMBR.txt 2012-09-23 09:44 - 2012-09-23 09:44 - 00000512 ____A C:\Users\Medi\Desktop\MBR.dat 2012-09-23 09:06 - 2012-09-23 09:07 - 04731392 ____A (AVAST Software) C:\Users\Medi\Desktop\aswMBR.exe 2012-09-23 09:06 - 2012-09-23 09:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Medi\Desktop\tdsskiller.exe 2012-09-23 09:04 - 2012-09-23 09:04 - 04731392 ____A (AVAST Software) C:\Users\Medi\Documents\aswMBR.exe 2012-09-20 08:38 - 2012-09-20 08:38 - 00215832 ____A C:\Windows\Minidump\Mini092012-01.dmp 2012-09-18 08:06 - 2012-09-18 08:06 - 00302592 ____A C:\Users\Dinchen\Desktop\vqk2vqt9.exe 2012-09-18 03:13 - 2012-09-18 03:13 - 00061558 ____A C:\Users\Dinchen\Desktop\Extras.Txt 2012-09-18 03:11 - 2012-09-18 03:11 - 00088898 ____A C:\Users\Dinchen\Desktop\OTL.Txt 2012-09-18 02:52 - 2012-09-18 02:52 - 00600576 ____A (OldTimer Tools) C:\Users\Dinchen\Desktop\OTL.exe 2012-09-18 02:51 - 2012-09-18 02:52 - 00000476 ____A C:\Users\Dinchen\Desktop\defogger_disable.log 2012-09-18 02:51 - 2012-09-18 02:51 - 00000000 ____A C:\Users\Dinchen\defogger_reenable 2012-09-18 02:48 - 2012-09-18 02:48 - 00050477 ____A C:\Users\Dinchen\Desktop\Defogger.exe 2012-09-17 09:59 - 2012-09-17 10:53 - 00005103 ____A C:\Windows\System32\avgrep.txt ==================== 3 Months Modified Files ================== 2012-10-09 10:52 - 2006-11-02 05:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-10-09 10:52 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-09 10:51 - 2009-06-12 05:59 - 00245777 ____A C:\Users\All Users\nvModes.dat 2012-10-09 10:50 - 2009-07-26 00:20 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-10-09 10:50 - 2009-07-21 15:28 - 00245684 ____A C:\Users\All Users\nvModes.001 2012-10-09 10:50 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-09 10:50 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-30 08:55 - 2012-05-28 11:44 - 00001146 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job 2012-09-28 09:17 - 2012-09-24 10:46 - 04757745 ____R (Swearware) C:\Users\Medi\Desktop\ComboFix.exe 2012-09-24 10:48 - 2009-07-26 00:20 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-23 09:44 - 2012-09-23 09:44 - 00002005 ____A C:\Users\Medi\Desktop\aswMBR.txt 2012-09-23 09:44 - 2012-09-23 09:44 - 00000512 ____A C:\Users\Medi\Desktop\MBR.dat 2012-09-23 09:07 - 2012-09-23 09:06 - 04731392 ____A (AVAST Software) C:\Users\Medi\Desktop\aswMBR.exe 2012-09-23 09:06 - 2012-09-23 09:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Medi\Desktop\tdsskiller.exe 2012-09-23 09:04 - 2012-09-23 09:04 - 04731392 ____A (AVAST Software) C:\Users\Medi\Documents\aswMBR.exe 2012-09-20 11:55 - 2012-05-28 11:44 - 00001124 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job 2012-09-20 08:38 - 2012-09-20 08:38 - 00215832 ____A C:\Windows\Minidump\Mini092012-01.dmp 2012-09-20 08:37 - 2011-03-01 00:18 - 286542640 ____A C:\Windows\MEMORY.DMP 2012-09-18 08:06 - 2012-09-18 08:06 - 00302592 ____A C:\Users\Dinchen\Desktop\vqk2vqt9.exe 2012-09-18 05:54 - 2012-09-06 11:09 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-18 03:13 - 2012-09-18 03:13 - 00061558 ____A C:\Users\Dinchen\Desktop\Extras.Txt 2012-09-18 03:11 - 2012-09-18 03:11 - 00088898 ____A C:\Users\Dinchen\Desktop\OTL.Txt 2012-09-18 02:52 - 2012-09-18 02:52 - 00600576 ____A (OldTimer Tools) C:\Users\Dinchen\Desktop\OTL.exe 2012-09-18 02:52 - 2012-09-18 02:51 - 00000476 ____A C:\Users\Dinchen\Desktop\defogger_disable.log 2012-09-18 02:51 - 2012-09-18 02:51 - 00000000 ____A C:\Users\Dinchen\defogger_reenable 2012-09-18 02:48 - 2012-09-18 02:48 - 00050477 ____A C:\Users\Dinchen\Desktop\Defogger.exe 2012-09-18 02:31 - 2009-06-12 05:22 - 02059662 ____A C:\Windows\WindowsUpdate.log 2012-09-17 10:53 - 2012-09-17 09:59 - 00005103 ____A C:\Windows\System32\avgrep.txt 2012-09-16 11:51 - 2012-01-06 02:52 - 00002633 ____A C:\Users\Dinchen\Desktop\Microsoft Office Excel 2007.lnk 2012-09-11 12:17 - 2008-01-20 18:47 - 00774476 ____A C:\Windows\PFRO.log 2012-09-10 03:57 - 2008-01-20 23:16 - 01445136 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-07 07:04 - 2012-09-06 11:09 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-06 11:08 - 2012-09-06 11:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Dinchen\Desktop\mbam-setup-1.62.0.1300.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2012-09-06 10:13 - 2012-09-06 10:13 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-09-06 10:13 - 2011-01-08 05:26 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll 2012-09-06 09:55 - 2006-11-02 04:47 - 03653536 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-06 05:01 - 2012-09-06 05:01 - 00000051 ____A C:\Users\All Users\dsdebiyskdmnkuo 2012-09-01 05:07 - 2012-09-01 05:07 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Kirchheim.xlsx 2012-09-01 05:07 - 2012-09-01 05:07 - 00000165 ___AH C:\Users\Dinchen\Desktop\~$Haus Kirchheim.xlsx 2012-09-01 05:07 - 2011-05-02 09:22 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Sandhausen.xlsx 2012-08-30 09:52 - 2012-08-30 09:52 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2012-08-28 00:15 - 2012-03-07 09:38 - 00159232 ____A C:\Users\Dinchen\Desktop\Haushaltsbuch.xls 2012-08-16 17:04 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-08-12 01:32 - 2012-01-06 02:51 - 00002631 ____A C:\Users\Dinchen\Desktop\Microsoft Office Word 2007.lnk 2012-08-02 10:20 - 2006-11-02 04:52 - 00119966 ____A C:\Windows\setupact.log 2012-08-01 09:01 - 2009-09-02 08:58 - 00041472 ____A C:\Users\Dinchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-25 13:57 - 2012-07-25 13:57 - 00030208 ____H C:\Users\Dinchen\Desktop\~WRL1611.tmp 2012-07-25 03:32 - 2012-07-24 23:32 - 00045056 ____H C:\Users\Dinchen\Desktop\~WRL2947.tmp 2012-07-25 03:32 - 2012-07-12 13:00 - 00294912 ____H C:\Users\Dinchen\Desktop\~WRL3520.tmp 2012-07-15 02:07 - 2012-07-12 13:00 - 00116736 ____H C:\Users\Dinchen\Desktop\~WRL2931.tmp 2012-07-12 13:07 - 2012-07-12 13:00 - 00027648 ____H C:\Users\Dinchen\Desktop\~WRL0417.tmp ZeroAccess: C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4} C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\@ C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\00000004.@ C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\1afb2d56 C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\80000032.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4059.99 MB Available physical RAM: 3701.35 MB Total Pagefile: 3927.55 MB Available Pagefile: 3782.77 MB Total Virtual: 2047.88 MB Available Virtual: 1974.3 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:449.3 GB) (Free:376.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (BELLA USB) (Removable) (Total:0.94 GB) (Free:0.86 GB) FAT 4 Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.13 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 466 GB 0 B 1 Online 964 MB 0 B Last Boot: 2012-09-25 09:30 ==================== End Of Log ============================ hallo, es fängt an besser zu werden! LG Dinchen |
FRST Erstelle bitte ein neues FRST log! Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
|
Frst log datei: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-11-2012 Ran by SYSTEM at 07-11-2012 15:59:59 Running from D:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x] HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-01] (Google) HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2008-12-01] (EgisTec Inc.) HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-03-26] (EgisTec Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated) HKLM\...\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k [249600 2009-04-11] (NewTech Infosystems, Inc.) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-11] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-11] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-22] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated) HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.) HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-04-15] (Acer Incorporated) HKLM\...\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe" [3560448 2009-03-25] (Egis Technology Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [156968 2009-04-13] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [202024 2009-04-13] (CyberLink) HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2011-10-18] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [947808 2012-08-30] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.) HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-23] () HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>) HKU\Default User\...\RunOnce: [ScrSav] C:\Windows\SCREEN~1\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>) HKU\Dinchen\...\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c [349640 2010-02-11] (IncrediMail, Ltd.) HKU\Dinchen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Dinchen\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.) HKU\Dinchen\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Dinchen\...\Run: [Akamai NetSession Interface] "C:\Users\Dinchen\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.) HKU\Dinchen\...\Run: [Facebook Update] "C:\Users\Dinchen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x] HKU\Dinchen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.) HKU\Medi\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-07-21] (Google Inc.) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X] Tcpip\Parameters: [DhcpNameServer] 78.42.43.62 82.212.62.62 AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico () ==================== Services (Whitelisted) =================== 2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-01-20] (Agere Systems) 3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () 2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-22] (AVG Technologies CZ, s.r.o.) 2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-22] (AVG Technologies CZ, s.r.o.) 2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-14] () 2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.) 2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-01] (Google) 2 gupdate1ca0dc76fc8fc00; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-07-26] (Google Inc.) 2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-03-26] (EgisTec Inc.) 2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.) 2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) 2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-04] (Acer Incorporated) 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-04-20] (Vodafone) 2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] () 2 Akamai; c:\program files\common files\akamai/netsession_win_b5e8a4c.dll [x] ==================== Drivers (Whitelisted) ==================== 0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation) 1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-22] (AVG Technologies CZ, s.r.o.) 1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-22] (AVG Technologies CZ, s.r.o.) 1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-07-21] (AVG Technologies CZ, s.r.o.) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-08-30] (AVG Technologies) 3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) 2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) 3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) 2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] () 3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [50176 2009-04-07] (Atheros Communications, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation) 1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-11-11] (Egis Incorporated.) 1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-11-11] (Egis Incorporated.) 1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-11-11] (Egis Incorporated.) 3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation) 3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation) 3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated) 2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x] 3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x] 3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== ==================== 3 Months Modified Files ================== 2012-11-07 03:32 - 2009-07-21 15:28 - 00245684 ____A C:\Users\All Users\nvModes.001 2012-11-07 03:32 - 2009-06-12 05:59 - 00245777 ____A C:\Users\All Users\nvModes.dat 2012-11-07 03:32 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-07 03:32 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-30 11:48 - 2009-07-26 00:20 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-10-30 11:48 - 2009-07-26 00:20 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-10-30 11:48 - 2008-01-20 23:16 - 01445136 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-30 11:40 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-10 23:08 - 2006-11-02 05:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-10-10 10:33 - 2009-06-12 05:22 - 02060068 ____A C:\Windows\WindowsUpdate.log 2012-10-10 08:55 - 2012-05-28 11:44 - 00001146 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000UA.job 2012-10-10 08:49 - 2012-01-06 02:52 - 00002633 ____A C:\Users\Dinchen\Desktop\Microsoft Office Excel 2007.lnk 2012-09-28 09:17 - 2012-09-24 10:46 - 04757745 ____R (Swearware) C:\Users\Medi\Desktop\ComboFix.exe 2012-09-23 09:44 - 2012-09-23 09:44 - 00002005 ____A C:\Users\Medi\Desktop\aswMBR.txt 2012-09-23 09:44 - 2012-09-23 09:44 - 00000512 ____A C:\Users\Medi\Desktop\MBR.dat 2012-09-23 09:07 - 2012-09-23 09:06 - 04731392 ____A (AVAST Software) C:\Users\Medi\Desktop\aswMBR.exe 2012-09-23 09:06 - 2012-09-23 09:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Medi\Desktop\tdsskiller.exe 2012-09-23 09:04 - 2012-09-23 09:04 - 04731392 ____A (AVAST Software) C:\Users\Medi\Documents\aswMBR.exe 2012-09-20 11:55 - 2012-05-28 11:44 - 00001124 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704089588-1356486549-2778145326-1000Core.job 2012-09-20 08:38 - 2012-09-20 08:38 - 00215832 ____A C:\Windows\Minidump\Mini092012-01.dmp 2012-09-20 08:37 - 2011-03-01 00:18 - 286542640 ____A C:\Windows\MEMORY.DMP 2012-09-18 08:06 - 2012-09-18 08:06 - 00302592 ____A C:\Users\Dinchen\Desktop\vqk2vqt9.exe 2012-09-18 05:54 - 2012-09-06 11:09 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-18 03:13 - 2012-09-18 03:13 - 00061558 ____A C:\Users\Dinchen\Desktop\Extras.Txt 2012-09-18 03:11 - 2012-09-18 03:11 - 00088898 ____A C:\Users\Dinchen\Desktop\OTL.Txt 2012-09-18 02:52 - 2012-09-18 02:52 - 00600576 ____A (OldTimer Tools) C:\Users\Dinchen\Desktop\OTL.exe 2012-09-18 02:52 - 2012-09-18 02:51 - 00000476 ____A C:\Users\Dinchen\Desktop\defogger_disable.log 2012-09-18 02:51 - 2012-09-18 02:51 - 00000000 ____A C:\Users\Dinchen\defogger_reenable 2012-09-18 02:48 - 2012-09-18 02:48 - 00050477 ____A C:\Users\Dinchen\Desktop\Defogger.exe 2012-09-17 10:53 - 2012-09-17 09:59 - 00005103 ____A C:\Windows\System32\avgrep.txt 2012-09-11 12:17 - 2008-01-20 18:47 - 00774476 ____A C:\Windows\PFRO.log 2012-09-07 07:04 - 2012-09-06 11:09 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-06 11:08 - 2012-09-06 11:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Dinchen\Desktop\mbam-setup-1.62.0.1300.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2012-09-06 10:13 - 2012-09-06 10:13 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-09-06 10:13 - 2012-09-06 10:13 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-09-06 10:13 - 2011-01-08 05:26 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll 2012-09-06 09:55 - 2006-11-02 04:47 - 03653536 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-06 05:01 - 2012-09-06 05:01 - 00000051 ____A C:\Users\All Users\dsdebiyskdmnkuo 2012-09-01 05:07 - 2012-09-01 05:07 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Kirchheim.xlsx 2012-09-01 05:07 - 2012-09-01 05:07 - 00000165 ___AH C:\Users\Dinchen\Desktop\~$Haus Kirchheim.xlsx 2012-09-01 05:07 - 2011-05-02 09:22 - 00049075 ____A C:\Users\Dinchen\Desktop\Haus Sandhausen.xlsx 2012-08-30 09:52 - 2012-08-30 09:52 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2012-08-28 00:15 - 2012-03-07 09:38 - 00159232 ____A C:\Users\Dinchen\Desktop\Haushaltsbuch.xls 2012-08-16 17:04 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-08-12 01:32 - 2012-01-06 02:51 - 00002631 ____A C:\Users\Dinchen\Desktop\Microsoft Office Word 2007.lnk ZeroAccess: C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4} C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\@ C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\00000004.@ C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\L\1afb2d56 C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4}\U\80000032.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4059.99 MB Available physical RAM: 3705.87 MB Total Pagefile: 3929.55 MB Available Pagefile: 3786.45 MB Total Virtual: 2047.88 MB Available Virtual: 1972.93 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:449.3 GB) (Free:375.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (BELLA USB) (Removable) (Total:0.94 GB) (Free:0.86 GB) FAT 4 Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.12 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 466 GB 0 B 1 Online 964 MB 0 B Last Boot: 2012-10-30 11:55 ==================== End Of Log ============================ Edit: ich weiß nicht, ob das in irgendeinem Zusammenhang steht aber bei mir sind die "automatischen Updates" deaktiviert. Und die lassen sich auch manuell nicht aktivieren. |
Zitat:
Fix mit FRST Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: C:\Users\All Users\dsdebiyskdmnkuo
Startet der Rechner im abgesicherten Modus mit Netzwerktreibern und läuft dort stabil? Abgesicherter Modus zur Bereinigung
|
hier die Log Datei: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-11-2012 Ran by SYSTEM at 2012-11-08 12:55:05 Run:1 Running from D:\ ============================================== C:\Users\All Users\dsdebiyskdmnkuo moved successfully. C:\Users\Dinchen\AppData\Local\{96805108-c7de-4b35-732e-2269ef6b11e4} moved successfully. Ob der PC im abgesicherten Modus läuft überprüfe ich gerade. Bis jetzt läuft er und hängt sich nicht auf. ==== End of Fixlog ==== |
Dann führe jetzt Combofix aus! Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo, Combofix läuft nicht durch. Ich weiß nicht, ob Du das anhand der Logs sehen kannst, aber automatische Updates ist immer noch deaktiviert und lässt sich nicht einschalten. |
Hast du Combofix im abgesicherten Modus ausgeführt? |
Jetzt schon :-) Hier die Comobofix-Log-Datei Combofix Logfile: Code: ComboFix 12-11-08.01 - Medi 12.11.2012 8:29.1.2 - x86 NETWORK |
Schritt 1: Software deinstallieren
|
alles deinstalliert hier die adw datei # AdwCleaner v2.007 - Datei am 12/11/2012 um 16:37:59 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzer : Dinchen - DINCHEN-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Dinchen\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Ordner Gefunden : C:\Program Files\AVG Secure Search Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\ProgramData\AVG Secure Search Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\Dinchen\AppData\Local\AVG Secure Search Ordner Gefunden : C:\Users\Dinchen\AppData\LocalLow\AVG Secure Search Ordner Gefunden : C:\Users\Dinchen\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\Dinchen\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\iWin Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\Conduit Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\CT2269050 Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} Ordner Gefunden : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\extensions\ffxtlbr@babylon.com Ordner Gefunden : C:\Users\Medi\AppData\Local\AVG Secure Search Ordner Gefunden : C:\Users\Medi\AppData\LocalLow\Conduit ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AVG Secure Search Schlüssel Gefunden : HKCU\Software\Babylon Schlüssel Gefunden : HKCU\Software\Microsoft\Babylon Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\AVG Secure Search Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Schlüssel Gefunden : HKU\S-1-5-21-1704089588-1356486549-2778145326-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-1704089588-1356486549-2778145326-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKU\S-1-5-21-1704089588-1356486549-2778145326-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKU\S-1-5-21-1704089588-1356486549-2778145326-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19088 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=NT_ss&mntrId=880d53a40000000000000022fa274d5c -\\ Mozilla Firefox v3.5.19 (de) Profilname : default Datei : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\prefs.js Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gefunden : user_pref("CT2269050.CTID", "CT2269050"); Gefunden : user_pref("CT2269050.CurrentServerDate", "4-1-2012"); Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Mon May 10 2010 21:37:02 GMT+0200"); Gefunden : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Tue Apr 13 2010 09:23:03 GMT+02[...] Gefunden : user_pref("CT2269050.FirstServerDate", "24-3-2010"); Gefunden : user_pref("CT2269050.FirstTime", true); Gefunden : user_pref("CT2269050.FirstTimeFF3", true); Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true); Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gefunden : user_pref("CT2269050.Initialize", true); Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true); Gefunden : user_pref("CT2269050.InstalledDate", "Wed Mar 24 2010 16:33:44 GMT+0100"); Gefunden : user_pref("CT2269050.InvalidateCache", false); Gefunden : user_pref("CT2269050.IsGrouping", false); Gefunden : user_pref("CT2269050.IsMulticommunity", false); Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false); Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false); Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jan 04 2012 00:33:48 GMT+0100"); Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gefunden : user_pref("CT2269050.LastLogin_2.5.6.0", "Wed Jan 04 2012 18:37:38 GMT+0100"); Gefunden : user_pref("CT2269050.LatestVersion", "3.8.1.0"); Gefunden : user_pref("CT2269050.Locale", "en"); Gefunden : user_pref("CT2269050.LoginCache", 4); Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gefunden : user_pref("CT2269050.MCDetectTooltipShow", false); Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gefunden : user_pref("CT2269050.RadioIsPodcast", false); Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Sun May 09 2010 22:10:09 GMT+0200"); Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gefunden : user_pref("CT2269050.RadioMediaID", "12473383"); Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player"); Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gefunden : user_pref("CT2269050.RadioShrinked", "shrinked"); Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gefunden : user_pref("CT2269050.SHRINK_TOOLBAR", 0); Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true); Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jan 04 2012 00:33:47 GMT+0100"); Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Wed Jan 04 2012 21:03:56 GMT+0100"); Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1325060706"); Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Jan 02 2012 23:23:02 GMT+0100"); Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586"); Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Gefunden : user_pref("CT2269050.UserID", "UN59621138340304185"); Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 2); Gefunden : user_pref("CT2269050.WeatherNetwork", ""); Gefunden : user_pref("CT2269050.WeatherPollDate", "Mon May 10 2010 21:32:01 GMT+0200"); Gefunden : user_pref("CT2269050.WeatherUnit", "C"); Gefunden : user_pref("CT2269050.alertChannelId", "666138"); Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3D70706D73743F437A7246734A207749784C254C217D502A23[...] Gefunden : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6B3B6C416A746F447A7674737A7C7D7777794D2050"); Gefunden : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Gefunden : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "536174204A616E20303720323031322032333A[...] Gefunden : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); Gefunden : user_pref("CT2269050.clientLogIsEnabled", false); Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gefunden : user_pref("CT2269050.components.1000034", false); Gefunden : user_pref("CT2269050.components.1000082", false); Gefunden : user_pref("CT2269050.components.1000234", false); Gefunden : user_pref("CT2269050.components.1074299250311087441", false); Gefunden : user_pref("CT2269050.components.129023235807856892", false); Gefunden : user_pref("CT2269050.components.129114742153905471", false); Gefunden : user_pref("CT2269050.components.129121052374999726", false); Gefunden : user_pref("CT2269050.components.129155436085618274", false); Gefunden : user_pref("CT2269050.components.129166678427795557", false); Gefunden : user_pref("CT2269050.components.129172792568014386", false); Gefunden : user_pref("CT2269050.components.2637975891131883555", false); Gefunden : user_pref("CT2269050.components.3884729828034112138", false); Gefunden : user_pref("CT2269050.components.8725437798015705293", false); Gefunden : user_pref("CT2269050.components.8767590000360389618", false); Gefunden : user_pref("CT2269050.myStuffEnabled", true); Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 10 2010 21:02:00 GMT+0200"); Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32"); Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=NT_ss&mn[...] Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)"); Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP[...] Gefunden : user_pref("extensions.BabylonToolbar.admin", false); Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010712_6"); Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 30); Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true); Gefunden : user_pref("extensions.BabylonToolbar.hmpg", true); Gefunden : user_pref("extensions.BabylonToolbar.id", "880d53a40000000000000022fa274d5c"); Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15528"); Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=113480&tt=010712[...] Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 30); Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:56:29"); Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5"); Gefunden : user_pref("extensions.BabylonToolbar.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Gefunden : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 84909240); Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 1); Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:56:29"); Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_6"); Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "880d53a40000000000000022fa274d5c"); Gefunden : user_pref("extensions.BabylonToolbar_i.id", "880d53a40000000000000022fa274d5c"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15528"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false); Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:56:29"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=KW_ss&mntrId=88[...] Profilname : default Datei : C:\Users\Medi\AppData\Roaming\Mozilla\Firefox\Profiles\e1t2hkgs.default\prefs.js Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Gefunden : user_pref("browser.search.selectedEngine", "AVG Secure Search"); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v11.64.1403.0 Datei : C:\Users\Dinchen\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. Datei : C:\Users\Medi\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [21959 octets] - [12/11/2012 16:37:59] ########## EOF - C:\AdwCleaner[R1].txt - [22020 octets] ########## |
Schritt 1: Fix mit adwCleaner
Schritt 2: Neues OTL-Log
|
Hier die Datei vom Fix des adw cleaner # AdwCleaner v2.007 - Datei am 13/11/2012 um 08:27:27 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzer : Dinchen - DINCHEN-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Dinchen\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\user.js Ordner Gelöscht : C:\Program Files\AVG Secure Search Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\ProgramData\AVG Secure Search Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Dinchen\AppData\Local\AVG Secure Search Ordner Gelöscht : C:\Users\Dinchen\AppData\LocalLow\AVG Secure Search Ordner Gelöscht : C:\Users\Dinchen\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Dinchen\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\iWin Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\Conduit Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\CT2269050 Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} Ordner Gelöscht : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\Users\Medi\AppData\Local\AVG Secure Search Ordner Gelöscht : C:\Users\Medi\AppData\LocalLow\Conduit ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\Babylon Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\AVG Secure Search Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19088 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=NT_ss&mntrId=880d53a40000000000000022fa274d5c --> hxxp://www.google.com -\\ Mozilla Firefox v3.5.19 (de) Profilname : default Datei : C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\prefs.js C:\Users\Dinchen\AppData\Roaming\Mozilla\Firefox\Profiles\stjoyyeb.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2269050.CTID", "CT2269050"); Gelöscht : user_pref("CT2269050.CurrentServerDate", "4-1-2012"); Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon May 10 2010 21:37:02 GMT+0200"); Gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Tue Apr 13 2010 09:23:03 GMT+02[...] Gelöscht : user_pref("CT2269050.FirstServerDate", "24-3-2010"); Gelöscht : user_pref("CT2269050.FirstTime", true); Gelöscht : user_pref("CT2269050.FirstTimeFF3", true); Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2269050.Initialize", true); Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Mar 24 2010 16:33:44 GMT+0100"); Gelöscht : user_pref("CT2269050.InvalidateCache", false); Gelöscht : user_pref("CT2269050.IsGrouping", false); Gelöscht : user_pref("CT2269050.IsMulticommunity", false); Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false); Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jan 04 2012 00:33:48 GMT+0100"); Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2269050.LastLogin_2.5.6.0", "Wed Jan 04 2012 18:37:38 GMT+0100"); Gelöscht : user_pref("CT2269050.LatestVersion", "3.8.1.0"); Gelöscht : user_pref("CT2269050.Locale", "en"); Gelöscht : user_pref("CT2269050.LoginCache", 4); Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2269050.MCDetectTooltipShow", false); Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2269050.RadioIsPodcast", false); Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sun May 09 2010 22:10:09 GMT+0200"); Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383"); Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gelöscht : user_pref("CT2269050.RadioShrinked", "shrinked"); Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 0); Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jan 04 2012 00:33:47 GMT+0100"); Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Jan 04 2012 21:03:56 GMT+0100"); Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1325060706"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Jan 02 2012 23:23:02 GMT+0100"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586"); Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Gelöscht : user_pref("CT2269050.UserID", "UN59621138340304185"); Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2); Gelöscht : user_pref("CT2269050.WeatherNetwork", ""); Gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon May 10 2010 21:32:01 GMT+0200"); Gelöscht : user_pref("CT2269050.WeatherUnit", "C"); Gelöscht : user_pref("CT2269050.alertChannelId", "666138"); Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3D70706D73743F437A7246734A207749784C254C217D502A23[...] Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6B3B6C416A746F447A7674737A7C7D7777794D2050"); Gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "536174204A616E20303720323031322032333A[...] Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false); Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT2269050.components.1000034", false); Gelöscht : user_pref("CT2269050.components.1000082", false); Gelöscht : user_pref("CT2269050.components.1000234", false); Gelöscht : user_pref("CT2269050.components.1074299250311087441", false); Gelöscht : user_pref("CT2269050.components.129023235807856892", false); Gelöscht : user_pref("CT2269050.components.129114742153905471", false); Gelöscht : user_pref("CT2269050.components.129121052374999726", false); Gelöscht : user_pref("CT2269050.components.129155436085618274", false); Gelöscht : user_pref("CT2269050.components.129166678427795557", false); Gelöscht : user_pref("CT2269050.components.129172792568014386", false); Gelöscht : user_pref("CT2269050.components.2637975891131883555", false); Gelöscht : user_pref("CT2269050.components.3884729828034112138", false); Gelöscht : user_pref("CT2269050.components.8725437798015705293", false); Gelöscht : user_pref("CT2269050.components.8767590000360389618", false); Gelöscht : user_pref("CT2269050.myStuffEnabled", true); Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 10 2010 21:02:00 GMT+0200"); Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32"); Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=NT_ss&mn[...] Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP[...] Gelöscht : user_pref("extensions.BabylonToolbar.admin", false); Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010712_6"); Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 30); Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true); Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true); Gelöscht : user_pref("extensions.BabylonToolbar.id", "880d53a40000000000000022fa274d5c"); Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15528"); Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=113480&tt=010712[...] Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 30); Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:56:29"); Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5"); Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 84909240); Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1); Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:56:29"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_6"); Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "880d53a40000000000000022fa274d5c"); Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "880d53a40000000000000022fa274d5c"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15528"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false); Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:56:29"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=KW_ss&mntrId=88[...] Profilname : default Datei : C:\Users\Medi\AppData\Roaming\Mozilla\Firefox\Profiles\e1t2hkgs.default\prefs.js Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search"); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Dinchen\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v11.64.1403.0 Datei : C:\Users\Dinchen\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. Datei : C:\Users\Medi\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [22090 octets] - [12/11/2012 16:37:59] AdwCleaner[S1].txt - [21547 octets] - [13/11/2012 08:27:27] ########## EOF - C:\AdwCleaner[S1].txt - [21608 octets] ########## hier die 1. OTL LogOTL Logfile: OTL EXTRAS Logfile: Code: OTL logfile created on: 13.11.2012 08:52:33 - Run 2--- --- --- |
Fehlt noch die OTL.txt! |
Sorry! Hier die OTL Text datei:OTL Logfile: Code: OTL logfile created on: 13.11.2012 08:52:33 - Run 2 |
Schritt 1: Fix mit OTL
Code: :OTL
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
|
Hier die OTL FixDatei All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! ========== FILES ========== ADS C:\ProgramData\Temp:131C0EE9 deleted successfully. ADS C:\ProgramData\Temp:E1982A23 deleted successfully. ADS C:\ProgramData\Temp:814B9485 deleted successfully. ADS C:\ProgramData\Temp:3B3A35EC deleted successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:ADE16379 deleted successfully. ADS C:\ProgramData\Temp:4F636E25 deleted successfully. ADS C:\ProgramData\Temp:3064D21D deleted successfully. ADS C:\ProgramData\Temp:41099CE9 deleted successfully. ADS C:\ProgramData\Temp:B623B5B8 deleted successfully. ADS C:\ProgramData\Temp:CE0A077E deleted successfully. Unable to delete ADS C:\ProgramData\Temp:B203B914C:\ProgramData\ywdhofafskfsjhe . ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Default -> No Temporary Internet Files cache folder defined! User: Default User -> No Temporary Internet Files cache folder defined! User: Dinchen -> No Temporary Internet Files cache folder defined! User: Medi -> No Temporary Internet Files cache folder defined! User: Public -> No Temporary Internet Files cache folder defined! %systemdrive% .tmp files removed: 14648 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13026 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.63.0 log created on 11162012_092830 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Zu Malwarebytes habe ich eine Frage: das habe ich ja bereits auf meinem PC... soll ich das deinstallieren und neu runterladen oder das Alte aktuallisieren? |
Aktualisiere das alte :) |
Ok :) Hier die Log datei: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.11.16.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Dinchen :: DINCHEN-PC [Administrator] 16.11.2012 10:16:58 mbam-log-2012-11-16 (10-16-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | PUP | PUM Deaktivierte Suchlaufeinstellungen: HeuristiKs/Shuriken | P2P Durchsuchte Objekte: 227576 Laufzeit: 10 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Aber in der Quarantäne hängen noch 12 Trojaner rum, darf man die einfach löschen? |
Die Quarantäne kann gelöscht werden! Wie verhält sich der Rechner? |
Besser! Automatische Updates ist auch wieder installiert. Ich werde es die nächsten Tage weiter testen und mich gegebenenfalls nochmals bei dir melden. Vielen vielen Dank schon mal. Noch eine Frage: wie kann ich so etwas zukünftig verhindern? |
Dann sind wir durch! :) Schritt 1: Java update Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Nach dem Neustart:
Schritt 2: Adobe Flash Player update Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden. Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code: Combofix /UninstallDamit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. ComboFix
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann. |
Ich hab Probleme Combofix zu deinstallieren: es kommt immer die Meldung: "Combofix" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang. Und ich habe noch aswMBR und Tdsskiller bei mir drauf. Auch entfernen bzw. deinstallieren? Leider hängt er teilweise immer noch :-( sorry! Also beim surfen im inet gehts, aber sobald ich etwas "mehr" machen möchte hängt er sich auf. Z.b. wollte ich die windows updates installieren: hängt sich auf. Dann wollte ich ne ppP erstellen: er hängt sich auf. Im abgesicherten Modus ging es problemlos. Nur updates installieren ging nicht im abgesichertem Modus |
Zitat:
Zitat:
Es liegt dann aber nicht an Schadsoftware, denn diese haben wir entfernt. Erstelle hier ein neues Thema mit diesem Problem. Teile auch mit, dass du bereits hier warst und dein Rechner sauber ist. Die restlichen Dateien kannst du einfach löschen. Habe ich aber im Schritt "OTL" ebenfalls mit angegeben. LESEN! ;) |
Ja, Combofix liegt auf dem Desktop :) jetzt erfährst du es erst, weil ich es selbst erst jetzt gemerkt habe. Bei kleinen arbeiten geht es, aber sobald ich wie gesagt ordentlich damit arbeiten will geht es nicht. Denkst du denn, es liegt immer noch an diesem Trojaner oder hab ich einfach zusätzlich ein anderes PC-Problem? |
ich habe doch eben gesagt, dass du LESEN sollst! Ich habe geschrieben, dass es nicht mehr an Schadsoftware liegen kann und du im Windows-Forum ein neues Thema erstellen musst. Benenne combofix in uninstall um und führe es per Doppelklick aus - das sollte Combofix entfernen. |
Schön, dass wir helfen konnten! :abklatsch: Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:30 Uhr. |
Copyright ©2000-2024, Trojaner-Board