| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugängeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.11.2012, 21:41
| #1 |
 |  möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hallo, ich habe folgendes problem: vor zwei tagen hat mcafee die meldung ausgegeben, dass ein trojaner von meinem pc entfernt wurde und keine weiteren schritte notwendig seien. ich habe dann mit mcafee einen scan durchgeführt, bei dem nichts gefunden wurde. um sicher zu gehen, habe ich mir noch Malwarebytes runtergeladen und den pc gescannt - auch nichts gefunden. allerdings erhalte ich nun mehrmals am tag von Malwarebytes eine meldung, dass ein potentiell gefährlicher zugang blockiert wurde: Code:
ATTFilter 2012/11/02 19:52:59 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/02 19:52:59 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/02 19:52:59 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/02 19:53:20 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/02 19:54:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/02 19:54:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/02 19:54:33 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/02 19:54:38 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/02 19:54:38 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/02 19:54:48 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/02 19:59:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/02 19:59:28 +0100 CHRISTOPHER-PC Christopher MESSAGE Database already up-to-date
2012/11/02 20:13:21 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/02 20:13:21 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/02 20:13:21 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/02 23:56:53 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 193.169.40.44 (Type: outgoing, Port: 51390, Process: firefox.exe)
2012/11/02 23:56:53 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 193.169.40.44 (Type: outgoing, Port: 51391, Process: firefox.exe)
Code:
ATTFilter 2012/11/03 00:38:07 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 178.208.83.16 (Type: outgoing, Port: 52589, Process: firefox.exe)
2012/11/03 08:53:20 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/03 08:53:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/03 08:53:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/03 08:53:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/03 08:53:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.02.10 to version v2012.11.03.03
2012/11/03 08:53:39 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/03 08:53:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/03 08:53:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/03 08:53:39 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/03 08:53:43 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/03 08:53:43 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/03 08:53:51 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/03 11:37:47 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 11:37:55 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 11:37:55 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 15:26:47 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54654, Process: firefox.exe)
2012/11/03 15:27:19 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54662, Process: firefox.exe)
2012/11/03 15:27:27 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54667, Process: firefox.exe)
2012/11/03 15:28:56 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54774, Process: firefox.exe)
2012/11/03 15:29:12 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54788, Process: firefox.exe)
2012/11/03 15:29:12 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 54789, Process: firefox.exe)
2012/11/03 15:57:01 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 15:59:26 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 93.114.45.126 (Type: outgoing, Port: 55134, Process: firefox.exe)
2012/11/03 15:59:26 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 93.114.45.126 (Type: outgoing, Port: 55135, Process: firefox.exe)
2012/11/03 16:00:14 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55186, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55197, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55198, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55199, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55200, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55201, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55202, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55209, Process: firefox.exe)
2012/11/03 16:00:22 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55210, Process: firefox.exe)
2012/11/03 16:00:30 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55212, Process: firefox.exe)
2012/11/03 16:00:30 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55213, Process: firefox.exe)
2012/11/03 16:00:30 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55214, Process: firefox.exe)
2012/11/03 16:00:30 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55215, Process: firefox.exe)
2012/11/03 16:00:54 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.226.229 (Type: outgoing, Port: 55237, Process: firefox.exe)
2012/11/03 16:00:54 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.226.229 (Type: outgoing, Port: 55239, Process: firefox.exe)
2012/11/03 16:01:51 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55343, Process: firefox.exe)
2012/11/03 16:01:51 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 55344, Process: firefox.exe)
2012/11/03 16:08:00 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/03 20:34:23 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 20:34:23 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 20:34:23 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/03 23:22:39 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 219.146.8.78 (Type: outgoing, Port: 137)
2012/11/03 23:22:48 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 219.146.8.78 (Type: outgoing, Port: 137)
2012/11/03 23:22:48 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 219.146.8.78 (Type: outgoing, Port: 137)
Code:
ATTFilter 2012/11/04 05:17:45 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/04 05:17:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/04 05:17:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/04 05:17:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/04 05:18:03 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/04 05:18:09 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/04 05:18:09 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.03.03 to version v2012.11.04.01
2012/11/04 05:18:09 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/04 05:18:09 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/04 05:18:13 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/04 05:18:13 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/04 05:18:21 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/04 12:25:18 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/04 12:25:19 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/04 12:25:19 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/04 12:25:28 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/04 14:39:54 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/04 19:17:38 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/04 19:17:38 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/04 19:17:38 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/04 20:00:14 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping protection
2012/11/04 20:00:14 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection stopped successfully
2012/11/04 21:14:47 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/04 21:14:47 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
hier der bericht von malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.02.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Christopher :: CHRISTOPHER-PC [Administrator] Schutz: Aktiviert 02.11.2012 19:54:42 mbam-log-2012-11-02 (19-54-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368961 Laufzeit: 2 Stunde(n), 18 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:33 on 04/11/2012 (Christopher)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.11.2012 19:35:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,21% Memory free 6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,01 Gb Total Space | 202,80 Gb Free Space | 70,66% Space Free | Partition Type: NTFS Drive D: | 11,08 Gb Total Space | 1,74 Gb Free Space | 15,66% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.04 19:35:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe PRC - [2012.10.16 13:02:04 | 001,111,432 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.10.09 15:44:44 | 000,799,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 11:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2012.06.22 06:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2012.06.22 06:51:34 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2012.06.22 06:49:14 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2012.01.03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2010.12.08 10:45:16 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.12.08 10:45:16 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Online Backup\MOBKbackup.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.02.09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.02.09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.02.09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 20:14:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe PRC - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe PRC - [2008.09.26 01:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 17:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 17:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 10:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 19:47:56 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.18 19:43:41 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.18 19:43:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.06.18 19:42:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.06.18 19:42:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012.06.17 18:44:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.06.17 18:43:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.17 18:42:57 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.16 20:36:40 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.06.16 20:36:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.06.16 20:36:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.16 20:35:56 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.16 20:35:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.06.16 20:35:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.06.16 20:35:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2010.12.08 10:45:16 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.09.25 15:30:55 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3194.25263__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3194.25390__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3194.25243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3194.25266__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3194.25362__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3194.25334__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3194.25259__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3194.25311__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3194.25252__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.09.25 15:30:42 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3194.25391__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3194.25251__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3194.25342__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3194.25389__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3194.25343__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.09.25 15:30:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3194.25341__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.09.25 15:30:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3194.25388__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3194.25315__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3194.25268__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3194.25254__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3194.25354__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.09.25 15:30:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3194.25332__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3194.25273__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.09.25 15:30:40 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3194.25267__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3194.25329__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3194.25314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3194.25272__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3194.25328__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.09.25 15:30:39 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3194.25307__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3194.25312__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.09.25 15:30:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3194.25331__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.09.25 15:30:38 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3194.25313__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3194.25313__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.09.25 15:30:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.09.25 15:30:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3127.31131__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.09.25 15:30:38 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.09.25 15:30:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.09.25 15:30:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.09.25 15:30:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.09.25 15:30:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3127.31156__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3127.31130__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3127.31155__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3127.31141__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3127.31135__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.09.25 15:30:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3127.31139__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3127.31131__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010.09.25 15:30:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3127.31130__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.09.25 15:30:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.09.25 15:30:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3194.25405__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.09.25 15:30:32 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.09.25 15:30:32 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3194.25418__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2010.09.25 15:30:32 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3194.25239__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.09.25 15:30:32 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3194.25373_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2010.09.25 15:30:32 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3194.25247_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll MOD - [2010.09.25 15:30:31 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3194.25373__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.09.25 15:30:31 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3194.25258__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.09.25 15:30:31 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3194.25381__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.09.25 15:30:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3194.25240__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.09.25 15:30:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3194.25378__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.09.25 15:30:31 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3194.25242__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.09.25 15:30:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.09.25 15:30:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.09.25 15:30:30 | 001,028,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3194.25247__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.09.25 15:30:30 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3194.25240__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010.09.25 15:30:30 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3194.25237__90ba9c70f846762e\APM.Server.dll MOD - [2010.09.25 15:30:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3194.25238__90ba9c70f846762e\AEM.Server.dll MOD - [2010.09.25 15:30:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.09.25 15:30:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.09.25 15:30:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3194.25380__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.09.25 15:30:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3127.31144__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 02:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.02.09 17:14:04 | 000,124,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll MOD - [2009.02.09 17:14:02 | 000,263,560 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll MOD - [2009.02.09 17:14:02 | 000,038,184 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll MOD - [2009.02.09 17:14:00 | 000,349,480 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll MOD - [2009.02.09 17:13:26 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2008.09.29 16:51:26 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.09.25 17:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.08.22 09:03:00 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security) SRV - [2012.10.28 23:59:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.25 09:04:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.09 15:44:44 | 000,799,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.10 16:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012.06.22 06:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012.06.22 06:51:34 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012.06.22 06:49:14 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.08 10:45:16 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2009.02.09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.02.09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV) SRV - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX) DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.22 06:58:12 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2012.06.22 06:55:18 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2012.06.22 06:53:48 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012.06.22 06:52:38 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.06.22 06:51:46 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012.06.22 06:51:16 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012.06.22 06:50:56 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012.06.22 06:50:24 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012.04.20 15:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2010.04.13 19:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.09.29 17:27:56 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.09.26 20:14:12 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 01:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.07.21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.27 10:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {F8A8A8A5-B365-473C-AA7C-184CE245C539} IE - HKLM\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{7F9762D3-6D28-4174-B2C2-6DEA8B1BD51C}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=852330CE-F35D-49DA-8803-E96BE28D3EE4&apn_sauid=DCBE4AB5-A78D-4FCD-96BB-D1A698D698A8 IE - HKCU\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{7F9762D3-6D28-4174-B2C2-6DEA8B1BD51C}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{BBE200DD-47EE-499E-AE51-7C82B9CFE061}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.24 15:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 23:59:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 23:59:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.04 17:16:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 23:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 23:59:05 | 000,000,000 | ---D | M] [2010.09.25 15:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions [2012.10.25 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\2hshrfwh.default\extensions [2012.10.25 18:51:27 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\2hshrfwh.default\extensions\toolbar@ask.com [2012.10.08 18:25:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\2hshrfwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\2hshrfwh.default\searchplugins\askcom.xml [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.28 23:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.24 15:14:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.10.28 23:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.28 23:59:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.20 08:27:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.20 08:27:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.20 08:27:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.20 08:27:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.20 08:27:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.20 08:27:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC8687E-215F-442C-B6AF-3E2031450235}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDC2E49-2576-4912-A90B-A0400BC3C60E}: NameServer = 141.30.66.1,141.30.66.135 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{af751361-d6da-11df-9056-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{af751361-d6da-11df-9056-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bbea20e6-c980-11df-b586-00235a2ae087}\Shell - "" = AutoRun O33 - MountPoints2\{bbea20e6-c980-11df-b586-00235a2ae087}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bbea20eb-c980-11df-b586-00235a2ae087}\Shell - "" = AutoRun O33 - MountPoints2\{bbea20eb-c980-11df-b586-00235a2ae087}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bbea2113-c980-11df-b586-00235a2ae087}\Shell - "" = AutoRun O33 - MountPoints2\{bbea2113-c980-11df-b586-00235a2ae087}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e72f8b79-d6d9-11df-abc9-00235a2ae087}\Shell - "" = AutoRun O33 - MountPoints2\{e72f8b79-d6d9-11df-abc9-00235a2ae087}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.04 19:34:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2012.11.04 12:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.11.02 19:52:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Malwarebytes [2012.11.02 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 19:52:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.02 19:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.28 23:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.25 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.10.25 18:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.10.24 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\Macromedia [2012.10.23 18:39:35 | 000,000,000 | R--D | C] -- C:\Users\Christopher\Dropbox [2012.10.23 18:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.10.23 18:36:10 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.10.23 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Dropbox [2012.10.20 08:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.10.20 08:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.10.20 08:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.10.20 08:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.20 08:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.13 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Music [2012.10.07 13:16:32 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Wintersemester 12~13 ========== Files - Modified Within 30 Days ========== [2012.11.04 19:35:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2012.11.04 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Christopher\defogger_reenable [2012.11.04 19:33:29 | 000,050,477 | ---- | M] () -- C:\Users\Christopher\Desktop\Defogger.exe [2012.11.04 19:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.04 18:24:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 18:24:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 12:31:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.04 12:31:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.04 12:31:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.04 12:31:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.04 12:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.04 12:24:41 | 3218,952,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.04 05:25:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.02 17:44:43 | 000,554,880 | ---- | M] () -- C:\Users\Christopher\Desktop\abschluss0d18f3b9-23e2-4c5a-ab7a-999fcebc07ba.pdf [2012.10.29 08:09:07 | 000,006,836 | ---- | M] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.11.04 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\defogger_reenable [2012.11.04 19:33:27 | 000,050,477 | ---- | C] () -- C:\Users\Christopher\Desktop\Defogger.exe [2012.11.02 17:44:42 | 000,554,880 | ---- | C] () -- C:\Users\Christopher\Desktop\abschluss0d18f3b9-23e2-4c5a-ab7a-999fcebc07ba.pdf [2012.10.24 23:04:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.05.12 07:39:58 | 000,006,836 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat [2011.01.26 18:39:19 | 000,006,144 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 19:39:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.03 14:04:53 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Dropbox [2010.11.03 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IrfanView [2010.09.26 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > ich hoffe ihr könnt mir helfen, ich bedanke mich schonmal im voraus! |
|
06.11.2012, 17:26
| #2 | ||
| /// TB-Ausbilder   | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast: Code:
ATTFilter Norton Internet Security
McAfee Internet Security
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 2
Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
06.11.2012, 19:41
| #3 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hallo matthias,
__________________danke das du mir hilfst, ich heiße christopher. leider gibts schon bei schritt 1 ein kleines problem, da norton nicht in der programm-liste auftaucht. auch über die suche kann ich nichts finden. ich bin mir relativ sicher, dass ich norton schon vor längerer zeit deinstalliert habe. (ich möchte mcafee behalten) schritt 2 ging problemlos schritt 3 - adwcleaner-log: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 06/11/2012 um 18:43:16 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christopher - CHRISTOPHER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christopher\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2hshrfwh.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2hshrfwh.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
*************************
AdwCleaner[S1].txt - [2659 octets] - [06/11/2012 18:43:16]
########## EOF - C:\AdwCleaner[S1].txt - [2719 octets] ##########
[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-06.03 - Christopher 06.11.2012 18:56:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1707 [GMT 1:00]
ausgeführt von:: c:\users\Christopher\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-06 bis 2012-11-06 ))))))))))))))))))))))))))))))
.
.
2012-11-06 18:08 . 2012-11-06 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 08:07 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61552094-F2E2-459D-9DF2-54EEC3E3B559}\mpengine.dll
2012-11-04 20:36 . 2012-11-04 20:36 -------- d-----w- c:\program files\7-Zip
2012-11-02 18:52 . 2012-11-02 18:52 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
2012-11-02 18:52 . 2012-11-02 18:52 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 18:52 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 18:52 . 2012-11-02 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 22:06 . 2012-10-24 22:06 -------- d-----w- c:\users\Christopher\AppData\Local\Macromedia
2012-10-24 22:04 . 2012-10-25 08:04 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 17:39 . 2012-11-03 12:59 -------- d-----r- c:\users\Christopher\Dropbox
2012-10-23 17:36 . 2012-10-23 17:36 -------- d-----w- c:\program files\Dropbox
2012-10-23 17:35 . 2012-11-03 13:04 -------- d-----w- c:\users\Christopher\AppData\Roaming\Dropbox
2012-10-20 07:27 . 2012-10-29 07:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-10 08:28 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 08:28 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 08:28 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 08:27 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 08:27 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 08:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 08:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 08:04 . 2011-05-27 05:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 13:32 . 2012-08-07 07:11 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-09-25 14:43 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 15:53 . 2012-09-24 17:23 834048 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 14:07 . 2012-09-24 17:23 389632 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:41 . 2012-09-24 17:23 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-28 22:59 . 2012-10-28 22:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-26 446556]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-12-08 139088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 08:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{9BDC2E49-2576-4912-A90B-A0400BC3C60E}: NameServer = 141.30.66.1,141.30.66.135
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2hshrfwh.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - ExtSQL: 2012-10-25 19:38; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
HKLM-Run-hpqSRMon - (no file)
AddRemove-Adobe Flash Player 10 ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-06 19:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1820)
c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files\1&1 Surf-Stick\AssistantServices.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\vssvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-06 19:25:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-06 18:25
.
Vor Suchlauf: 7 Verzeichnis(se), 259.324.940.288 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 260.283.510.784 Bytes frei
.
- - End Of File - - 35D08E0D4780BDA7A705D05633375DDA
eine kleine sache noch, die gestern geschehen ist, weiß nicht ob es relevant ist: beim laptop ging die bildschirmbeleuchtung einfach so aus, so als wolle er sich in den ruhemodus versetzten. beim drücken irgendeiner taste ging die beleuchtung wieder kurz an, aber sofort wieder aus. ich hab ihn dann per power-knopf ausgeschaltet und kurz danach wieder angemacht. beim hochfahren hat er einen chkdsk-check durchgeführt, keine ahnung was das ist. |
|
06.11.2012, 20:44
| #4 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, CHKDSK (Link zu Wikipedia) dient der Überprüfung von Dateisystemstrukturen. Bei Systemabstürzen oder anderen Problemen startet Windows diesen Dienst automatisch. Wir entfernen jetzt erst mal Norton vollständig und führen einen Kontrollscan durch.  Schritt 1
Schritt 2 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Users\Christopher\AppData\Roaming\*.
CREATERESTOREPOINT
Wie läuft dein Rechner derzeit? Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
|
07.11.2012, 20:05
| #5 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge schritt 1 hat funktioniert, bei schritt 2 wurde aber nur ein otl-log erstellt: Code:
ATTFilter OTL logfile created on: 06.11.2012 22:36:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,00% Memory free 6,21 Gb Paging File | 4,86 Gb Available in Paging File | 78,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,01 Gb Total Space | 242,11 Gb Free Space | 84,36% Space Free | Partition Type: NTFS Drive D: | 11,08 Gb Total Space | 1,74 Gb Free Space | 15,71% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.04 19:35:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 11:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2012.06.22 06:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2012.06.22 06:51:34 | 000,168,368 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2012.06.22 06:49:14 | 000,200,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2010.12.08 10:45:16 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.12.08 10:45:16 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Online Backup\MOBKbackup.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.02.09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.02.09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.02.09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 20:14:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe PRC - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe PRC - [2008.09.26 01:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 17:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 17:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 10:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 19:47:56 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.18 19:43:41 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.18 19:43:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.06.18 19:42:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.06.18 19:42:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012.06.17 18:44:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.06.17 18:43:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.17 18:42:57 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.16 20:36:40 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.06.16 20:36:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.06.16 20:36:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.16 20:35:56 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.16 20:35:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.06.16 20:35:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.06.16 20:35:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2010.12.08 10:45:16 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.09.25 15:30:55 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3194.25263__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3194.25390__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3194.25243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3194.25266__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3194.25362__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3194.25334__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3194.25259__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.09.25 15:30:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3194.25311__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.09.25 15:30:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3194.25252__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.09.25 15:30:42 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3194.25391__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3194.25251__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3194.25342__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3194.25389__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:41 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3194.25343__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.09.25 15:30:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3194.25341__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.09.25 15:30:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3194.25388__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3194.25315__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3194.25268__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3194.25254__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3194.25354__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.09.25 15:30:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3194.25332__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3194.25273__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.09.25 15:30:40 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3194.25267__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3194.25329__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3194.25314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3194.25272__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.09.25 15:30:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3194.25328__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.09.25 15:30:39 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3194.25307__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3194.25312__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.09.25 15:30:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3194.25331__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.09.25 15:30:38 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3194.25313__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.09.25 15:30:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3194.25313__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.09.25 15:30:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.09.25 15:30:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3127.31131__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.09.25 15:30:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.09.25 15:30:38 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.09.25 15:30:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.09.25 15:30:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.09.25 15:30:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.09.25 15:30:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.09.25 15:30:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.09.25 15:30:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3127.31156__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3127.31130__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3127.31155__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3127.31141__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.09.25 15:30:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3127.31135__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.09.25 15:30:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3127.31139__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3127.31131__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.09.25 15:30:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010.09.25 15:30:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3127.31130__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.09.25 15:30:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.09.25 15:30:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3194.25405__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.09.25 15:30:32 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.09.25 15:30:32 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3194.25418__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2010.09.25 15:30:32 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3194.25239__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.09.25 15:30:32 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3194.25373_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2010.09.25 15:30:32 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3194.25247_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll MOD - [2010.09.25 15:30:31 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3194.25373__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.09.25 15:30:31 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3194.25258__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.09.25 15:30:31 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3194.25381__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.09.25 15:30:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3194.25240__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.09.25 15:30:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3194.25378__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.09.25 15:30:31 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3194.25242__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.09.25 15:30:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.09.25 15:30:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.09.25 15:30:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2010.09.25 15:30:31 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.09.25 15:30:30 | 001,028,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3194.25247__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.09.25 15:30:30 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3194.25240__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010.09.25 15:30:30 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3194.25237__90ba9c70f846762e\APM.Server.dll MOD - [2010.09.25 15:30:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3194.25238__90ba9c70f846762e\AEM.Server.dll MOD - [2010.09.25 15:30:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.09.25 15:30:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.09.25 15:30:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3194.25380__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.09.25 15:30:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3127.31144__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 02:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.02.09 17:13:26 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2008.09.29 16:51:26 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.09.25 17:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.08.22 09:03:00 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.10.28 23:59:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.25 09:04:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.10 16:44:06 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012.06.22 06:55:08 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012.06.22 06:51:34 | 000,168,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012.06.22 06:49:14 | 000,200,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.08 10:45:16 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2009.02.09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.02.09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.26 20:13:54 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV) SRV - [2008.09.26 20:13:26 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.22 06:58:12 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2012.06.22 06:55:18 | 000,206,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2012.06.22 06:53:48 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012.06.22 06:52:38 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.06.22 06:51:46 | 000,360,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012.06.22 06:51:16 | 000,061,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012.06.22 06:50:56 | 000,230,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012.06.22 06:50:24 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012.04.20 15:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2010.04.13 19:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.09.29 17:27:56 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.09.26 20:14:12 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 01:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.07.21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.27 10:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{7F9762D3-6D28-4174-B2C2-6DEA8B1BD51C}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{7F9762D3-6D28-4174-B2C2-6DEA8B1BD51C}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{BBE200DD-47EE-499E-AE51-7C82B9CFE061}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.24 15:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 23:59:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 23:59:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.04 17:16:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 23:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 23:59:05 | 000,000,000 | ---D | M] [2010.09.25 15:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions [2012.11.06 18:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\2hshrfwh.default\extensions [2012.10.08 18:25:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\2hshrfwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 23:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.28 23:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.24 15:14:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.10.28 23:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.28 23:59:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.20 08:27:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.20 08:27:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.20 08:27:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.20 08:27:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.20 08:27:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.20 08:27:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.06 19:12:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-1887101960-746733443-708444803-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1887101960-746733443-708444803-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1887101960-746733443-708444803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC8687E-215F-442C-B6AF-3E2031450235}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDC2E49-2576-4912-A90B-A0400BC3C60E}: NameServer = 141.30.66.1,141.30.66.135 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 22:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.11.06 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\temp [2012.11.06 19:13:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.06 18:53:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.06 18:53:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.06 18:53:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.06 18:53:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.06 18:52:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.06 18:49:49 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Christopher\Desktop\ComboFix.exe [2012.11.06 18:40:00 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.04 21:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.04 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.11.04 19:34:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2012.11.02 19:52:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Malwarebytes [2012.11.02 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 19:52:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.02 19:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.28 23:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.25 18:38:45 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.10.25 18:38:45 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.10.25 18:38:45 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.10.24 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\Macromedia [2012.10.24 23:04:47 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.23 18:39:35 | 000,000,000 | R--D | C] -- C:\Users\Christopher\Dropbox [2012.10.23 18:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.10.23 18:36:10 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.10.23 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Dropbox [2012.10.20 08:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.20 08:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.13 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Music [2012.10.10 09:27:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 09:27:03 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 09:27:03 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.11.06 22:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.06 21:53:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.06 21:53:27 | 000,594,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.06 21:53:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.06 21:53:27 | 000,102,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.06 21:47:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 21:47:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 21:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.06 21:46:28 | 3218,952,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.06 21:45:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.06 21:32:16 | 000,866,592 | ---- | M] () -- C:\Users\Christopher\Desktop\Norton_Removal_Tool.exe [2012.11.06 19:12:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.06 18:50:11 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Christopher\Desktop\ComboFix.exe [2012.11.06 18:42:22 | 000,541,569 | ---- | M] () -- C:\Users\Christopher\Desktop\adwcleaner.exe [2012.11.04 21:37:24 | 000,020,416 | ---- | M] () -- C:\Users\Christopher\Desktop\Desktop.zip [2012.11.04 19:58:36 | 000,302,592 | ---- | M] () -- C:\Users\Christopher\Desktop\qmj6pox7.exe [2012.11.04 19:35:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2012.11.04 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Christopher\defogger_reenable [2012.11.04 19:33:29 | 000,050,477 | ---- | M] () -- C:\Users\Christopher\Desktop\Defogger.exe [2012.11.02 17:44:43 | 000,554,880 | ---- | M] () -- C:\Users\Christopher\Desktop\abschluss0d18f3b9-23e2-4c5a-ab7a-999fcebc07ba.pdf [2012.10.29 08:09:07 | 000,006,836 | ---- | M] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat [2012.10.25 09:04:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.25 09:04:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.11.06 21:32:15 | 000,866,592 | ---- | C] () -- C:\Users\Christopher\Desktop\Norton_Removal_Tool.exe [2012.11.06 18:53:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.06 18:53:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.06 18:53:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.06 18:53:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.06 18:53:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.06 18:42:02 | 000,541,569 | ---- | C] () -- C:\Users\Christopher\Desktop\adwcleaner.exe [2012.11.04 21:37:24 | 000,020,416 | ---- | C] () -- C:\Users\Christopher\Desktop\Desktop.zip [2012.11.04 19:58:32 | 000,302,592 | ---- | C] () -- C:\Users\Christopher\Desktop\qmj6pox7.exe [2012.11.04 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\defogger_reenable [2012.11.04 19:33:27 | 000,050,477 | ---- | C] () -- C:\Users\Christopher\Desktop\Defogger.exe [2012.11.02 17:44:42 | 000,554,880 | ---- | C] () -- C:\Users\Christopher\Desktop\abschluss0d18f3b9-23e2-4c5a-ab7a-999fcebc07ba.pdf [2012.10.24 23:04:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.05.12 07:39:58 | 000,006,836 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat [2011.01.26 18:39:19 | 000,006,144 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 19:39:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.04.11 07:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.28 23:59:11 | 000,891,808 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.28 23:59:14 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008.01.21 03:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.04.11 07:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) < C:\Users\Christopher\AppData\Roaming\*. > [2010.10.12 15:23:37 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Adobe [2010.09.25 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ATI [2010.11.23 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\CyberLink [2012.11.03 14:04:53 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Dropbox [2010.09.25 15:13:10 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\hewlett-packard [2010.11.03 18:36:13 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\HP [2010.09.25 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\HP TCS [2012.11.02 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\HpUpdate [2010.09.25 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Identities [2010.11.03 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IrfanView [2010.09.30 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Macromedia [2012.11.02 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Media Center Programs [2012.10.24 23:06:32 | 000,000,000 | --SD | M] -- C:\Users\Christopher\AppData\Roaming\Microsoft [2010.09.25 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Mozilla [2010.09.26 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Vodafone < > < End of report >  Code:
ATTFilter 2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
wie gesagt, ich hab mir Malwarebytes erst runtergeladen, nachdem der mcafee-scan nichts gefunden hat. d.h. vor der trojaner-meldung von mcafee hat ich noch kein malwarebytes, weshalb ich erst seit neuesten von diesen "aktivitäten" auf dem port weiß Geändert von fux89 (07.11.2012 um 20:18 Uhr) |
|
08.11.2012, 17:45
| #6 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, welchen Trojaner hat McAfee zu Beginn entfernt? Gib bitte den Pfad und den Dateinamen dazu an. Was ist das genau für ein Netzwerk, an das du angeschlossen bist? Universität Dresden? Schritt 1
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}
IE - HKU\S-1-5-21-1887101960-746733443-708444803-1000\..\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
:commands
[Emptytemp]
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 3 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
09.11.2012, 09:10
| #7 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hallo, ja, ich hänge am netz der tu in dresden (woher weißst du das ?^^) das mit dem trojaner-namen und pfad geht leider nicht, wenn ich den sicherheitsverlauf von mcafee öffnen will geht ein fenser auf wo zunächst "bitte warten sie" steht. aber nach einer halben stunde tut sich dann immer noch nichts. ich hab auch schon geschaut ob ich in den mcafee-ordnern (also bei c:\programme usw.) irgendwelche ereignis-logs finde, leider nicht bei der meldung die ich erhalten habe stand auch kein name dabei, nur das er entfernt wurde und nichts weiter zu tun ist. hier die drei logs: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8A8A8A5-B365-473C-AA7C-184CE245C539}\ not found.
Registry key HKEY_USERS\S-1-5-21-1887101960-746733443-708444803-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57894ECA-22F7-48EE-B33C-F8E91C919BE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1887101960-746733443-708444803-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8A8A8A5-B365-473C-AA7C-184CE245C539}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8A8A8A5-B365-473C-AA7C-184CE245C539}\ not found.
Prefs.js: pdfforge@mybrowserbar.com:4.1 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.1 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christopher
->Temp folder emptied: 18795727 bytes
->Java cache emptied: 1929566 bytes
->FireFox cache emptied: 399145469 bytes
->Flash cache emptied: 70103 bytes
User: Default
->Temp folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46410 bytes
RecycleBin emptied: 84 bytes
Total Files Cleaned = 401,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11092012_083403
Files\Folders moved on Reboot...
C:\Users\Christopher\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_F9k1TaXBq01uXLG not found!
File\Folder C:\Windows\temp\ver4827.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 08:42:26
-----------------------------
08:42:26.050 OS Version: Windows 6.0.6002 Service Pack 2
08:42:26.051 Number of processors: 2 586 0x301
08:42:26.073 ComputerName: CHRISTOPHER-PC UserName: Christopher
08:43:11.651 Initialize success
08:43:43.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:43:43.648 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
08:43:43.681 Disk 0 MBR read successfully
08:43:43.687 Disk 0 MBR scan
08:43:43.693 Disk 0 unknown MBR code
08:43:43.702 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293894 MB offset 63
08:43:43.735 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11347 MB offset 601896960
08:43:43.771 Disk 0 scanning sectors +625135616
08:43:43.884 Disk 0 scanning C:\Windows\system32\drivers
08:44:11.118 Service scanning
08:44:36.984 Modules scanning
08:44:44.994 Disk 0 trace - called modules:
08:44:45.032 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
08:44:45.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860e8030]
08:44:45.430 3 CLASSPNP.SYS[8079f8b3] -> nt!IofCallDriver -> [0x860ffa10]
08:44:45.443 5 hpdskflt.sys[8b9aef05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860c8b98]
08:44:45.455 Scan finished successfully
08:49:56.288 Disk 0 MBR has been saved successfully to "C:\Users\Christopher\Desktop\MBR.dat"
08:49:56.295 The log file has been saved successfully to "C:\Users\Christopher\Desktop\aswMBR.txt"
Code:
ATTFilter 08:50:44.0691 3332 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:50:45.0699 3332 ============================================================
08:50:45.0699 3332 Current date / time: 2012/11/09 08:50:45.0699
08:50:45.0699 3332 SystemInfo:
08:50:45.0699 3332
08:50:45.0699 3332 OS Version: 6.0.6002 ServicePack: 2.0
08:50:45.0699 3332 Product type: Workstation
08:50:45.0700 3332 ComputerName: CHRISTOPHER-PC
08:50:45.0716 3332 UserName: Christopher
08:50:45.0716 3332 Windows directory: C:\Windows
08:50:45.0716 3332 System windows directory: C:\Windows
08:50:45.0716 3332 Processor architecture: Intel x86
08:50:45.0716 3332 Number of processors: 2
08:50:45.0716 3332 Page size: 0x1000
08:50:45.0716 3332 Boot type: Normal boot
08:50:45.0716 3332 ============================================================
08:50:47.0514 3332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:50:47.0519 3332 ============================================================
08:50:47.0519 3332 \Device\Harddisk0\DR0:
08:50:47.0534 3332 MBR partitions:
08:50:47.0534 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E037C1
08:50:47.0534 3332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E03800, BlocksNum 0x1629800
08:50:47.0534 3332 ============================================================
08:50:47.0575 3332 C: <-> \Device\Harddisk0\DR0\Partition1
08:50:47.0718 3332 D: <-> \Device\Harddisk0\DR0\Partition2
08:50:47.0719 3332 ============================================================
08:50:47.0719 3332 Initialize success
08:50:47.0719 3332 ============================================================
08:50:50.0914 5064 ============================================================
08:50:50.0914 5064 Scan started
08:50:50.0914 5064 Mode: Manual;
08:50:50.0914 5064 ============================================================
08:50:52.0359 5064 ================ Scan system memory ========================
08:50:52.0359 5064 System memory - ok
08:50:52.0360 5064 ================ Scan services =============================
08:50:52.0837 5064 [ 3B10711AD8656C097E0D16A41B29C54C ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
08:50:52.0839 5064 Accelerometer - ok
08:50:52.0929 5064 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:50:52.0936 5064 ACPI - ok
08:50:53.0076 5064 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:50:53.0083 5064 AdobeFlashPlayerUpdateSvc - ok
08:50:53.0159 5064 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:50:53.0164 5064 adp94xx - ok
08:50:53.0176 5064 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:50:53.0180 5064 adpahci - ok
08:50:53.0190 5064 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:50:53.0192 5064 adpu160m - ok
08:50:53.0202 5064 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:50:53.0204 5064 adpu320 - ok
08:50:53.0267 5064 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:50:53.0268 5064 AeLookupSvc - ok
08:50:53.0492 5064 [ 3B1B2EE9DF189F6BBB080BF393D1B2EE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
08:50:53.0510 5064 AESTFilters - ok
08:50:53.0599 5064 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
08:50:53.0602 5064 AFD - ok
08:50:53.0706 5064 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:50:53.0708 5064 agp440 - ok
08:50:53.0727 5064 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:50:53.0729 5064 aic78xx - ok
08:50:53.0756 5064 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:50:53.0762 5064 ALG - ok
08:50:53.0783 5064 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
08:50:53.0784 5064 aliide - ok
08:50:53.0801 5064 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:50:53.0803 5064 amdagp - ok
08:50:53.0826 5064 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
08:50:53.0827 5064 amdide - ok
08:50:53.0881 5064 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:50:53.0884 5064 AmdK7 - ok
08:50:53.0905 5064 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:50:53.0906 5064 AmdK8 - ok
08:50:54.0005 5064 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:50:54.0007 5064 Appinfo - ok
08:50:54.0120 5064 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
08:50:54.0122 5064 arc - ok
08:50:54.0181 5064 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:50:54.0183 5064 arcsas - ok
08:50:54.0233 5064 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:50:54.0234 5064 AsyncMac - ok
08:50:54.0276 5064 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
08:50:54.0277 5064 atapi - ok
08:50:54.0412 5064 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
08:50:54.0419 5064 athr - ok
08:50:54.0469 5064 [ 80129B0F83F361130770D642E36F57AB ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
08:50:54.0475 5064 Ati External Event Utility - ok
08:50:54.0597 5064 [ 5E80C91CA04C46A9AC6D4F39E1BCE636 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:50:54.0696 5064 atikmdag - ok
08:50:54.0712 5064 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:50:54.0713 5064 AtiPcie - ok
08:50:54.0778 5064 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:50:54.0786 5064 AudioEndpointBuilder - ok
08:50:54.0797 5064 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:50:54.0800 5064 Audiosrv - ok
08:50:54.0855 5064 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:50:54.0856 5064 Beep - ok
08:50:54.0923 5064 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
08:50:54.0951 5064 BFE - ok
08:50:55.0126 5064 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
08:50:55.0136 5064 BITS - ok
08:50:55.0152 5064 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:50:55.0154 5064 blbdrive - ok
08:50:55.0186 5064 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:50:55.0189 5064 bowser - ok
08:50:55.0258 5064 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:50:55.0260 5064 BrFiltLo - ok
08:50:55.0284 5064 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:50:55.0285 5064 BrFiltUp - ok
08:50:55.0325 5064 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:50:55.0332 5064 Browser - ok
08:50:55.0386 5064 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:50:55.0388 5064 Brserid - ok
08:50:55.0402 5064 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:50:55.0404 5064 BrSerWdm - ok
08:50:55.0418 5064 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:50:55.0419 5064 BrUsbMdm - ok
08:50:55.0426 5064 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:50:55.0429 5064 BrUsbSer - ok
08:50:55.0468 5064 [ CCE53AFC28347CC18EA139972E5B5E5A ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
08:50:55.0469 5064 BthEnum - ok
08:50:55.0500 5064 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:50:55.0501 5064 BTHMODEM - ok
08:50:55.0524 5064 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:50:55.0526 5064 BthPan - ok
08:50:55.0601 5064 [ AC8A1689D5EFC4D214201155A78D8F4B ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
08:50:55.0606 5064 BTHPORT - ok
08:50:55.0641 5064 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
08:50:55.0643 5064 BthServ - ok
08:50:55.0662 5064 [ 288C1F74E3E2EED6C7B54EB3AAC70856 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
08:50:55.0663 5064 BTHUSB - ok
08:50:55.0691 5064 catchme - ok
08:50:55.0728 5064 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:50:55.0731 5064 cdfs - ok
08:50:55.0788 5064 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:50:55.0789 5064 cdrom - ok
08:50:55.0839 5064 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
08:50:55.0848 5064 CertPropSvc - ok
08:50:55.0944 5064 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
08:50:55.0946 5064 cfwids - ok
08:50:55.0969 5064 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:50:55.0970 5064 circlass - ok
08:50:55.0999 5064 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
08:50:56.0002 5064 CLFS - ok
08:50:56.0071 5064 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:50:56.0080 5064 clr_optimization_v2.0.50727_32 - ok
08:50:56.0168 5064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:50:56.0173 5064 clr_optimization_v4.0.30319_32 - ok
08:50:56.0239 5064 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:50:56.0240 5064 CmBatt - ok
08:50:56.0250 5064 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:50:56.0251 5064 cmdide - ok
08:50:56.0365 5064 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:50:56.0367 5064 Com4QLBEx - ok
08:50:56.0388 5064 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:50:56.0389 5064 Compbatt - ok
08:50:56.0411 5064 COMSysApp - ok
08:50:56.0428 5064 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:50:56.0429 5064 crcdisk - ok
08:50:56.0461 5064 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:50:56.0463 5064 Crusoe - ok
08:50:56.0525 5064 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:50:56.0527 5064 CryptSvc - ok
08:50:56.0601 5064 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:50:56.0609 5064 DcomLaunch - ok
08:50:56.0647 5064 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:50:56.0648 5064 DfsC - ok
08:50:56.0757 5064 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
08:50:56.0814 5064 DFSR - ok
08:50:56.0906 5064 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:50:56.0909 5064 Dhcp - ok
08:50:56.0943 5064 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
08:50:56.0944 5064 disk - ok
08:50:57.0000 5064 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:50:57.0012 5064 Dnscache - ok
08:50:57.0042 5064 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:50:57.0057 5064 dot3svc - ok
08:50:57.0177 5064 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
08:50:57.0179 5064 Dot4 - ok
08:50:57.0201 5064 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:50:57.0202 5064 Dot4Print - ok
08:50:57.0219 5064 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
08:50:57.0220 5064 dot4usb - ok
08:50:57.0279 5064 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:50:57.0285 5064 DPS - ok
08:50:57.0305 5064 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:50:57.0308 5064 drmkaud - ok
08:50:57.0359 5064 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:50:57.0383 5064 DXGKrnl - ok
08:50:57.0413 5064 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:50:57.0414 5064 E1G60 - ok
08:50:57.0440 5064 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:50:57.0445 5064 EapHost - ok
08:50:57.0526 5064 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:50:57.0528 5064 Ecache - ok
08:50:57.0596 5064 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:50:57.0612 5064 ehRecvr - ok
08:50:57.0642 5064 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
08:50:57.0648 5064 ehSched - ok
08:50:57.0660 5064 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
08:50:57.0661 5064 ehstart - ok
08:50:57.0737 5064 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:50:57.0742 5064 elxstor - ok
08:50:57.0781 5064 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:50:57.0787 5064 EMDMgmt - ok
08:50:57.0858 5064 [ 4CD6B056C5FD9E97C06FE74C81479517 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
08:50:57.0860 5064 enecir - ok
08:50:57.0920 5064 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:50:57.0921 5064 ErrDev - ok
08:50:58.0025 5064 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
08:50:58.0029 5064 EventSystem - ok
08:50:58.0108 5064 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
08:50:58.0110 5064 exfat - ok
08:50:58.0210 5064 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
08:50:58.0214 5064 ezSharedSvc - ok
08:50:58.0260 5064 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:50:58.0262 5064 fastfat - ok
08:50:58.0313 5064 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:50:58.0316 5064 fdc - ok
08:50:58.0332 5064 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:50:58.0334 5064 fdPHost - ok
08:50:58.0365 5064 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:50:58.0368 5064 FDResPub - ok
08:50:58.0383 5064 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:50:58.0385 5064 FileInfo - ok
08:50:58.0403 5064 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:50:58.0404 5064 Filetrace - ok
08:50:58.0427 5064 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:50:58.0428 5064 flpydisk - ok
08:50:58.0459 5064 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:50:58.0462 5064 FltMgr - ok
08:50:58.0661 5064 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
08:50:58.0698 5064 FontCache - ok
08:50:58.0742 5064 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:50:58.0744 5064 FontCache3.0.0.0 - ok
08:50:58.0781 5064 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:50:58.0782 5064 Fs_Rec - ok
08:50:58.0820 5064 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:50:58.0821 5064 gagp30kx - ok
08:50:59.0001 5064 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
08:50:59.0132 5064 GameConsoleService - ok
08:50:59.0237 5064 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
08:50:59.0270 5064 gpsvc - ok
08:50:59.0348 5064 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:50:59.0350 5064 HdAudAddService - ok
08:50:59.0455 5064 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:50:59.0472 5064 HDAudBus - ok
08:50:59.0499 5064 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:50:59.0500 5064 HidBth - ok
08:50:59.0518 5064 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:50:59.0519 5064 HidIr - ok
08:50:59.0544 5064 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
08:50:59.0546 5064 hidserv - ok
08:50:59.0561 5064 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:50:59.0562 5064 HidUsb - ok
08:50:59.0638 5064 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
08:50:59.0640 5064 HipShieldK - ok
08:50:59.0673 5064 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:50:59.0677 5064 hkmsvc - ok
08:50:59.0764 5064 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
08:50:59.0765 5064 HP Health Check Service - ok
08:50:59.0810 5064 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:50:59.0812 5064 HpCISSs - ok
08:50:59.0828 5064 [ 24F3F496C18EFC234777723A67A85F81 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
08:50:59.0829 5064 hpdskflt - ok
08:51:00.0146 5064 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:51:00.0154 5064 hpqcxs08 - ok
08:51:00.0212 5064 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:51:00.0218 5064 hpqddsvc - ok
08:51:00.0251 5064 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:51:00.0253 5064 HpqKbFiltr - ok
08:51:00.0308 5064 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
08:51:00.0312 5064 hpqwmiex - ok
08:51:00.0374 5064 [ 6D0AC28C5BD8D8495F83F5929A45E559 ] hpsrv C:\Windows\system32\Hpservice.exe
08:51:00.0397 5064 hpsrv - ok
08:51:00.0456 5064 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:51:00.0511 5064 HTTP - ok
08:51:00.0573 5064 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:51:00.0576 5064 hwdatacard - ok
08:51:00.0671 5064 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:51:00.0673 5064 i2omp - ok
08:51:00.0742 5064 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:51:00.0748 5064 i8042prt - ok
08:51:00.0794 5064 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:51:00.0799 5064 iaStorV - ok
08:51:00.0894 5064 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:51:00.0912 5064 IDriverT - ok
08:51:01.0123 5064 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:51:01.0174 5064 idsvc - ok
08:51:01.0229 5064 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:51:01.0230 5064 iirsp - ok
08:51:01.0305 5064 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
08:51:01.0316 5064 IKEEXT - ok
08:51:01.0364 5064 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
08:51:01.0365 5064 intelide - ok
08:51:01.0417 5064 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:51:01.0418 5064 intelppm - ok
08:51:01.0437 5064 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:51:01.0450 5064 IPBusEnum - ok
08:51:01.0479 5064 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:51:01.0480 5064 IpFilterDriver - ok
08:51:01.0533 5064 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:51:01.0539 5064 iphlpsvc - ok
08:51:01.0547 5064 IpInIp - ok
08:51:01.0581 5064 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:51:01.0582 5064 IPMIDRV - ok
08:51:01.0599 5064 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:51:01.0601 5064 IPNAT - ok
08:51:01.0659 5064 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:51:01.0660 5064 IRENUM - ok
08:51:01.0686 5064 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:51:01.0687 5064 isapnp - ok
08:51:01.0775 5064 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:51:01.0787 5064 iScsiPrt - ok
08:51:01.0799 5064 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:51:01.0800 5064 iteatapi - ok
08:51:01.0810 5064 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:51:01.0812 5064 iteraid - ok
08:51:01.0917 5064 [ ED9103E5B70761EBC9809F4BD9673BB2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
08:51:01.0919 5064 JMCR - ok
08:51:01.0978 5064 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:51:01.0979 5064 kbdclass - ok
08:51:02.0002 5064 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:51:02.0003 5064 kbdhid - ok
08:51:02.0033 5064 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
08:51:02.0036 5064 KeyIso - ok
08:51:02.0098 5064 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:51:02.0103 5064 KSecDD - ok
08:51:02.0178 5064 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:51:02.0187 5064 KtmRm - ok
08:51:02.0249 5064 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
08:51:02.0253 5064 LanmanServer - ok
08:51:02.0318 5064 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:51:02.0322 5064 LanmanWorkstation - ok
08:51:02.0434 5064 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:51:02.0437 5064 LightScribeService - ok
08:51:02.0461 5064 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:51:02.0463 5064 lltdio - ok
08:51:02.0494 5064 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:51:02.0508 5064 lltdsvc - ok
08:51:02.0530 5064 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:51:02.0533 5064 lmhosts - ok
08:51:02.0559 5064 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:51:02.0561 5064 LSI_FC - ok
08:51:02.0616 5064 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:51:02.0617 5064 LSI_SAS - ok
08:51:02.0664 5064 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:51:02.0666 5064 LSI_SCSI - ok
08:51:02.0717 5064 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:51:02.0718 5064 luafv - ok
08:51:02.0836 5064 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
08:51:02.0837 5064 massfilter - ok
08:51:02.0932 5064 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:51:02.0933 5064 MBAMProtector - ok
08:51:03.0054 5064 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:51:03.0068 5064 MBAMScheduler - ok
08:51:03.0119 5064 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:51:03.0125 5064 MBAMService - ok
08:51:03.0231 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0237 5064 McAfee SiteAdvisor Service - ok
08:51:03.0288 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0292 5064 McMPFSvc - ok
08:51:03.0307 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0311 5064 mcmscsvc - ok
08:51:03.0325 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0339 5064 McNaiAnn - ok
08:51:03.0379 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0381 5064 McNASvc - ok
08:51:03.0490 5064 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
08:51:03.0493 5064 McODS - ok
08:51:03.0501 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:03.0504 5064 McProxy - ok
08:51:03.0597 5064 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:51:03.0603 5064 McShield - ok
08:51:03.0627 5064 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:51:03.0634 5064 Mcx2Svc - ok
08:51:03.0690 5064 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
08:51:03.0691 5064 megasas - ok
08:51:03.0715 5064 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
08:51:03.0719 5064 MegaSR - ok
08:51:03.0741 5064 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
08:51:03.0743 5064 mfeapfk - ok
08:51:03.0798 5064 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
08:51:03.0801 5064 mfeavfk - ok
08:51:03.0913 5064 mfeavfk01 - ok
08:51:03.0952 5064 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
08:51:03.0954 5064 mfebopk - ok
08:51:04.0015 5064 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:51:04.0036 5064 mfefire - ok
08:51:04.0077 5064 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
08:51:04.0081 5064 mfefirek - ok
08:51:04.0249 5064 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
08:51:04.0254 5064 mfehidk - ok
08:51:04.0290 5064 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
08:51:04.0292 5064 mferkdet - ok
08:51:04.0337 5064 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe
08:51:04.0344 5064 mfevtp - ok
08:51:04.0367 5064 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
08:51:04.0370 5064 mfewfpk - ok
08:51:04.0393 5064 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:51:04.0405 5064 MMCSS - ok
08:51:04.0482 5064 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
08:51:04.0484 5064 MOBKbackup - ok
08:51:04.0507 5064 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys
08:51:04.0508 5064 MOBKFilter - ok
08:51:04.0523 5064 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:51:04.0524 5064 Modem - ok
08:51:04.0578 5064 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:51:04.0580 5064 monitor - ok
08:51:04.0612 5064 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:51:04.0614 5064 mouclass - ok
08:51:04.0624 5064 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:51:04.0625 5064 mouhid - ok
08:51:04.0656 5064 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:51:04.0658 5064 MountMgr - ok
08:51:04.0734 5064 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:51:04.0849 5064 MozillaMaintenance - ok
08:51:04.0954 5064 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
08:51:04.0955 5064 mpio - ok
08:51:04.0976 5064 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:51:04.0977 5064 mpsdrv - ok
08:51:05.0059 5064 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
08:51:05.0065 5064 MpsSvc - ok
08:51:05.0088 5064 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:51:05.0089 5064 Mraid35x - ok
08:51:05.0136 5064 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:51:05.0138 5064 MRxDAV - ok
08:51:05.0193 5064 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:51:05.0195 5064 mrxsmb - ok
08:51:05.0232 5064 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:51:05.0235 5064 mrxsmb10 - ok
08:51:05.0263 5064 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:51:05.0265 5064 mrxsmb20 - ok
08:51:05.0345 5064 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
08:51:05.0348 5064 msahci - ok
08:51:05.0374 5064 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:51:05.0376 5064 msdsm - ok
08:51:05.0399 5064 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:51:05.0420 5064 MSDTC - ok
08:51:05.0441 5064 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:51:05.0442 5064 Msfs - ok
08:51:05.0490 5064 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:51:05.0491 5064 msisadrv - ok
08:51:05.0531 5064 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:51:05.0561 5064 MSiSCSI - ok
08:51:05.0567 5064 msiserver - ok
08:51:05.0619 5064 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:51:05.0621 5064 MSK80Service - ok
08:51:05.0645 5064 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:51:05.0646 5064 MSKSSRV - ok
08:51:05.0704 5064 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:51:05.0705 5064 MSPCLOCK - ok
08:51:05.0738 5064 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:51:05.0740 5064 MSPQM - ok
08:51:05.0767 5064 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:51:05.0769 5064 MsRPC - ok
08:51:05.0788 5064 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:51:05.0790 5064 mssmbios - ok
08:51:05.0796 5064 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:51:05.0800 5064 MSTEE - ok
08:51:05.0821 5064 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
08:51:05.0823 5064 Mup - ok
08:51:05.0896 5064 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
08:51:05.0907 5064 napagent - ok
08:51:05.0984 5064 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:51:05.0986 5064 NativeWifiP - ok
08:51:06.0073 5064 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:51:06.0099 5064 NDIS - ok
08:51:06.0124 5064 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:51:06.0125 5064 NdisTapi - ok
08:51:06.0147 5064 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:51:06.0150 5064 Ndisuio - ok
08:51:06.0202 5064 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:51:06.0204 5064 NdisWan - ok
08:51:06.0236 5064 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:51:06.0238 5064 NDProxy - ok
08:51:06.0309 5064 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:51:06.0312 5064 Net Driver HPZ12 - ok
08:51:06.0324 5064 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:51:06.0326 5064 NetBIOS - ok
08:51:06.0359 5064 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:51:06.0361 5064 netbt - ok
08:51:06.0379 5064 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
08:51:06.0383 5064 Netlogon - ok
08:51:06.0453 5064 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:51:06.0461 5064 Netman - ok
08:51:06.0484 5064 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:51:06.0488 5064 netprofm - ok
08:51:06.0539 5064 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:51:06.0547 5064 NetTcpPortSharing - ok
08:51:06.0775 5064 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
08:51:06.0792 5064 NETw3v32 - ok
08:51:06.0820 5064 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:51:06.0821 5064 nfrd960 - ok
08:51:06.0863 5064 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:51:06.0871 5064 NlaSvc - ok
08:51:06.0899 5064 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:51:06.0901 5064 Npfs - ok
08:51:06.0932 5064 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:51:06.0935 5064 nsi - ok
08:51:06.0972 5064 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:51:06.0973 5064 nsiproxy - ok
08:51:07.0123 5064 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:51:07.0132 5064 Ntfs - ok
08:51:07.0156 5064 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:51:07.0158 5064 ntrigdigi - ok
08:51:07.0180 5064 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:51:07.0184 5064 Null - ok
08:51:07.0221 5064 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:51:07.0223 5064 nvraid - ok
08:51:07.0247 5064 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:51:07.0249 5064 nvstor - ok
08:51:07.0281 5064 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:51:07.0283 5064 nv_agp - ok
08:51:07.0289 5064 NwlnkFlt - ok
08:51:07.0297 5064 NwlnkFwd - ok
08:51:07.0413 5064 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:51:07.0546 5064 odserv - ok
08:51:07.0638 5064 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:51:07.0641 5064 ohci1394 - ok
08:51:07.0666 5064 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:07.0773 5064 ose - ok
08:51:07.0863 5064 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:51:07.0936 5064 p2pimsvc - ok
08:51:07.0986 5064 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
08:51:07.0993 5064 p2psvc - ok
08:51:08.0023 5064 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
08:51:08.0025 5064 Parport - ok
08:51:08.0061 5064 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:51:08.0063 5064 partmgr - ok
08:51:08.0089 5064 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
08:51:08.0090 5064 Parvdm - ok
08:51:08.0108 5064 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:51:08.0111 5064 PcaSvc - ok
08:51:08.0158 5064 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
08:51:08.0162 5064 pci - ok
08:51:08.0219 5064 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
08:51:08.0220 5064 pciide - ok
08:51:08.0247 5064 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:51:08.0249 5064 pcmcia - ok
08:51:08.0320 5064 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:51:08.0327 5064 PEAUTH - ok
08:51:08.0396 5064 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:51:08.0409 5064 pla - ok
08:51:08.0437 5064 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:51:08.0442 5064 PlugPlay - ok
08:51:08.0527 5064 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:51:08.0530 5064 Pml Driver HPZ12 - ok
08:51:08.0557 5064 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:51:08.0564 5064 PNRPAutoReg - ok
08:51:08.0601 5064 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:51:08.0609 5064 PNRPsvc - ok
08:51:08.0631 5064 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:51:08.0654 5064 PolicyAgent - ok
08:51:08.0684 5064 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:51:08.0686 5064 PptpMiniport - ok
08:51:08.0700 5064 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:51:08.0702 5064 Processor - ok
08:51:08.0725 5064 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
08:51:08.0730 5064 ProfSvc - ok
08:51:08.0746 5064 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:51:08.0751 5064 ProtectedStorage - ok
08:51:08.0786 5064 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:51:08.0789 5064 PSched - ok
08:51:08.0884 5064 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:51:08.0893 5064 ql2300 - ok
08:51:08.0922 5064 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:51:08.0924 5064 ql40xx - ok
08:51:08.0979 5064 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:51:09.0000 5064 QWAVE - ok
08:51:09.0035 5064 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:51:09.0036 5064 QWAVEdrv - ok
08:51:09.0054 5064 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:51:09.0055 5064 RasAcd - ok
08:51:09.0069 5064 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:51:09.0080 5064 RasAuto - ok
08:51:09.0123 5064 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:51:09.0124 5064 Rasl2tp - ok
08:51:09.0208 5064 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
08:51:09.0216 5064 RasMan - ok
08:51:09.0298 5064 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:51:09.0299 5064 RasPppoe - ok
08:51:09.0317 5064 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:51:09.0319 5064 RasSstp - ok
08:51:09.0341 5064 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:51:09.0344 5064 rdbss - ok
08:51:09.0371 5064 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:51:09.0374 5064 RDPCDD - ok
08:51:09.0424 5064 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:51:09.0427 5064 rdpdr - ok
08:51:09.0435 5064 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:51:09.0437 5064 RDPENCDD - ok
08:51:09.0471 5064 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:51:09.0474 5064 RDPWD - ok
08:51:09.0545 5064 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
08:51:09.0558 5064 Recovery Service for Windows - ok
08:51:09.0621 5064 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:51:09.0630 5064 RemoteAccess - ok
08:51:09.0664 5064 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:51:09.0676 5064 RemoteRegistry - ok
08:51:09.0725 5064 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:51:09.0728 5064 RFCOMM - ok
08:51:09.0837 5064 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
08:51:09.0843 5064 RichVideo - ok
08:51:09.0925 5064 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:51:09.0937 5064 RpcLocator - ok
08:51:10.0010 5064 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
08:51:10.0017 5064 RpcSs - ok
08:51:10.0045 5064 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:51:10.0047 5064 rspndr - ok
08:51:10.0113 5064 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
08:51:10.0117 5064 RTL8169 - ok
08:51:10.0124 5064 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
08:51:10.0126 5064 SamSs - ok
08:51:10.0149 5064 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:51:10.0152 5064 sbp2port - ok
08:51:10.0184 5064 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:51:10.0194 5064 SCardSvr - ok
08:51:10.0231 5064 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
08:51:10.0239 5064 Schedule - ok
08:51:10.0266 5064 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:51:10.0267 5064 SCPolicySvc - ok
08:51:10.0294 5064 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:51:10.0295 5064 sdbus - ok
08:51:10.0342 5064 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:51:10.0361 5064 SDRSVC - ok
08:51:10.0384 5064 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:51:10.0385 5064 secdrv - ok
08:51:10.0403 5064 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:51:10.0406 5064 seclogon - ok
08:51:10.0422 5064 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
08:51:10.0426 5064 SENS - ok
08:51:10.0451 5064 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:51:10.0452 5064 Serenum - ok
08:51:10.0471 5064 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
08:51:10.0473 5064 Serial - ok
08:51:10.0489 5064 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:51:10.0490 5064 sermouse - ok
08:51:10.0527 5064 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:51:10.0531 5064 SessionEnv - ok
08:51:10.0567 5064 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:51:10.0568 5064 sffdisk - ok
08:51:10.0578 5064 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:51:10.0580 5064 sffp_mmc - ok
08:51:10.0588 5064 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:51:10.0589 5064 sffp_sd - ok
08:51:10.0606 5064 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:51:10.0607 5064 sfloppy - ok
08:51:10.0653 5064 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:51:10.0692 5064 SharedAccess - ok
08:51:10.0748 5064 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:51:10.0756 5064 ShellHWDetection - ok
08:51:10.0798 5064 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:51:10.0800 5064 sisagp - ok
08:51:10.0816 5064 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:51:10.0818 5064 SiSRaid2 - ok
08:51:10.0837 5064 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:51:10.0839 5064 SiSRaid4 - ok
08:51:11.0061 5064 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
08:51:11.0088 5064 slsvc - ok
08:51:11.0136 5064 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:51:11.0147 5064 SLUINotify - ok
08:51:11.0178 5064 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:51:11.0180 5064 Smb - ok
08:51:11.0222 5064 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:51:11.0236 5064 SNMPTRAP - ok
08:51:11.0270 5064 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:51:11.0272 5064 spldr - ok
08:51:11.0298 5064 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
08:51:11.0302 5064 Spooler - ok
08:51:11.0355 5064 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:51:11.0359 5064 srv - ok
08:51:11.0396 5064 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:51:11.0398 5064 srv2 - ok
08:51:11.0418 5064 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:51:11.0420 5064 srvnet - ok
08:51:11.0440 5064 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:51:11.0448 5064 SSDPSRV - ok
08:51:11.0465 5064 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:51:11.0473 5064 SstpSvc - ok
08:51:11.0580 5064 [ CF7DF19EC6EEE8D51B7FCCF4AAE93906 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
08:51:11.0583 5064 STacSV - ok
08:51:11.0619 5064 [ 87A094CA41BC86CE430DF0ED0C846DC8 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
08:51:11.0624 5064 STHDA - ok
08:51:11.0674 5064 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
08:51:11.0704 5064 stisvc - ok
08:51:11.0726 5064 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:51:11.0727 5064 swenum - ok
08:51:11.0760 5064 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
08:51:11.0792 5064 swprv - ok
08:51:11.0807 5064 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:51:11.0809 5064 Symc8xx - ok
08:51:11.0825 5064 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:51:11.0826 5064 Sym_hi - ok
08:51:11.0837 5064 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:51:11.0839 5064 Sym_u3 - ok
08:51:11.0897 5064 [ BF7AA84D5AF0FAA0978C840E63B17DBF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:51:11.0899 5064 SynTP - ok
08:51:11.0974 5064 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
08:51:12.0008 5064 SysMain - ok
08:51:12.0032 5064 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:51:12.0037 5064 TabletInputService - ok
08:51:12.0071 5064 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:51:12.0080 5064 TapiSrv - ok
08:51:12.0147 5064 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:51:12.0151 5064 TBS - ok
08:51:12.0284 5064 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:51:12.0292 5064 Tcpip - ok
08:51:12.0332 5064 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:51:12.0340 5064 Tcpip6 - ok
08:51:12.0373 5064 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:51:12.0374 5064 tcpipreg - ok
08:51:12.0402 5064 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:51:12.0403 5064 TDPIPE - ok
08:51:12.0415 5064 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:51:12.0419 5064 TDTCP - ok
08:51:12.0444 5064 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:51:12.0445 5064 tdx - ok
08:51:12.0485 5064 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:51:12.0487 5064 TermDD - ok
08:51:12.0509 5064 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
08:51:12.0532 5064 TermService - ok
08:51:12.0549 5064 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
08:51:12.0556 5064 Themes - ok
08:51:12.0574 5064 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:51:12.0576 5064 THREADORDER - ok
08:51:12.0613 5064 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:51:12.0618 5064 TrkWks - ok
08:51:12.0670 5064 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:51:12.0672 5064 TrustedInstaller - ok
08:51:12.0737 5064 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:51:12.0738 5064 tssecsrv - ok
08:51:12.0761 5064 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:51:12.0763 5064 tunmp - ok
08:51:12.0802 5064 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:51:12.0804 5064 tunnel - ok
08:51:13.0007 5064 [ 862E9DEC4B802DD58D897A151A17C527 ] TVCapSvc C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
08:51:13.0015 5064 TVCapSvc - ok
08:51:13.0056 5064 [ 5DCE4656BF1EBA4EB475D192F23B0B56 ] TVSched C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
08:51:13.0060 5064 TVSched - ok
08:51:13.0079 5064 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:51:13.0081 5064 uagp35 - ok
08:51:13.0133 5064 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:51:13.0136 5064 udfs - ok
08:51:13.0246 5064 [ FB20E2BA7CDF44B457939246647BDF65 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
08:51:13.0253 5064 UI Assistant Service - ok
08:51:13.0274 5064 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:51:13.0287 5064 UI0Detect - ok
08:51:13.0307 5064 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:51:13.0309 5064 uliagpkx - ok
08:51:13.0359 5064 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:51:13.0362 5064 uliahci - ok
08:51:13.0379 5064 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:51:13.0380 5064 UlSata - ok
08:51:13.0408 5064 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:51:13.0410 5064 ulsata2 - ok
08:51:13.0436 5064 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:51:13.0437 5064 umbus - ok
08:51:13.0466 5064 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:51:13.0476 5064 upnphost - ok
08:51:13.0526 5064 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:51:13.0527 5064 usbccgp - ok
08:51:13.0543 5064 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:51:13.0545 5064 usbcir - ok
08:51:13.0602 5064 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:51:13.0603 5064 usbehci - ok
08:51:13.0690 5064 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
08:51:13.0692 5064 usbfilter - ok
08:51:13.0711 5064 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:51:13.0713 5064 usbhub - ok
08:51:13.0743 5064 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:51:13.0744 5064 usbohci - ok
08:51:13.0774 5064 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:51:13.0775 5064 usbprint - ok
08:51:13.0803 5064 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:51:13.0805 5064 usbscan - ok
08:51:13.0833 5064 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:51:13.0837 5064 USBSTOR - ok
08:51:13.0893 5064 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:51:13.0894 5064 usbuhci - ok
08:51:13.0920 5064 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:51:13.0923 5064 usbvideo - ok
08:51:13.0957 5064 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
08:51:13.0961 5064 UxSms - ok
08:51:14.0006 5064 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
08:51:14.0028 5064 vds - ok
08:51:14.0086 5064 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:51:14.0087 5064 vga - ok
08:51:14.0099 5064 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:51:14.0103 5064 VgaSave - ok
08:51:14.0123 5064 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:51:14.0125 5064 viaagp - ok
08:51:14.0147 5064 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:51:14.0148 5064 ViaC7 - ok
08:51:14.0173 5064 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
08:51:14.0174 5064 viaide - ok
08:51:14.0187 5064 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:51:14.0189 5064 volmgr - ok
08:51:14.0237 5064 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:51:14.0241 5064 volmgrx - ok
08:51:14.0324 5064 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:51:14.0327 5064 volsnap - ok
08:51:14.0353 5064 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:51:14.0355 5064 vsmraid - ok
08:51:14.0404 5064 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
08:51:14.0415 5064 VSS - ok
08:51:14.0450 5064 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
08:51:14.0456 5064 W32Time - ok
08:51:14.0486 5064 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:51:14.0487 5064 WacomPen - ok
08:51:14.0513 5064 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:51:14.0515 5064 Wanarp - ok
08:51:14.0521 5064 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:51:14.0523 5064 Wanarpv6 - ok
08:51:14.0562 5064 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:51:14.0585 5064 wcncsvc - ok
08:51:14.0618 5064 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:51:14.0629 5064 WcsPlugInService - ok
08:51:14.0664 5064 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
08:51:14.0665 5064 Wd - ok
08:51:14.0708 5064 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:51:14.0713 5064 Wdf01000 - ok
08:51:14.0748 5064 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:51:14.0752 5064 WdiServiceHost - ok
08:51:14.0766 5064 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:51:14.0771 5064 WdiSystemHost - ok
08:51:14.0820 5064 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
08:51:14.0825 5064 WebClient - ok
08:51:14.0863 5064 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:51:14.0946 5064 Wecsvc - ok
08:51:14.0982 5064 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:51:14.0986 5064 wercplsupport - ok
08:51:15.0019 5064 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
08:51:15.0026 5064 WerSvc - ok
08:51:15.0073 5064 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:51:15.0076 5064 WinDefend - ok
08:51:15.0091 5064 WinHttpAutoProxySvc - ok
08:51:15.0185 5064 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:51:15.0190 5064 Winmgmt - ok
08:51:15.0246 5064 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:51:15.0391 5064 WinRM - ok
08:51:15.0443 5064 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:51:15.0467 5064 Wlansvc - ok
08:51:15.0517 5064 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:51:15.0519 5064 WmiAcpi - ok
08:51:15.0573 5064 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:51:15.0578 5064 wmiApSrv - ok
08:51:15.0717 5064 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:51:15.0817 5064 WMPNetworkSvc - ok
08:51:15.0876 5064 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:51:15.0893 5064 WPCSvc - ok
08:51:15.0992 5064 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:51:16.0007 5064 WPDBusEnum - ok
08:51:16.0144 5064 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:51:16.0324 5064 WPFFontCache_v0400 - ok
08:51:16.0381 5064 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:51:16.0383 5064 ws2ifsl - ok
08:51:16.0411 5064 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
08:51:16.0415 5064 wscsvc - ok
08:51:16.0421 5064 WSearch - ok
08:51:16.0537 5064 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:51:16.0554 5064 wuauserv - ok
08:51:16.0581 5064 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:51:16.0586 5064 wudfsvc - ok
08:51:16.0615 5064 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
08:51:16.0618 5064 yukonwlh - ok
08:51:16.0686 5064 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
08:51:16.0688 5064 ZTEusbmdm6k - ok
08:51:16.0707 5064 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
08:51:16.0709 5064 ZTEusbnmea - ok
08:51:16.0729 5064 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
08:51:16.0731 5064 ZTEusbser6k - ok
08:51:16.0820 5064 [ BDFDE977F5E88A539187AEF24DED7C40 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
08:51:16.0821 5064 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
08:51:16.0829 5064 ================ Scan global ===============================
08:51:16.0873 5064 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:51:16.0901 5064 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:51:16.0928 5064 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:51:17.0003 5064 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:51:17.0008 5064 [Global] - ok
08:51:17.0016 5064 ================ Scan MBR ==================================
08:51:17.0045 5064 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
08:51:17.0952 5064 \Device\Harddisk0\DR0 - ok
08:51:17.0958 5064 ================ Scan VBR ==================================
08:51:17.0963 5064 [ C0837C0D9CCD2400E4ECF09326D4C113 ] \Device\Harddisk0\DR0\Partition1
08:51:17.0965 5064 \Device\Harddisk0\DR0\Partition1 - ok
08:51:17.0990 5064 [ CBF30EABA2F3FEE21E8E1E086B08F246 ] \Device\Harddisk0\DR0\Partition2
08:51:17.0993 5064 \Device\Harddisk0\DR0\Partition2 - ok
08:51:17.0994 5064 ============================================================
08:51:17.0994 5064 Scan finished
08:51:17.0994 5064 ============================================================
08:51:18.0014 4636 Detected object count: 0
08:51:18.0014 4636 Actual detected object count: 0
|
|
09.11.2012, 19:42
| #8 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, Bei der Überprüfung der IP-Adresse in der Logdatei bin ich auf die Uni gestoßen. Rechtsklicke auf diese Datei: C:\Users\Christopher\Desktop\MBR.dat Wähle Senden an > Zip-komprimierter Ordner Füge die Datei MBR.zip von deinem Desktop als Anhang mit der nächsten Antwort hinzu. Blockt Malwarebytes' Anti-Malware immer noch bestimmte Verbindungen? Wenn ja, poste bitte die dazugehörige Logdatei von MBAM. |
|
11.11.2012, 23:21
| #9 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hallo, wie gewünscht befindet sich der zip-ordner im anhang. ja, die verbindungen (bzw. nur die, die mit port 137 zu tun hat) werden immer noch geblockt: Code:
ATTFilter 2012/11/05 07:58:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 07:58:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 07:58:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 07:58:09 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 08:01:34 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/05 08:01:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.04.01 to version v2012.11.05.01
2012/11/05 08:01:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/05 08:01:51 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/05 08:01:51 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/05 08:01:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/05 08:01:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 08:02:05 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 11:33:20 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 11:33:20 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 11:33:20 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 11:33:31 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 11:42:00 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 11:42:00 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 11:42:00 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 11:42:12 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 11:48:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 11:48:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 11:48:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 11:49:13 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 16:37:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 16:37:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 16:37:24 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 16:37:33 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 17:15:23 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 17:15:23 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 17:15:23 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 17:15:36 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 17:18:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/05 17:18:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/05 17:18:35 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/05 17:18:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/05 17:18:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 17:18:48 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 19:01:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.223 (Type: outgoing, Port: 137)
2012/11/05 19:01:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.223 (Type: outgoing, Port: 137)
2012/11/05 19:01:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.223 (Type: outgoing, Port: 137)
2012/11/05 21:01:48 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/05 21:01:49 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/05 21:03:19 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/05 21:03:30 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/05 21:47:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50351, Process: firefox.exe)
2012/11/05 21:47:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50359, Process: firefox.exe)
2012/11/05 21:47:09 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50360, Process: firefox.exe)
Code:
ATTFilter 2012/11/06 08:59:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 08:59:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 08:59:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 08:59:39 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/06 08:59:54 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 08:59:57 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/06 08:59:57 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.05.05 to version v2012.11.06.03
2012/11/06 08:59:57 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/06 08:59:58 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/06 09:00:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/06 09:00:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 09:00:09 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 10:09:56 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/06 15:17:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 15:17:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 15:17:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 15:17:11 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 16:48:27 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/06 18:45:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 18:45:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 18:45:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 18:45:46 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 18:51:37 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping protection
2012/11/06 18:51:37 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection stopped successfully
2012/11/06 19:11:08 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 19:11:08 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 19:11:08 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 19:11:20 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 19:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 19:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 19:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 19:29:35 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/06 20:36:19 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.175 (Type: outgoing, Port: 137)
2012/11/06 20:37:07 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 49647, Process: firefox.exe)
2012/11/06 20:37:07 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 109.163.227.110 (Type: outgoing, Port: 49648, Process: firefox.exe)
2012/11/06 20:39:56 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 91.217.178.30 (Type: outgoing, Port: 49948, Process: firefox.exe)
2012/11/06 20:39:56 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 91.217.178.30 (Type: outgoing, Port: 49949, Process: firefox.exe)
2012/11/06 20:40:28 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 49977, Process: firefox.exe)
2012/11/06 20:40:28 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 49996, Process: firefox.exe)
2012/11/06 20:40:36 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 50005, Process: firefox.exe)
2012/11/06 20:40:36 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 50006, Process: firefox.exe)
2012/11/06 20:40:36 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 50008, Process: firefox.exe)
2012/11/06 20:40:36 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 80.82.70.206 (Type: outgoing, Port: 50009, Process: firefox.exe)
2012/11/06 20:44:05 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 192.162.100.216 (Type: outgoing, Port: 50151, Process: firefox.exe)
2012/11/06 20:44:14 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 91.217.178.30 (Type: outgoing, Port: 50155, Process: firefox.exe)
2012/11/06 20:44:14 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 91.217.178.30 (Type: outgoing, Port: 50156, Process: firefox.exe)
2012/11/06 21:47:04 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/06 21:47:04 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/06 21:47:04 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/06 21:47:15 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/11/07 09:12:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/07 09:12:05 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/07 09:12:05 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/07 09:12:05 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/07 09:12:21 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/07 09:12:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/07 09:12:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/07 09:12:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.06.03 to version v2012.11.07.03
2012/11/07 09:12:32 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/07 09:12:36 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/07 09:12:36 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/07 09:12:44 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/07 14:56:30 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/07 14:56:30 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/07 14:56:30 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/07 14:56:42 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/07 19:54:42 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/07 22:48:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/07 22:48:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/07 22:48:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/07 22:48:41 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/11/08 08:32:03 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/08 08:32:04 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/08 08:32:04 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/08 08:32:14 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/08 08:32:37 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/08 08:32:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/08 08:32:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/08 08:32:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.07.03 to version v2012.11.08.01
2012/11/08 08:32:56 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/08 08:33:00 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/08 08:33:00 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/08 08:33:08 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/08 09:38:21 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/08 09:38:29 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.31 (Type: outgoing, Port: 137)
2012/11/08 14:16:41 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/08 14:16:41 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/08 14:16:41 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/08 14:16:53 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/08 14:19:41 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 121.10.107.133 (Type: outgoing, Port: 137)
2012/11/08 14:19:50 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 121.10.107.133 (Type: outgoing, Port: 137)
2012/11/08 14:19:50 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 121.10.107.133 (Type: outgoing, Port: 137)
2012/11/08 14:20:23 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 121.10.107.133 (Type: outgoing, Port: 137)
2012/11/08 15:47:32 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/08 15:47:32 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.3.15 (Type: outgoing, Port: 137)
2012/11/08 19:18:15 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/08 19:18:15 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/08 19:18:15 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/08 19:18:30 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/11/09 00:00:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 00:00:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 00:00:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 00:01:07 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 08:29:14 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/09 08:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 08:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 08:29:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 08:29:41 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 08:29:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/09 08:29:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/09 08:29:52 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.08.01 to version v2012.11.09.04
2012/11/09 08:29:52 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/09 08:29:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/09 08:29:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 08:30:04 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 08:38:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 08:38:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 08:38:35 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 08:38:45 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 09:11:38 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.92 (Type: outgoing, Port: 137)
2012/11/09 09:11:38 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.92 (Type: outgoing, Port: 137)
2012/11/09 15:18:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 15:18:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 15:18:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 15:19:06 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 15:51:31 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 15:51:31 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 15:53:01 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 15:55:43 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 16:00:49 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 16:00:49 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 16:00:49 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 16:01:03 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 16:13:16 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 16:13:16 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 16:13:16 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 16:13:27 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/09 16:15:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/09 16:15:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/09 16:15:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/09 16:16:10 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/11/11 23:05:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/11 23:05:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/11 23:05:56 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/11 23:06:07 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/11 23:13:06 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.175 (Type: outgoing, Port: 137)
2012/11/11 23:13:06 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.175 (Type: outgoing, Port: 137)
2012/11/11 23:13:06 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.175 (Type: outgoing, Port: 137)
2012/11/11 23:16:26 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/11 23:16:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Scheduled update executed successfully: database updated from version v2012.11.09.04 to version v2012.11.11.07
2012/11/11 23:16:32 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/11 23:16:33 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/11 23:16:33 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/11 23:16:37 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/11 23:16:37 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/11 23:16:45 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
bloß von 137 werden weiterhin ausgehende verbindungen geblockt, ohne das ich etwas am pc mache. edit: jetzt hat ich den anhang doch vergessen^^ |
|
12.11.2012, 15:05
| #10 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge sry für den doppelpost, aber ich konnte heute endlich den sicherheitsverlauf von mcafee öffnen und schauen wie der trojaner heißt. leider kann ich kein log erstellen, deshalb ein screen im anhang |
|
12.11.2012, 17:46
| #11 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, die geblockten IP Adressen mit Port 137 deuten nach China, Rumänien und die Seychellen. Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
|
|
13.11.2012, 10:57
| #12 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hm, das hört sich wenig erfreulich an. die reparatur hat geklappt, hier das log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012
Ran by SYSTEM at 13-11-2012 10:47:27
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-09-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-09-25] (CyberLink)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [x]
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [206120 2009-02-09] (CyberLink Corp.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [x]
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-12-08] ()
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278648 2012-09-12] (McAfee, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Christopher\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Christopher\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Christopher\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
Tcpip\..\Interfaces\{9BDC2E49-2576-4912-A90B-A0400BC3C60E}: [NameServer]141.30.66.1,141.30.66.135
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ===================
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279048 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200816 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168368 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [166320 2012-06-22] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-28] (Mozilla Foundation)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-30] ()
2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-02-09] ()
2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2009-02-09] ()
2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-11-12 23:41 - 2012-11-13 09:26 - 00000000 ____D C:\Users\Christopher\Desktop\Konzert - FLER
2012-11-11 23:15 - 2012-11-11 23:15 - 00000548 ____A C:\Users\Christopher\Desktop\MBR.zip
2012-11-09 08:50 - 2012-11-09 08:50 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Christopher\Desktop\tdsskiller.exe
2012-11-09 08:49 - 2012-11-09 08:49 - 00001680 ____A C:\Users\Christopher\Desktop\aswMBR.txt
2012-11-09 08:49 - 2012-11-09 08:49 - 00000512 ____A C:\Users\Christopher\Desktop\MBR.dat
2012-11-09 08:41 - 2012-11-09 08:41 - 04732416 ____A (AVAST Software) C:\Users\Christopher\Desktop\aswMBR.exe
2012-11-09 08:41 - 2012-11-09 08:41 - 00005288 ____A C:\Users\Christopher\Desktop\11092012_083403.log
2012-11-09 08:34 - 2012-11-09 08:34 - 00000000 ____D C:\_OTL
2012-11-07 22:38 - 2012-11-07 22:38 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-07 22:38 - 2012-11-07 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-07 22:38 - 2012-11-07 22:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-07 22:38 - 2012-11-07 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-07 22:38 - 2012-11-07 22:38 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-07 22:38 - 2012-11-07 22:38 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-06 23:03 - 2012-11-06 23:03 - 00154516 ____A C:\Users\Christopher\Desktop\OTL.txt
2012-11-06 21:32 - 2012-11-06 21:32 - 00866592 ____A C:\Users\Christopher\Desktop\Norton_Removal_Tool.exe
2012-11-06 19:26 - 2012-11-06 19:26 - 00016517 ____A C:\Users\Christopher\Desktop\Combofix.txt
2012-11-06 19:25 - 2012-11-06 19:25 - 00016517 ____A C:\ComboFix.txt
2012-11-06 18:53 - 2012-11-06 19:26 - 00000000 ____D C:\Qoobox
2012-11-06 18:53 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-06 18:53 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-06 18:53 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-06 18:53 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-06 18:53 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-06 18:53 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-06 18:53 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-06 18:53 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-06 18:52 - 2012-11-06 19:22 - 00000000 ____D C:\Windows\erdnt
2012-11-06 18:49 - 2012-11-06 18:50 - 04997881 ____R (Swearware) C:\Users\Christopher\Desktop\ComboFix.exe
2012-11-06 18:48 - 2012-11-06 18:48 - 00002788 ____A C:\Users\Christopher\Desktop\AdwCleaner[S1].txt
2012-11-06 18:43 - 2012-11-06 18:43 - 00002788 ____A C:\AdwCleaner[S1].txt
2012-11-06 18:42 - 2012-11-06 18:42 - 00541569 ____A C:\Users\Christopher\Desktop\adwcleaner.exe
2012-11-04 21:37 - 2012-11-04 21:37 - 00020416 ____A C:\Users\Christopher\Desktop\Desktop.zip
2012-11-04 21:36 - 2012-11-04 21:36 - 00000000 ____D C:\Program Files\7-Zip
2012-11-04 20:58 - 2012-11-04 20:58 - 00111701 ____A C:\Users\Christopher\Desktop\gmer.log
2012-11-04 19:58 - 2012-11-04 19:58 - 00302592 ____A C:\Users\Christopher\Desktop\qmj6pox7.exe
2012-11-04 19:57 - 2012-11-04 19:57 - 00055230 ____A C:\Users\Christopher\Desktop\Extras.Txt
2012-11-04 19:53 - 2012-11-06 22:52 - 00154516 ____A C:\Users\Christopher\Desktop\OTL2.Txt
2012-11-04 19:34 - 2012-11-04 19:35 - 00602112 ____A (OldTimer Tools) C:\Users\Christopher\Desktop\OTL.exe
2012-11-04 19:33 - 2012-11-04 19:34 - 00000484 ____A C:\Users\Christopher\Desktop\defogger_disable.log
2012-11-04 19:33 - 2012-11-04 19:33 - 00050477 ____A C:\Users\Christopher\Desktop\Defogger.exe
2012-11-04 19:33 - 2012-11-04 19:33 - 00000000 ____A C:\Users\Christopher\defogger_reenable
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-02 19:52 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-28 23:59 - 2012-10-28 23:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-25 18:38 - 2012-09-24 14:23 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-10-25 18:38 - 2012-09-24 14:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-10-25 18:38 - 2012-09-24 14:23 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-10-25 18:37 - 2012-10-25 18:38 - 00003155 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-24 23:06 - 2012-10-24 23:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\Macromedia
2012-10-24 23:04 - 2012-11-13 10:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-24 23:04 - 2012-10-25 09:04 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-23 18:39 - 2012-11-12 15:02 - 00000000 ___RD C:\Users\Christopher\Dropbox
2012-10-23 18:36 - 2012-10-23 18:36 - 00000000 ____D C:\Program Files\Dropbox
2012-10-23 18:35 - 2012-11-12 15:02 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Dropbox
2012-10-20 17:18 - 2012-10-20 17:18 - 00000000 ____A C:\Users\Christopher\AppData\Local\FnF4.txt
2012-10-20 08:27 - 2012-10-29 08:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-10-20 08:27 - 2012-10-20 08:27 - 00000000 ____D C:\Users\All Users\Mozilla
2012-10-20 08:27 - 2012-10-20 08:27 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
==================== One Month Modified Files and Folders ========
2012-11-13 10:47 - 2012-11-13 10:47 - 00000000 ____D C:\FRST
2012-11-13 10:43 - 2008-11-17 05:23 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-11-13 10:43 - 2006-11-02 14:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-13 10:43 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-13 10:42 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-13 10:42 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-13 10:41 - 2010-09-25 15:21 - 01580151 ____A C:\Windows\WindowsUpdate.log
2012-11-13 10:04 - 2012-10-24 23:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-13 09:26 - 2012-11-12 23:41 - 00000000 ____D C:\Users\Christopher\Desktop\Konzert - FLER
2012-11-13 08:43 - 2006-11-02 11:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-13 00:04 - 2012-10-04 12:40 - 00045568 ____A C:\Users\Christopher\Desktop\Stundenplan WS 12~13.xls
2012-11-12 23:40 - 2006-11-02 13:52 - 00186639 ____A C:\Windows\setupact.log
2012-11-12 23:33 - 2008-01-21 03:47 - 00244498 ____A C:\Windows\PFRO.log
2012-11-12 15:02 - 2012-10-23 18:39 - 00000000 ___RD C:\Users\Christopher\Dropbox
2012-11-12 15:02 - 2012-10-23 18:35 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Dropbox
2012-11-11 23:15 - 2012-11-11 23:15 - 00000548 ____A C:\Users\Christopher\Desktop\MBR.zip
2012-11-09 16:00 - 2011-05-12 07:39 - 00006836 ____A C:\Users\Christopher\AppData\Local\d3d9caps.dat
2012-11-09 10:14 - 2012-10-04 09:56 - 00013470 ____A C:\Users\Christopher\Desktop\Kosten.xlsx
2012-11-09 09:38 - 2011-02-18 09:09 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-11-09 08:50 - 2012-11-09 08:50 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Christopher\Desktop\tdsskiller.exe
2012-11-09 08:49 - 2012-11-09 08:49 - 00001680 ____A C:\Users\Christopher\Desktop\aswMBR.txt
2012-11-09 08:49 - 2012-11-09 08:49 - 00000512 ____A C:\Users\Christopher\Desktop\MBR.dat
2012-11-09 08:41 - 2012-11-09 08:41 - 04732416 ____A (AVAST Software) C:\Users\Christopher\Desktop\aswMBR.exe
2012-11-09 08:41 - 2012-11-09 08:41 - 00005288 ____A C:\Users\Christopher\Desktop\11092012_083403.log
2012-11-09 08:34 - 2012-11-09 08:34 - 00000000 ____D C:\_OTL
2012-11-08 08:51 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2012-11-07 22:43 - 2006-11-02 12:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2012-11-07 22:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2012-11-07 22:38 - 2012-11-07 22:38 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-07 22:38 - 2012-11-07 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-07 22:38 - 2012-11-07 22:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-07 22:38 - 2012-11-07 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-07 22:38 - 2012-11-07 22:38 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-07 22:38 - 2012-11-07 22:38 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-07 22:38 - 2012-11-07 22:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-07 22:38 - 2012-11-07 22:38 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-07 22:38 - 2011-05-17 18:11 - 00005239 ____A C:\Windows\IE9_main.log
2012-11-07 22:38 - 2006-11-02 07:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-11-07 22:38 - 2006-11-02 07:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-11-06 23:03 - 2012-11-06 23:03 - 00154516 ____A C:\Users\Christopher\Desktop\OTL.txt
2012-11-06 22:52 - 2012-11-04 19:53 - 00154516 ____A C:\Users\Christopher\Desktop\OTL2.Txt
2012-11-06 21:32 - 2012-11-06 21:32 - 00866592 ____A C:\Users\Christopher\Desktop\Norton_Removal_Tool.exe
2012-11-06 19:26 - 2012-11-06 19:26 - 00016517 ____A C:\Users\Christopher\Desktop\Combofix.txt
2012-11-06 19:26 - 2012-11-06 18:53 - 00000000 ____D C:\Qoobox
2012-11-06 19:25 - 2012-11-06 19:25 - 00016517 ____A C:\ComboFix.txt
2012-11-06 19:25 - 2006-11-02 12:18 - 00000000 __RHD C:\users\Default
2012-11-06 19:25 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public
2012-11-06 19:22 - 2012-11-06 18:52 - 00000000 ____D C:\Windows\erdnt
2012-11-06 19:13 - 2006-11-02 11:23 - 00000215 ____A C:\Windows\system.ini
2012-11-06 19:09 - 2006-11-02 11:22 - 45613056 ____A C:\Windows\System32\config\software.bak
2012-11-06 19:09 - 2006-11-02 11:22 - 39321600 ____A C:\Windows\System32\config\COMPON~3.bak
2012-11-06 19:09 - 2006-11-02 11:22 - 27000832 ____A C:\Windows\System32\config\system.bak
2012-11-06 19:09 - 2006-11-02 11:22 - 00786432 ____A C:\Windows\System32\config\default.bak
2012-11-06 19:09 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-11-06 19:09 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-11-06 18:50 - 2012-11-06 18:49 - 04997881 ____R (Swearware) C:\Users\Christopher\Desktop\ComboFix.exe
2012-11-06 18:48 - 2012-11-06 18:48 - 00002788 ____A C:\Users\Christopher\Desktop\AdwCleaner[S1].txt
2012-11-06 18:43 - 2012-11-06 18:43 - 00002788 ____A C:\AdwCleaner[S1].txt
2012-11-06 18:42 - 2012-11-06 18:42 - 00541569 ____A C:\Users\Christopher\Desktop\adwcleaner.exe
2012-11-04 21:37 - 2012-11-04 21:37 - 00020416 ____A C:\Users\Christopher\Desktop\Desktop.zip
2012-11-04 21:36 - 2012-11-04 21:36 - 00000000 ____D C:\Program Files\7-Zip
2012-11-04 20:58 - 2012-11-04 20:58 - 00111701 ____A C:\Users\Christopher\Desktop\gmer.log
2012-11-04 19:58 - 2012-11-04 19:58 - 00302592 ____A C:\Users\Christopher\Desktop\qmj6pox7.exe
2012-11-04 19:57 - 2012-11-04 19:57 - 00055230 ____A C:\Users\Christopher\Desktop\Extras.Txt
2012-11-04 19:35 - 2012-11-04 19:34 - 00602112 ____A (OldTimer Tools) C:\Users\Christopher\Desktop\OTL.exe
2012-11-04 19:34 - 2012-11-04 19:33 - 00000484 ____A C:\Users\Christopher\Desktop\defogger_disable.log
2012-11-04 19:33 - 2012-11-04 19:33 - 00050477 ____A C:\Users\Christopher\Desktop\Defogger.exe
2012-11-04 19:33 - 2012-11-04 19:33 - 00000000 ____A C:\Users\Christopher\defogger_reenable
2012-11-04 19:33 - 2010-09-25 15:05 - 00000000 ____D C:\users\Christopher
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-02 19:52 - 2012-11-02 19:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-02 17:06 - 2011-04-01 15:19 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\HpUpdate
2012-10-29 08:08 - 2012-10-20 08:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-10-28 23:59 - 2012-10-28 23:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-25 18:41 - 2008-11-17 07:17 - 00000000 ____D C:\Program Files\Common Files\Java
2012-10-25 18:38 - 2012-10-25 18:37 - 00003155 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-25 18:38 - 2008-11-17 07:17 - 00000000 ____D C:\Program Files\Java
2012-10-25 09:04 - 2012-10-24 23:04 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-25 09:04 - 2011-05-27 06:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-24 23:06 - 2012-10-24 23:06 - 00000000 ____D C:\Users\Christopher\AppData\Local\Macromedia
2012-10-23 18:36 - 2012-10-23 18:36 - 00000000 ____D C:\Program Files\Dropbox
2012-10-20 17:18 - 2012-10-20 17:18 - 00000000 ____A C:\Users\Christopher\AppData\Local\FnF4.txt
2012-10-20 08:27 - 2012-10-20 08:27 - 00000000 ____D C:\Users\All Users\Mozilla
2012-10-20 08:27 - 2012-10-20 08:27 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-10-16 08:58 - 2012-10-07 13:16 - 00000000 ____D C:\Users\Christopher\Desktop\Wintersemester 12~13
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-06 09:06:56
Restore point made on: 2012-11-06 18:37:44
Restore point made on: 2012-11-06 18:39:10
Restore point made on: 2012-11-06 22:42:15
Restore point made on: 2012-11-07 10:54:48
Restore point made on: 2012-11-07 22:36:00
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 3069.08 MB
Available physical RAM: 2539.21 MB
Total Pagefile: 2785.09 MB
Available Pagefile: 2608.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.1 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:287.01 GB) (Free:237.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.08 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 298 GB 1024 KB
1 Online 3832 MB 0 B
Last Boot: 2012-11-13 08:45
==================== End Of Log ============================
Code:
ATTFilter 2012/11/13 08:38:13 +0100 CHRISTOPHER-PC Christopher MESSAGE Executing scheduled update: Daily
2012/11/13 08:38:18 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/13 08:38:18 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/13 08:38:19 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/13 08:38:21 +0100 CHRISTOPHER-PC Christopher MESSAGE Database already up-to-date
2012/11/13 08:38:30 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/13 08:38:30 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting database refresh
2012/11/13 08:38:30 +0100 CHRISTOPHER-PC Christopher MESSAGE Stopping IP protection
2012/11/13 08:38:30 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection stopped successfully
2012/11/13 08:38:34 +0100 CHRISTOPHER-PC Christopher MESSAGE Database refreshed successfully
2012/11/13 08:38:34 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/13 08:38:42 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/13 10:42:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/13 10:42:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/13 10:42:50 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/13 10:43:02 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/13 10:49:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting protection
2012/11/13 10:49:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Protection started successfully
2012/11/13 10:49:55 +0100 CHRISTOPHER-PC Christopher MESSAGE Starting IP protection
2012/11/13 10:50:11 +0100 CHRISTOPHER-PC Christopher MESSAGE IP Protection started successfully
2012/11/13 11:18:11 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.41.7 (Type: outgoing, Port: 137)
2012/11/13 11:18:19 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.41.7 (Type: outgoing, Port: 137)
2012/11/13 11:18:19 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.41.7 (Type: outgoing, Port: 137)
2012/11/13 11:31:19 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.223 (Type: outgoing, Port: 137)
2012/11/13 11:51:54 +0100 CHRISTOPHER-PC Christopher IP-BLOCK 222.186.30.175 (Type: outgoing, Port: 137)
Geändert von fux89 (13.11.2012 um 11:54 Uhr) |
|
13.11.2012, 19:27
| #13 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, auch FRST zeigt keine Anzeichen von Malware.  Kann auch sein, dass diese geblockten IP Adressen von Seiten kommen, die dein Rechner nimmt, wenn du im Uni-Netzwerk bist. Hast du irgendwelche Anonymisierungsdienste wie z. B. JAP laufen? Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers! |
|
13.11.2012, 21:33
| #14 |
| | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge hattest du in dem letzten post auf der ersten seite gesehn das ich den sicherheitsverlauf von mcafee öffnen konnte (wg. dem trojaner-namen)? von diesem JAP hab ich noch nie gehört, musst ich erstmal googeln. wenn, dann nutz ich das nicht bewusst (also hab nix eingestellt oder installiert oder so) weiß nicht, ob ich das automatisch hab weil ich an das uni-netz angeschlossen bin? bei dem scan wurde einwas gefunden, aber da steht halt mcafee im pfad Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218161664, free: 1848737792
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218161664, free: 1969664000
------------ Kernel report ------------
11/13/2012 20:26:21
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\hpcisss.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu160m.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\djsvs.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\i2omp.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\iteatapi.sys
\SystemRoot\system32\drivers\iteraid.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\megasr.sys
\SystemRoot\system32\drivers\mraid35x.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\sisraid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\symc8xx.sys
\SystemRoot\system32\drivers\sym_hi.sys
\SystemRoot\system32\drivers\sym_u3.sys
\SystemRoot\system32\drivers\uliahci.sys
\SystemRoot\system32\drivers\ulsata.sys
\SystemRoot\system32\drivers\ulsata2.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\MOBK.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff860f4030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff860c8b98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.13.07
Downloaded database version: v2012.11.12.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff860f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8610f020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff860f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8610d020, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff860c8b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffc228c8c0, 0xffffffff860f4030, 0xffffffff85a0b810
Lower DeviceData: 0xffffffffba3b5cb8, 0xffffffff860c8b98, 0xffffffff87ce2448
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8F341886
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 601896897
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 601896960 Numsec = 23238656
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: C:\Windows\Temp\mcafee_0ebaao4Xv8k9I5m --> [Trojan.Downloader]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218161664, free: 2360475648
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218161664, free: 1969491968
------------ Kernel report ------------
11/13/2012 21:05:35
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\hpcisss.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu160m.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\djsvs.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\i2omp.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\iteatapi.sys
\SystemRoot\system32\drivers\iteraid.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\megasr.sys
\SystemRoot\system32\drivers\mraid35x.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\sisraid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\symc8xx.sys
\SystemRoot\system32\drivers\sym_hi.sys
\SystemRoot\system32\drivers\sym_u3.sys
\SystemRoot\system32\drivers\uliahci.sys
\SystemRoot\system32\drivers\ulsata.sys
\SystemRoot\system32\drivers\ulsata2.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\MOBK.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8610f1c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff860c8b98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8610f1c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff860ea020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8610f1c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86101558, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff860c8b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffbdef30e0, 0xffffffff8610f1c0, 0xffffffff861b5498
Lower DeviceData: 0xffffffffbc4212c8, 0xffffffff860c8b98, 0xffffffff862b2040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8F341886
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 601896897
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 601896960 Numsec = 23238656
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
|
|
14.11.2012, 16:37
| #15 |
| /// TB-Ausbilder | möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge Servus, Ja, ich habe deine Meldung von McAfee bezüglich des Trojanernamens gelesen. Dabei handelte es sich aber nur um einen PDF-Exploit, über die Malware auf deinen Rechner gelangen kann. Bisland haben wir aber nicht wirklich was gefunden. Hast du parallel Linux oder Ähnliches auf deinem Rechner installiert? Bist du im Internet bzw. besuchst du bestimmte Seiten, wenn MBAM diese IP Adressen blockiert? Wenn ja, was für Seiten sind das? |
|
| Themen zu möglicher trojaner-befall? malwarebytes blockiert potentiell gefährliche zugänge |
| adobe, autorun, bho, blockiert, branding, defender, fehlalarm, flash player, format, helper, home, intranet, logfile, mozilla, pdfforge toolbar, plug-in, port, problem, programm, prozess, realtek, registry, scan, security, senden, siteadvisor, software, trojaner, vista |
Textbox.
Linear-Darstellung
