Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert.

Schicksal · 23.09.2013, 22:09

Guten Abend

Bin neu hier wie man sehen kann, und hoffe auf eure Hilfe.
Unzwar habe ich aufgrund von Trojanern meinen Notebook, der mit der vorinstallierten Windows8 64bit Version läuft, gestern Frisch aufgesetzt. Der Nb war in letzter Zeit langsam gewesen und mein Antiviren Programm hatte Trojaner entdeckt.

Nun habe ich ca. paar Minuten nach einrichten von Windows das vorinstallierte Virenprogramm durchgeschaut und gesehen das er Verbindungen blockiert hat.
genau Details:

Blockierte potenziell böswillige eingehende Verbindungen : 7 (Tendenz steigend.)
in den genaueren Information stand noch folgendes:

Verdächtige eingehende Netzwerkverbindung blockiert
Ausgangs-Ip-Adresse: 192.168.0.1
und viele andere mit den verschiedensten Ips

Ich kann das nicht verstehen denn ich habe Alle Dateien gelöscht und neu aufgesetzt.
Sind diese nun wirklich bedrohlich oder Fehl Alarm von McAfee
Danke im Vorraus für eure Hilfe und euer Verständniss.

Gute Nacht

schrauber · 24.09.2013, 05:00

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schicksal · 24.09.2013, 11:22

Danke für die Flotte antwort

hier die Logfiles:

Frst.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Hussein (administrator) on AspireV3 on 24-09-2013 12:19:00
Running from C:\Users\Hussein\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-22] (NTI Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1527896 2012-06-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1527896 2012-06-22] (McAfee, Inc.)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-07-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-07-31] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = 
SearchScopes: HKCU - {252F5BBD-D159-4AFF-914B-9010274BA4CF} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

S2 0100131379968483mcinstcleanup; C:\Windows\TEMP\010013~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-11] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S4 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-11] (Dritek System Inc.)
U3 mfeavfk01; No ImagePath
U3 mfeavfk02; No ImagePath
U3 mfehidk01; No ImagePath
S0 mferkdet; system32\drivers\mferkdet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\FRST
2013-09-24 12:15 - 2013-09-24 12:16 - 01955802 _____ (Farbar) C:\Users\Hussein\Downloads\FRST64.exe
2013-09-24 12:12 - 2013-09-24 12:12 - 00000117 _____ C:\Windows\system32\netcfg-50991265.txt
2013-09-24 12:12 - 2013-09-24 12:12 - 00000117 _____ C:\Windows\system32\netcfg-50990031.txt
2013-09-24 08:02 - 2013-09-24 08:02 - 00000000 _____ C:\Recovery.txt
2013-09-23 22:52 - 2012-05-28 10:28 - 00197264 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-09-23 22:43 - 2013-09-23 22:43 - 00000000 ____D C:\Users\Hussein\AppData\Local\EgisTec IPS
2013-09-23 22:40 - 2013-09-24 12:18 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1107230586-1907259844-1229426416-1002
2013-09-23 22:35 - 2013-09-23 22:35 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Macromedia
2013-09-23 22:34 - 2013-09-23 22:34 - 00002609 _____ C:\Users\Public\Desktop\eBay.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00002027 _____ C:\Users\Public\Desktop\LOVEFiLM.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00001736 _____ C:\Users\Public\Desktop\Online kaufen.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Atheros
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files\Preload
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files\Accessory Store
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files (x86)\OEM
2013-09-23 22:33 - 2013-09-23 22:53 - 00119272 _____ C:\Windows\WindowsUpdate.log
2013-09-23 22:33 - 2013-09-23 22:34 - 00000000 ____D C:\Users\Hussein
2013-09-23 22:33 - 2013-09-23 22:33 - 00001446 _____ C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-23 22:33 - 2013-09-23 22:33 - 00000020 ___SH C:\Users\Hussein\ntuser.ini
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Vorlagen
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Startmenü
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Netzwerkumgebung
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Lokale Einstellungen
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Eigene Dateien
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Druckumgebung
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Documents\Eigene Musik
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Documents\Eigene Bilder
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Local\Verlauf
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Local\Anwendungsdaten
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Anwendungsdaten
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\lm
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Adobe
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Local\VirtualStore
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Local\Packages
2013-09-23 22:33 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-23 22:33 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-23 22:33 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-23 22:33 - 2012-07-26 10:13 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1761312.txt
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1760187.txt
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1747265.txt
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\FRST
2013-09-24 12:18 - 2013-09-23 22:40 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1107230586-1907259844-1229426416-1002
2013-09-24 12:18 - 2012-08-02 13:33 - 00000000 ____D C:\ProgramData\McAfee
2013-09-24 12:16 - 2013-09-24 12:15 - 01955802 _____ (Farbar) C:\Users\Hussein\Downloads\FRST64.exe
2013-09-24 12:12 - 2013-09-24 12:12 - 00000117 _____ C:\Windows\system32\netcfg-50991265.txt
2013-09-24 12:12 - 2013-09-24 12:12 - 00000117 _____ C:\Windows\system32\netcfg-50990031.txt
2013-09-24 08:02 - 2013-09-24 08:02 - 00000000 _____ C:\Recovery.txt
2013-09-24 08:02 - 2012-07-26 10:13 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2013-09-23 23:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-23 22:53 - 2013-09-23 22:33 - 00119272 _____ C:\Windows\WindowsUpdate.log
2013-09-23 22:52 - 2012-08-02 13:35 - 00001848 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-09-23 22:52 - 2012-08-02 13:33 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-09-23 22:51 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-09-23 22:43 - 2013-09-23 22:43 - 00000000 ____D C:\Users\Hussein\AppData\Local\EgisTec IPS
2013-09-23 22:43 - 2012-08-02 13:36 - 00000000 ____D C:\ProgramData\EgisTec IPS
2013-09-23 22:37 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-09-23 22:35 - 2013-09-23 22:35 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Macromedia
2013-09-23 22:35 - 2012-08-02 14:09 - 00000000 ___HD C:\OEM
2013-09-23 22:34 - 2013-09-23 22:34 - 00002609 _____ C:\Users\Public\Desktop\eBay.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00002027 _____ C:\Users\Public\Desktop\LOVEFiLM.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00001736 _____ C:\Users\Public\Desktop\Online kaufen.lnk
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ___RD C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Atheros
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files\Preload
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files\Accessory Store
2013-09-23 22:34 - 2013-09-23 22:34 - 00000000 ____D C:\Program Files (x86)\OEM
2013-09-23 22:34 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein
2013-09-23 22:34 - 2012-09-11 03:27 - 00000000 ____D C:\ProgramData\OEM
2013-09-23 22:33 - 2013-09-23 22:33 - 00001446 _____ C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-23 22:33 - 2013-09-23 22:33 - 00000020 ___SH C:\Users\Hussein\ntuser.ini
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Vorlagen
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Startmenü
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Netzwerkumgebung
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Lokale Einstellungen
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Eigene Dateien
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Druckumgebung
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Documents\Eigene Musik
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Documents\Eigene Bilder
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Local\Verlauf
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\AppData\Local\Anwendungsdaten
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 _SHDL C:\Users\Hussein\Anwendungsdaten
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\lm
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Roaming\Adobe
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Local\VirtualStore
2013-09-23 22:33 - 2013-09-23 22:33 - 00000000 ____D C:\Users\Hussein\AppData\Local\Packages
2013-09-23 22:33 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-23 22:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1761312.txt
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1760187.txt
2013-09-23 22:31 - 2013-09-23 22:31 - 00000117 _____ C:\Windows\system32\netcfg-1747265.txt
2013-09-23 22:07 - 2012-09-11 12:34 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-23 22:07 - 2012-09-11 12:34 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-23 22:07 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 22:05 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Programme
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-23 22:03 - 2013-09-23 22:03 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-09-23 22:03 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows NT
2013-09-23 22:03 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 22:03 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-08-02 13:15

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Hussein at 2013-09-24 12:19:42
Running from C:\Users\Hussein\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910)
Acer Backup Manager (x32 Version: 4.0.0.0059)
Acer Device Fast-lane (Version: 1.00.3007)
Acer Instant Update Service (Version: 1.00.3013)
Acer Power Management (Version: 7.00.3006)
Acer Recovery Management (Version: 6.00.3011)
AcerCloud (x32 Version: 2.01.3115)
AcerCloud Docs (x32 Version: 1.00.3201)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
ALPS Touch Pad Driver (Version: 8.100.2020.106)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.4)
Backup Manager v4 (x32 Version: 4.0.0.0059)
Bejeweled 3 (x32 Version: 2.2.0.98)
clear.fi Media (x32 Version: 2.01.3107)
clear.fi Photo (x32 Version: 2.01.3107)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16)
eBay Worldwide (x32 Version: 2.3.0630)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Identity Card (x32 Version: 2.00.3004)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Island Tribe (x32 Version: 2.2.0.98)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Launch Manager (x32 Version: 7.0.4)
Live Updater (x32 Version: 2.00.3003)
Magic Academy (x32 Version: 2.2.0.98)
McAfee Internet Security Suite (x32 Version: 12.8.750)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Norton Online Backup (x32 Version: 2.2.3.45)
Norton Online Backup ARA (x32 Version: 4.1.0.10)
NTI Media Maker 9 (x32 Version: 9.0.2.9008)
NVIDIA Grafiktreiber 305.46 (Version: 305.46)
NVIDIA Install Application (Version: 2.1002.82.513)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 305.46 (Version: 305.46)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office Addin (x32 Version: 2.01.3200)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.204)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 11.05)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6695)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.28123)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.3)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20EC7945-37B8-4A26-A706-BA2B67B9B48C} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {478FA25E-1494-4827-81A2-5C86B79FF891} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {544604A9-97A8-4F98-8223-7294ABBB6F2E} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {6B522B7B-1E15-4B72-9FB4-FA3054294611} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {7CD5FFF9-DD8F-4B60-83DA-DAEDD826AEA1} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {A72083A4-EC26-4FE0-B9FE-645E5102CD1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {A8E0A9E5-CFFC-4FCE-B10B-E6E141EB95A9} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {EF30F436-8516-4A1B-8300-F8C16781319E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: {FB1EC4FD-D4CF-4F7F-8F93-C3F42CBD9847} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)

==================== Loaded Modules (whitelisted) =============

2012-09-11 02:49 - 2012-07-31 18:02 - 00971112 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvumdshimx.dll
2012-09-11 02:49 - 2012-07-31 18:02 - 00247144 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvinitx.dll
2012-09-11 02:49 - 2012-07-31 18:02 - 02728808 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvapi64.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-09-11 02:50 - 2012-07-31 18:25 - 00865640 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2012-08-11 22:47 - 2012-08-07 16:11 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2012-08-11 22:46 - 2012-08-07 16:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-11 03:00 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-09-11 03:00 - 2012-07-16 08:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-08-02 14:10 - 2012-07-04 23:45 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2012-07-31 17:45 - 2012-07-31 17:45 - 00010880 _____ (Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\ExtensionToolkit.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00034944 _____ (Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.Infrastructure.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00114304 _____ (Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\CommApiInterop.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00384128 _____ () c:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00042112 _____ (Qualcomm Atheros) c:\Program Files (x86)\Bluetooth Suite\BtTray.Toolkit.dll
2012-07-31 17:40 - 2012-07-31 17:40 - 00020992 _____ () c:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-07-25 17:03 - 2012-07-25 17:03 - 01080560 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4c.dll
2012-07-25 17:03 - 2012-07-25 17:03 - 00040688 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\Dolby.Interop.dll
2012-09-11 03:00 - 2012-06-15 05:20 - 00123784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2012-07-25 17:02 - 2012-07-25 17:02 - 00020208 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\de\pcee4c.resources.dll
2012-07-26 10:14 - 2012-07-19 04:00 - 00521560 _____ (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll
2012-06-15 10:57 - 2012-06-15 10:57 - 00048784 _____ (xidar solutions) C:\Program Files (x86)\Acer\Live Updater\SharpBITS.Base.dll
2012-06-15 10:57 - 2012-06-15 10:57 - 00052880 _____ (hardcodet.net) C:\Program Files (x86)\Acer\Live Updater\ALUNotify.dll
2012-07-26 10:14 - 2012-07-19 04:00 - 12950360 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
2012-08-22 23:26 - 2012-08-22 23:26 - 00101952 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookDispatch.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00062528 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\LUInterface.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00024128 _____ (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\MUI\0407\lang.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00037440 _____ (TODO: <Company name>) C:\Program Files (x86)\NTI\Acer Backup Manager\ToastNotification.DLL
2012-08-22 15:04 - 2012-08-22 15:04 - 00025744 _____ ( ) C:\Program Files\Acer\Acer Instant Service\InstantUpdate\Interop.NETWORKLIST.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2013 10:51:22 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: 1

Error: (09/23/2013 10:51:18 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: 1


System errors:
=============
Error: (09/24/2013 00:18:36 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:18:05 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:17:34 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:17:03 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:16:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:16:01 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:15:30 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:14:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:14:28 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (09/24/2013 00:13:57 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}


Microsoft Office Sessions:
=========================
Error: (09/23/2013 10:51:22 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 1

Error: (09/23/2013 10:51:18 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 1


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 8010.27 MB
Available physical RAM: 6621.45 MB
Total Pagefile: 12618.27 MB
Available Pagefile: 10948.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:678.33 GB) (Free:645.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 31530D14)

Partition: GPT Partition Type
==================== End Of Log ============================

Vielen Dank

schrauber · 24.09.2013, 18:45

poste mal den kompletten Inhalt von dem Log mit den IP Adressen.

Schicksal · 24.09.2013, 22:24

Abend

Ich weiß nicht wie ich an die logfiles von den Ips bei McAfee komme, ich weiß nicht ob das was bringt wenn ich sie abtippe aber hier trotzdem:

Code:

ATTFilter

Verdächtig eingehende Netzwerkverbindungen blockiert Ausgangs-ip-adressen:

192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
192.168.0.106
161.69.12.13
192.168.0.1
192.168.0.106
192.168.0.1
85.13.149.210
85.13.149.210
85.13.149.210
85.13.149.210
85.13.149.210
192.168.0.1
109.193.193.199
109.193.193.183
109.193.193.199
109.193.193.193
173.194.35.159
192.168.0.1
64.4.11.25
54.247.187.62
192.168.0.1
192.168.0.106
192.168.0.106
137.117.209.30
65.52.237.45
168.63.124.173
192.168.0.1
192.168.0.1

***
Mir ist gerade ein Fenster von McAfee aufgepoppt worin steht:

Sie sind jetzt mit der Unbekannten Ip 192.168.0.1 verbunden

schrauber · 25.09.2013, 12:40

Das ist deine eigene IP bzw die des Router.

Schicksal · 25.09.2013, 17:30

Hi
Und was ist mit all den anderen ips? sind die auch nicht weiter gefährlich ? Hat mcafee also fehl alarm geschlagen?

Muss ich noch irgendwas machen ? oder sind wir durch

Vielen dank jetzt schonmal

schrauber · 26.09.2013, 08:01

Deine IP
Ne IP von McAfee
Ne IP von Kabel Baden-Würtemberg
Eine von Hotmail

Also ich denke McAfee zickt nur rum.

Schicksal · 26.09.2013, 18:21

ok das freut mich sehr
danke für deine hilfe, kann jetzt wieder mit reinem gewissen am pc arbeiten
werd gleich mal den spenden button pushen

danke nochmal bye und schönen abend noch

schrauber · 27.09.2013, 08:09

Gern Geschehen

24.09.2013, 18:45	#4
schrauber /// the machine /// TB-Ausbilder	Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert. poste mal den kompletten Inhalt von dem Log mit den IP Adressen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.09.2013, 12:40	#6
schrauber /// the machine /// TB-Ausbilder	Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert. Das ist deine eigene IP bzw die des Router. __________________ --> Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert.

26.09.2013, 08:01	#8
schrauber /// the machine /// TB-Ausbilder	Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert. Deine IP Ne IP von McAfee Ne IP von Kabel Baden-Würtemberg Eine von Hotmail Also ich denke McAfee zickt nur rum. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

27.09.2013, 08:09	#10
schrauber /// the machine /// TB-Ausbilder	Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert. Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert.

Plagegeister aller Art und deren Bekämpfung: Frisch Aufgesetzter NB McAfee Böswillige eingehende Verbindungen, blockiert.