Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff

Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff


Log-Analyse und Auswertung: Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.12.2011, 15:55   #1
Der Ollie
 
Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff - Standard

Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff


Liebe Leute,

ich benötige dringend Eure Hilfe.

Was passiert ist:
- seit ein paar Tagen hatte mein PC Probleme beim Booten. Es dauerte teilweise 5-10 Minuten, bis der Startvorgang abgeschlossen war. Bis dahin war die Taskleiste schwarz gefärbt und Programme starteten nicht, obwohl ich die Maus kontrollieren konnte.

- ich habe ein paar Male versucht die Ursache im abgesicherten Modus (der startete wie gewöhnlich, weshalb ich einen Hardwarefehler ausgeschlossen habe) zu finden. Eine Lösung habe ich nicht finden können, doch nach Start des abgesicherten Modus erledigte das Problem sich teilweise von selbst.

- heute ist es zu einem "Angriff" gekommen. Beim Surfen übernahm plötzlich jemand die Kontrolle über meine Maus und wollte in das untere rechte Feld der Taskleiste klicken (Da wo die aktiven Programme und die Zeit angezeigt werden). Ich konnte "gegenlenken" und schaltete den PC durch Druck auf die Netztaste aus.

Bisher ergriffene Gegenmaßnahmen:
- Vollständiger Systemscan mit MSE im abgesicherten Modus und anschließend manuelle Suche nach merkwürdigen Einträgen in services.msc
- Befolgung Eures FAQs für Hilfesuchende

Was ich sonst für erwähnenswert halte
- Der Rechner ist mein Unilaptop. Ich war mit diesem PC weder auf seltsamen Seiten, die sich am Rande der Legalität bewegen (oder die Grenze zur Illegalität überschritten haben), noch habe ich von diesen Seiten Dateien heruntergeladen. Ich benutze nicht LOIC, meine E-Mailkonten sind gesichert und ich verfüge mit der Windows-Firewall und MSE über absolut ausreichende Sicherheitsvorkehrungen. Mein W-LAN Netzwerk ist selbstverständlich passwortgeschützt. Was da seit ein paar Tagen passiert, kann ich mir absolut nicht erklären.

- Ich habe sehr viel Zeit damit verbracht den Laptop einzurichten und habe beispielsweise Sicherheitslücken wie den Dienst für den Remote-Desktop-Zugriff (der hier wohl exploitet wird???) sofort komplett deaktiviert. Es entzieht sich meiner Kenntnis, wie so ein Angriff überhaupt möglich ist.

- Bisher habe ich auch immer nur müde über Leute lachen können, deren PCs voller Viren waren, obwohl sie nach eigener Aussage "nie irgendwas gemacht" hätten, und großkotzig-sarkastisch den Internetführerschein gefordert. Ich maße mir selbst auch ausreichendes Basiswissen zu, was Systemsicherheit angeht. Bitte lacht mich deshalb nicht allzu laut aus...

- Ich hab schon versucht mir in einem anderen Forum Hilfe zu holen. Deshalb nochmal: Der Laptop wird ausschließlich legal benutzt. Weder lade ich Filme/Musik/Spiele/sonstige Daten, noch schaue ich illegale Streams. Bei dem Betriebssystem handelt es sich um ein Original.

Inhalt der OTL.txt
Code:
ATTFilter
OTL logfile created on: 04.12.2011 14:25:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\makkk\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,08% Memory free
3,00 Gb Paging File | 2,30 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,90 Gb Total Space | 33,04 Gb Free Space | 66,20% Space Free | Partition Type: NTFS
Drive M: | 98,09 Gb Total Space | 97,67 Gb Free Space | 99,57% Space Free | Partition Type: NTFS
Drive P: | 100,00 Gb Total Space | 79,78 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
Drive S: | 50,00 Gb Total Space | 49,60 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
 
Computer Name: MAKKK-PC | User Name: makkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.04 14:24:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\makkk\Desktop\OTL.exe
PRC - [2011.09.16 15:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.11.11 11:59:12 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.11.11 11:58:42 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 09:53:10 | 001,474,560 | ---- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.13 10:55:43 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.13 10:55:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 10:54:54 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.13 10:54:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.13 10:54:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.13 10:54:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.13 10:54:14 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.13 10:54:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.04.25 20:10:18 | 001,695,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3601.40336__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:18 | 000,368,640 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3601.40217__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:18 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3601.40236__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3601.40231__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3601.40226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:17 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3601.40306__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:17 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3601.40287__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3601.40225__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:17 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3601.40269__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3601.40259__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:16 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3601.40274__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:16 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3601.40316__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:16 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3601.40274__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3601.40273__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3601.40331__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3601.40307__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:15 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3601.40306__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3601.40306__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:15 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3601.40316__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:14 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3601.40332__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:14 | 000,823,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3601.40262__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:14 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3601.40282__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:14 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3601.40237__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3601.40261__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3601.40266__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3601.40266__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:13 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3601.40237__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:13 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3601.40260__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:13 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3601.40268__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:13 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3601.40241__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.04.25 20:10:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3601.40260__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3601.40241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3601.40261__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3601.40267__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.04.25 20:10:12 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.04.25 20:10:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3586.20615__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3586.20610__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3586.20627__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3586.20645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3586.20643__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3586.20625__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3586.20643__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.04.25 20:10:12 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.04.25 20:10:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3586.20597__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.04.25 20:10:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3586.20598__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.04.25 20:10:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3586.20623__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.04.25 20:10:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.04.25 20:10:10 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3586.20602__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.04.25 20:10:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.04.25 20:10:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3586.20661__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.04.25 20:10:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3586.20620__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.04.25 20:10:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3586.20619__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.04.25 20:10:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3586.20609__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.04.25 20:10:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll
MOD - [2010.04.25 20:10:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3586.20631__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.04.25 20:10:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.04.25 20:10:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3586.20616__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.04.25 20:10:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3586.20632__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3586.20608__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3586.20634__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3586.20641__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3586.20640__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3586.20644__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010.04.25 20:10:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3586.20634__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3586.20633__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3586.20623__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3586.20619__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3586.20621__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3586.20632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3586.20631__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3586.20614__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3586.20633__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3586.20625__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.04.25 20:10:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3586.20624__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.04.25 20:10:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3586.20615__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.04.25 20:10:07 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3601.40331__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.04.25 20:10:07 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3601.40301__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.04.25 20:10:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3601.40312__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.04.25 20:10:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3586.20614__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.04.25 20:10:07 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3601.40214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.04.25 20:10:06 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3601.40295__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.04.25 20:10:06 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3601.40230__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.04.25 20:10:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3601.40299__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.04.25 20:10:06 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3601.40216__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.04.25 20:10:06 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3601.40215__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.04.25 20:10:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3586.20627__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.04.25 20:10:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3586.20612__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.04.25 20:10:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3586.20605__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.04.25 20:10:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3586.20622__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.04.25 20:10:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3586.20620__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.04.25 20:10:05 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3601.40221__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.04.25 20:10:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3586.20618__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.04.25 20:10:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3586.20623__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.04.25 20:10:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3601.40213__90ba9c70f846762e\APM.Server.dll
MOD - [2010.04.25 20:10:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3601.40214__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.04.25 20:10:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.04.25 20:10:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3586.20635__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.04.25 20:10:04 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3601.40301__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- P:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.06 13:37:36 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 15:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 15:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.10.24 10:29:16 | 000,016,384 | R--- | M] () -- P:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008.02.14 12:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.16 19:32:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.16 15:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.12.23 17:30:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.25 07:44:02 | 002,404,168 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- P:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2009.11.11 11:58:42 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.04 14:19:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{957B86DE-4198-4E1B-BD79-B5E46DDBDB7C}\MpKsl8f083f14.sys -- (MpKsl8f083f14)
DRV - [2011.12.04 09:20:34 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{957B86DE-4198-4E1B-BD79-B5E46DDBDB7C}\MpKsl06ffed1d.sys -- (MpKsl06ffed1d)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.02.10 10:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.sys -- (WinUsb)
DRV - [2010.04.23 15:34:01 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2010.01.06 22:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009.11.11 12:34:10 | 005,092,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.11.11 12:34:10 | 005,092,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009.11.11 11:06:24 | 000,120,320 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.13 23:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009.07.09 15:08:30 | 001,066,496 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.06.06 01:14:40 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.05.05 21:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: p:\Program Files\Mozilla Firefox\components [2011.11.11 10:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: p:\Program Files\Mozilla Firefox\plugins [2011.07.24 02:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: P:\Program Files\Mozilla Thunderbird\components [2011.10.15 11:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: P:\Program Files\Mozilla Thunderbird\plugins [2011.06.18 13:15:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: P:\Program Files\Mozilla Firefox\components [2011.11.11 10:29:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: P:\Program Files\Mozilla Firefox\plugins [2011.07.24 02:08:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: P:\Program Files\Mozilla Thunderbird\components [2011.10.15 11:16:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: P:\Program Files\Mozilla Thunderbird\plugins [2011.06.18 13:15:56 | 000,000,000 | ---D | M]
 
[2010.04.23 20:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\makkk\AppData\Roaming\mozilla\Extensions
[2010.04.23 20:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\makkk\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.28 14:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\makkk\AppData\Roaming\mozilla\Firefox\Profiles\hbax2pv6.default\extensions
() (No name found) -- C:\USERS\MAKKK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HBAX2PV6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
 
O1 HOSTS File: ([2011.05.08 23:08:31 | 000,001,023 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] P:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\makkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.87 62.109.123.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F55D1D9-DE95-4389-A1E9-0760E8D43288}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6088D87D-8AE2-41C1-990F-3A19EC054069}: DhcpNameServer = 213.191.92.87 62.109.123.6
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\adobeworkgrouphelper.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\imageready.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\oodcnt.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshop.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\WINWORD.EXE: Debugger - P:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 14:24:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\makkk\Desktop\OTL.exe
[2011.12.03 23:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.03 23:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.06 10:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.06 10:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 14:24:16 | 000,631,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 14:24:16 | 000,597,064 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 14:24:16 | 000,121,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 14:24:16 | 000,100,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.04 14:24:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\makkk\Desktop\OTL.exe
[2011.12.04 14:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 14:18:56 | 000,581,856 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011.12.04 14:18:21 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 14:18:21 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 14:16:52 | 000,000,000 | ---- | M] () -- C:\Users\makkk\defogger_reenable
[2011.12.04 14:15:58 | 000,050,477 | ---- | M] () -- C:\Users\makkk\Desktop\Defogger.exe
[2011.12.03 23:55:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.14 09:48:49 | 000,302,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.04 14:16:52 | 000,000,000 | ---- | C] () -- C:\Users\makkk\defogger_reenable
[2011.12.04 14:16:19 | 000,050,477 | ---- | C] () -- C:\Users\makkk\Desktop\Defogger.exe
[2011.12.03 23:55:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.08 23:23:37 | 001,766,592 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.05.08 23:23:37 | 000,035,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.04.26 09:10:57 | 000,194,915 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010.04.26 09:10:57 | 000,001,075 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2010.04.25 20:04:20 | 000,001,018 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.04.25 20:04:19 | 000,195,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.04.23 16:36:08 | 000,000,017 | ---- | C] () -- C:\Users\makkk\AppData\Local\resmon.resmoncfg
[2010.04.23 13:53:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.08.26 09:29:24 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.08.26 09:29:23 | 000,631,460 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.08.26 09:29:23 | 000,121,200 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.08.26 09:29:23 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.08.20 06:47:58 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,597,064 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,100,334 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 16:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 19:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
 
========== LOP Check ==========
 
[2011.11.26 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\makkk\AppData\Roaming\ICQ
[2011.05.08 14:26:29 | 000,000,000 | ---D | M] -- C:\Users\makkk\AppData\Roaming\Octoshape
[2010.04.23 20:26:04 | 000,000,000 | ---D | M] -- C:\Users\makkk\AppData\Roaming\Thunderbird
[2011.06.26 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\makkk\AppData\Roaming\TuneUp Software
[2011.11.04 10:01:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.04.23 14:11:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.08.20 05:29:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.06 10:41:51 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.23 14:09:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.04 13:10:27 | 000,000,000 | ---D | M] -- C:\fff3ca47a22141924a138ab971724000
[2010.04.23 19:21:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.03 23:55:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.08 15:24:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.23 14:09:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.23 14:09:14 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.07.08 12:38:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.23 14:09:29 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.04 13:14:16 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-14 08:30:17
 
<           >

< End of report >

 

Themen zu Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff
asus, autorun, branding, c:\windows\system32\rundll32.exe, defender, dringend, druck, excel.exe, explorer, firefox, format, home, lache, logfile, maus, maßnahme, microsoft, microsoft security, mozilla thunderbird, netzwerk, pc probleme, plug-in, programme, registry, required, rundll, security, seiten, senden, software, suche, surfen, systemsicherheit, taskleiste, updates, viren, webcheck, windows-firewall, winlogon.exe


« Wie kann ich einen Keylogger erkennen? | Facebookvirus »


Ähnliche Themen: Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff


  1. Windows 8.1: Zugriff auf Router durch Fremdsoftware?
    Log-Analyse und Auswertung - 02.10.2015 (6)
  2. Remote-Schadsoftware kontrolliert gesamtes Heimnetzwerk: Manipulation des Windows-Remote-Systems
    Log-Analyse und Auswertung - 10.09.2015 (5)
  3. Remote Zugriff auf meinen Computer?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (15)
  4. Zugriff auf GMX durch dritte. Trojaner o.ä.?
    Log-Analyse und Auswertung - 24.05.2015 (5)
  5. Microsoft Betrüger Anruf und Pc Übernahme durch Haker
    Log-Analyse und Auswertung - 07.11.2014 (3)
  6. Windows 8.1 remote zugriff mit selbständiger Tastatureingabe
    Plagegeister aller Art und deren Bekämpfung - 13.10.2014 (3)
  7. Zugriff durch zugangsdaten ?
    Diskussionsforum - 04.04.2014 (1)
  8. GenVariant.Jaik.462, Zugriff durch rundll32.exe
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (10)
  9. 1.Trojan.Gen.2 in C:\windows 2. Remote-System versucht Zugriff
    Log-Analyse und Auswertung - 30.03.2013 (9)
  10. EADS stärkt durch Übernahme Geschäft mit IT-Sicherheit
    Nachrichten - 02.10.2012 (0)
  11. Zugriff auf System durch OTLPE
    Log-Analyse und Auswertung - 11.05.2012 (3)
  12. Account-Übernahme durch Lücke im Facebook-SDK
    Nachrichten - 12.04.2012 (0)
  13. Remote Zugriff auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (1)
  14. USA segnen McAfee-Übernahme durch Intel ab
    Nachrichten - 23.12.2010 (0)
  15. remote zugriff verschafft?
    Diskussionsforum - 20.12.2010 (1)
  16. Vermute Zugriff von außen durch einen Dritten!!!
    Log-Analyse und Auswertung - 13.08.2009 (21)
  17. Remote system versucht Zugriff! Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 30.05.2004 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff - Liebe Leute, ich benötige dringend Eure Hilfe. Was passiert ist: - seit ein paar Tagen hatte mein PC Probleme beim Booten. Es dauerte teilweise 5-10 Minuten, bis der Startvorgang abgeschlossen - Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff...
Archiv
Du betrachtest: Übernahme der Peripheriekontrolle durch unautorisierten Remote-Zugriff auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131