Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Hacker kontrolliert meinen PC

Hacker kontrolliert meinen PC


Plagegeister aller Art und deren Bekämpfung: Hacker kontrolliert meinen PC

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 20.11.2012, 17:00   #16
Verane
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Scan mit MBAR Malware 1 wurde gefunden und gelöscht. Habe 2 mal durchlaufen lassen. Der 2. Durchlauf war ohne, alles frei.

Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.03.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
angelika :: NOTEBOOK-ACER [administrator]

20.11.2012 16:20:20
mbar-log-2012-11-20 (16-20-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28116
Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot. [98696f25bf9e1f1779d5fdcbb14fd52b]

(end)
Wurde 1 Malware gefunden, beim 2 Suchdurchlauf nicht mehr.

Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.03.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
angelika :: NOTEBOOK-ACER [administrator]

20.11.2012 16:20:20
mbar-log-2012-11-20 (16-20-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28116
Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot. [98696f25bf9e1f1779d5fdcbb14fd52b]

(end)

Alt 20.11.2012, 17:05   #17
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Benutzt du ein Plugin namens Gutscheinmieze? Wenn ja bitte entfernen.
__________________

__________________
Alt 20.11.2012, 17:09   #18
Verane
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Schau mal nach.

Wie kann ich den finden?

finde ich nicht
__________________
Alt 20.11.2012, 17:19   #19
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Ich entferne es dir, nach dem Scan.

Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 20.11.2012, 17:56   #20
Verane
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Hallo Ryder, wie komme ich weiter? Was ist mit meinem Laptop?


Alt 20.11.2012, 18:34   #21
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Da ist nichts wirklich spannendes was auf eine Fernsteuerung hindeutet. Etwas Werbung haben wir entfernt.
__________________
--> Hacker kontrolliert meinen PC

Alt 20.11.2012, 18:41   #22
Verane
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Wie gewünscht der 2. Durchlauf.

Code:
ATTFilter
OTL logfile created on: 20.11.2012 17:59:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\angelika\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 77,53% Memory free
4,90 Gb Paging File | 4,04 Gb Available in Paging File | 82,29% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 143,89 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive H: | 62,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK-ACER | User Name: angelika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\angelika\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (DiskSec) -- C:\Windows\SysNative\drivers\disksec.sys (MAGIX)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121118.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121118.006\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121116.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121106.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DiskSec) -- C:\Windows\SysWow64\drivers\disksec.sys (MAGIX)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfoX64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE354DE354
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{78F2E912-2EB4-4D69-BE67-7C7716C28FCD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.06 11:31:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.11.20 17:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012.11.20 17:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 09:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 16:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 14:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.06 11:31:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 09:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 16:23:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 14:15:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.19 14:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Extensions
[2009.12.19 14:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.19 03:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Firefox\Profiles\dxmocsyu.default\extensions
[2011.06.28 07:30:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\angelika\AppData\Roaming\mozilla\Firefox\Profiles\dxmocsyu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.23 05:30:50 | 000,209,961 | ---- | M] () (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi
[2011.12.25 08:23:11 | 000,002,419 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 08:23:11 | 000,010,525 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\gmx-suche.xml
[2011.12.25 08:23:11 | 000,002,457 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\lastminute.xml
[2011.12.25 08:23:11 | 000,005,508 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\webde-suche.xml
[2012.11.19 03:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 17:59:33 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2012.10.29 09:31:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.11.20 09:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C1A88FF-BE22-42E7-BDD5-374B265A3925}: NameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6797BDB-CDC7-4F27-9A64-952592E2F213}: DhcpNameServer = 192.168.100.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 17:27:53 | 000,000,000 | ---D | C] -- C:\Users\angelika\Documents\.plugins
[2012.11.20 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\angelika\Desktop\Neuer Ordner
[2012.11.20 09:47:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.20 09:31:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 09:31:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 09:31:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 08:54:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 08:54:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.19 08:36:47 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys
[2012.11.19 08:36:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys
[2012.11.19 08:36:47 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys
[2012.11.19 08:36:47 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys
[2012.11.19 08:36:47 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys
[2012.11.19 08:36:47 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys
[2012.11.19 08:36:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0502020.003
[2012.11.18 19:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\angelika\Desktop\OTL.exe
[2012.11.18 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Malwarebytes
[2012.11.18 17:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.18 16:31:44 | 000,000,000 | ---D | C] -- C:\2ee80120ce644b9489ce6ebf1aa1ab
[2012.11.18 16:31:10 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.11.18 15:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.11.18 15:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2012.11.18 09:12:55 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Tific
[2012.11.18 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Local\Symantec
[2012.11.17 12:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.11.17 12:32:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012.11.17 12:31:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012.11.17 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012.11.17 12:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012.11.17 12:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012.11.17 12:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012.11.17 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012.11.17 12:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.11.17 10:39:47 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012.11.04 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\angelika\Desktop\Für Rechtsanwalt
[2012.11.01 14:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.29 09:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.23 05:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.23 05:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.23 05:30:56 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\convert
[2012.10.23 05:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012.10.23 04:12:21 | 000,000,000 | ---D | C] -- C:\Users\angelika\Videos
[2012.10.22 08:30:24 | 000,000,000 | ---D | C] -- C:\Users\angelika\Documents\PHOTUX
[2012.10.22 07:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.22 07:06:49 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\No Company Name
[2010.03.21 09:42:48 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
[5 C:\Users\angelika\Desktop\*.tmp files -> C:\Users\angelika\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 18:06:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 18:06:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 17:58:54 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\MxTray.job
[2012.11.20 17:58:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2012.11.20 17:58:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.20 17:58:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.11.20 17:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 17:57:56 | 3144,773,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 17:12:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.20 17:11:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.11.20 09:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.20 09:03:20 | 001,520,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 09:03:20 | 000,661,854 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 09:03:20 | 000,623,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 09:03:20 | 000,133,990 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 09:03:20 | 000,109,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 09:00:47 | 000,001,395 | ---- | M] () -- C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk
[2012.11.20 09:00:47 | 000,001,246 | ---- | M] () -- C:\Users\angelika\Desktop\Norton Download Manager.lnk
[2012.11.20 08:55:42 | 000,000,799 | ---- | M] () -- C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk
[2012.11.20 08:23:16 | 000,002,381 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.11.20 08:22:52 | 002,247,396 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012.11.19 08:57:27 | 000,000,512 | ---- | M] () -- C:\Users\angelika\Desktop\MBR.dat
[2012.11.19 03:14:19 | 000,000,000 | ---- | M] () -- C:\Users\angelika\defogger_reenable
[2012.11.18 18:41:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelika\Desktop\OTL.exe
[2012.11.18 15:42:23 | 003,668,863 | ---- | M] () -- C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv
[2012.11.18 15:24:52 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.11.17 12:33:34 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.11.17 12:33:34 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.11.17 12:33:34 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.11.17 12:13:36 | 005,180,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.29 16:40:57 | 000,197,511 | ---- | M] () -- C:\Users\angelika\Documents\Kündigungsschreiben von Dammann.pdf
[2012.10.23 05:37:01 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.23 05:31:14 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.22 07:30:06 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[5 C:\Users\angelika\Desktop\*.tmp files -> C:\Users\angelika\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.20 09:31:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 09:31:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 09:31:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 09:31:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 09:31:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.20 08:55:42 | 000,000,799 | ---- | C] () -- C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk
[2012.11.20 08:22:00 | 002,247,396 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012.11.19 08:57:27 | 000,000,512 | ---- | C] () -- C:\Users\angelika\Desktop\MBR.dat
[2012.11.19 08:36:47 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\iron.cat
[2012.11.19 08:36:47 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.cat
[2012.11.19 08:36:47 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.cat
[2012.11.19 08:36:47 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.cat
[2012.11.19 08:36:47 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnet64.cat
[2012.11.19 08:36:47 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa.inf
[2012.11.19 08:36:47 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds.inf
[2012.11.19 08:36:47 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnet.inf
[2012.11.19 08:36:47 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.inf
[2012.11.19 08:36:47 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.inf
[2012.11.19 08:36:47 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\iron.inf
[2012.11.19 08:36:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.cat
[2012.11.19 08:36:22 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\isolate.ini
[2012.11.19 03:14:19 | 000,000,000 | ---- | C] () -- C:\Users\angelika\defogger_reenable
[2012.11.18 15:42:20 | 003,668,863 | ---- | C] () -- C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv
[2012.11.18 15:24:52 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.11.17 12:33:29 | 000,002,381 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.11.17 12:18:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012.11.17 11:49:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 11:40:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.17 10:39:47 | 000,001,395 | ---- | C] () -- C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk
[2012.11.17 10:39:47 | 000,001,246 | ---- | C] () -- C:\Users\angelika\Desktop\Norton Download Manager.lnk
[2012.10.29 16:40:54 | 000,197,511 | ---- | C] () -- C:\Users\angelika\Documents\Kündigungsschreiben von Dammann.pdf
[2012.10.24 07:25:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.10.23 05:37:01 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.23 05:31:14 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.22 07:30:06 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.22 07:30:05 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.10 08:44:55 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI
[2011.12.30 07:04:52 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.24 07:56:43 | 000,007,616 | ---- | C] () -- C:\Users\angelika\AppData\Local\resmon.resmoncfg
[2011.09.24 06:26:55 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011.09.24 06:26:00 | 001,557,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.05 06:01:30 | 000,000,096 | ---- | C] () -- C:\Users\angelika\AppData\Local\fusioncache.dat
[2011.03.29 11:59:32 | 000,001,216 | ---- | C] () -- C:\Users\angelika\Spiele - Verknüpfung.lnk
[2011.02.22 11:22:46 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2010.11.07 05:21:42 | 000,003,728 | ---- | C] () -- C:\Users\angelika\.recently-used.xbel
[2010.09.18 08:11:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.01.22 08:10:57 | 000,001,028 | ---- | C] () -- C:\Users\angelika\AppData\Roaming\WavCodec.wff
[2009.11.23 03:05:18 | 000,000,120 | ---- | C] () -- C:\Users\angelika\AppData\Roaming\wklnhst.dat
[2009.11.22 07:35:48 | 000,015,360 | ---- | C] () -- C:\Users\angelika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009.12.24 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\7-PDFMaker
[2010.08.09 06:31:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\AnvSoft
[2009.12.30 08:22:54 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Artweaver
[2010.01.13 09:46:20 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Broad Intelligence
[2009.12.27 17:25:59 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Canon
[2012.04.08 07:17:25 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\capella-software
[2010.01.04 10:06:31 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CasaPortale.de
[2011.11.23 08:58:21 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\ChessBase
[2012.11.20 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\convert
[2011.02.16 07:47:28 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Cornelsen
[2009.12.07 13:13:34 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CoSoSys
[2011.11.19 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CrashLog
[2011.09.24 06:10:25 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Cuttermaran
[2011.12.30 06:55:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.10.30 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DesktopIconForAmazon
[2012.01.06 09:42:57 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DVDVideoSoft
[2011.06.28 07:30:11 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.13 07:25:08 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Engelmann Media
[2011.01.30 05:15:37 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\eSobi
[2010.08.17 10:11:10 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FairStars Audio Converter
[2010.08.17 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FreeAudioPack
[2010.08.17 11:19:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FreeCDRipper
[2009.12.27 15:24:51 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\GameConsole
[2010.01.04 09:16:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\gtk-2.0
[2009.12.31 10:01:26 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\inkscape
[2012.09.01 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\IrfanView
[2011.02.01 11:29:37 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Kaleider
[2009.12.30 23:57:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\KC Softwares
[2011.09.24 05:28:59 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Leawo
[2012.03.31 08:33:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MAGIX
[2012.10.23 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MAGIX Fotobuch
[2011.10.22 03:46:24 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MusE
[2010.08.17 10:05:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\NCH Swift Sound
[2012.10.22 07:06:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\No Company Name
[2011.11.19 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\OnDemandDump
[2011.01.29 11:00:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PhotoEchoes
[2012.07.05 20:41:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PhotoScape
[2010.08.07 09:48:29 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PianoBooster
[2010.03.10 12:21:09 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PixelPlanet
[2011.11.29 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PlayFirst
[2010.08.11 11:58:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\proDAD
[2010.08.07 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Propellerhead Software
[2010.01.04 09:13:28 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\RawTherapee
[2010.01.22 07:52:42 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Recordpad
[2012.06.06 06:38:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Screenbrush
[2011.10.05 06:54:10 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Serif
[2012.10.20 07:19:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\SPlayer
[2010.03.10 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\SplitTile
[2009.11.30 14:03:58 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Template
[2009.12.19 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Thunderbird
[2012.11.18 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tific
[2010.03.19 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tobit
[2010.03.10 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tracker Software
[2010.10.17 09:49:00 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Ulead Systems
[2011.01.30 04:47:57 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Uniblue
[2011.12.09 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Visan
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:054B9966
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:31D9EFCC
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C59E90A4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AE77C4CC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BFE23423
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >
Zitat:
Da ist nichts wirklich spannendes was auf eine Fernsteuerung hindeutet. Etwas Werbung haben wir entfernt.
Mein DVD Laufwerk funktioniert seit einiger Zeit auch nicht. Will Zugang zum Internet. Ist doch auch komisch. Und meine verschwundenen Ordner mit sensiblen Daten, die habe ich ganz sicher nicht gelöscht. Dann noch Hinweise von Norton, dass auf meine Prozessdaten zugegriffen werden will. Aber Norton blockiert hätte.

Alt 20.11.2012, 18:58   #23
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Ich möchte dir ja auch sehr gerne helfen, aber in den Logfiles sehe ich nichts ungewöhnliches.

Eine Sache können wir noch probieren:

Scan mit Farbar's Recovery Scan Tool (FRST 64bit)

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 21.11.2012, 15:10   #24
Verane
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Hab nur gescannt, wie weiter?

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by angelika at 21-11-2012 14:48:19
Running from C:\Users\angelika\Desktop
   (X64) OS Language: German Standard 
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-21 14:43 - 2012-11-21 14:43 - 00000000 ____D C:\FRST
2012-11-20 17:27 - 2012-11-20 17:27 - 00000000 ____D C:\Users\angelika\Documents\.plugins
2012-11-20 15:56 - 2012-11-20 15:59 - 00000000 ____D C:\Users\angelika\Desktop\Neuer Ordner
2012-11-20 09:54 - 2012-11-20 09:54 - 00021770 ____A C:\ComboFix.txt
2012-11-20 09:31 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-20 09:31 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-20 09:31 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-20 09:31 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-20 09:31 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-20 09:31 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-20 09:31 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-20 09:31 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-20 08:55 - 2012-11-20 08:55 - 00000799 ____A C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk
2012-11-20 08:54 - 2012-11-20 09:54 - 00000000 ____D C:\Qoobox
2012-11-20 08:54 - 2012-11-20 09:50 - 00000000 ____D C:\Windows\erdnt
2012-11-19 08:57 - 2012-11-19 08:57 - 00001916 ____A C:\Users\angelika\Desktop\aswMBR.txt
2012-11-19 08:57 - 2012-11-19 08:57 - 00000512 ____A C:\Users\angelika\Desktop\MBR.dat
2012-11-19 03:14 - 2012-11-19 03:14 - 00000000 ____A C:\Users\angelika\defogger_reenable
2012-11-19 03:05 - 2012-11-19 03:05 - 00076086 ____A C:\AdwCleaner[S1].txt
2012-11-18 20:05 - 2012-11-18 20:05 - 00100450 ____A C:\Users\angelika\Desktop\Extras.Txt
2012-11-18 20:01 - 2012-11-20 18:14 - 00115964 ____A C:\Users\angelika\Desktop\OTL.Txt
2012-11-18 19:34 - 2012-11-18 18:41 - 00602112 ____A (OldTimer Tools) C:\Users\angelika\Desktop\OTL.exe
2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Malwarebytes
2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\Windows\CheckSur
2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\2ee80120ce644b9489ce6ebf1aa1ab
2012-11-18 15:42 - 2012-11-18 15:42 - 03668863 ____A C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv
2012-11-18 15:30 - 2012-11-18 15:30 - 00004078 ____A C:\Users\angelika\Downloads\german.zip
2012-11-18 15:24 - 2012-11-18 15:40 - 00000000 ____D C:\Program Files (x86)\MozBackup
2012-11-18 15:24 - 2012-11-18 15:24 - 01035926 ____A C:\Users\angelika\Downloads\MozBackup-1.5.1-EN.exe
2012-11-18 15:24 - 2012-11-18 15:24 - 00001035 ____A C:\Users\Public\Desktop\MozBackup.lnk
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Tific
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Local\Symantec
2012-11-17 12:33 - 2012-11-20 08:23 - 00002381 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-11-17 12:33 - 2012-11-17 12:33 - 00000000 ____D C:\Program Files\Symantec
2012-11-17 12:33 - 2010-08-21 04:59 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-17 12:32 - 2012-11-20 08:23 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-11-17 12:31 - 2012-11-17 12:32 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-11-17 12:18 - 2012-07-26 06:32 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-11-17 12:18 - 2012-07-26 06:32 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-11-17 11:49 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-17 11:49 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-17 11:49 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-17 11:49 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-17 11:42 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-17 11:42 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-17 11:42 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-17 11:42 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-17 11:42 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-17 11:42 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-17 11:42 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-17 11:42 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-17 11:42 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-17 11:42 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-17 11:42 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-17 11:42 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-17 11:42 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-17 11:42 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-17 11:42 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-17 11:42 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-17 11:42 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-17 11:42 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-17 11:42 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-17 11:42 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-17 11:42 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-17 11:41 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-17 11:41 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-17 11:41 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-17 11:41 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-17 11:41 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-17 11:41 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-17 11:41 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-17 11:41 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-17 11:41 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-17 11:41 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-17 11:41 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-17 11:40 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-17 11:40 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-17 11:40 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-17 11:40 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-17 11:40 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 11:40 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-17 11:40 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-17 11:40 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-17 11:15 - 2012-11-17 11:15 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader(1).exe
2012-11-17 10:44 - 2012-09-25 23:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-17 10:44 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-17 10:39 - 2012-11-20 09:00 - 00001395 ____A C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk
2012-11-17 10:39 - 2012-11-20 09:00 - 00001246 ____A C:\Users\angelika\Desktop\Norton Download Manager.lnk
2012-11-17 10:39 - 2012-11-17 10:39 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader.exe
2012-11-04 15:18 - 2012-11-17 13:17 - 00000000 ____D C:\Users\angelika\Desktop\Für Rechtsanwalt
2012-11-01 14:15 - 2012-11-01 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-10-29 09:31 - 2012-10-29 09:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-24 07:04 - 2012-11-21 10:20 - 00007616 ____A C:\Windows\setupact.log
2012-10-24 07:04 - 2012-11-20 16:24 - 00045246 ____A C:\Windows\PFRO.log
2012-10-24 07:04 - 2012-10-24 07:04 - 00000000 ____A C:\Windows\setuperr.log
2012-10-23 05:37 - 2012-10-23 05:37 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-23 05:36 - 2012-10-23 05:37 - 00000000 ____D C:\Program Files\CCleaner
2012-10-23 05:31 - 2012-10-23 05:31 - 00000009 ____A C:\END
2012-10-23 05:30 - 2012-11-20 09:43 - 00000000 ____D C:\Users\angelika\AppData\Roaming\convert
2012-10-23 05:30 - 2012-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-10-23 05:24 - 2012-10-23 05:24 - 01068800 ____A C:\Users\angelika\Downloads\CCleaner-Setup.exe
2012-10-22 08:30 - 2012-10-23 06:27 - 00000000 ____D C:\Users\angelika\Documents\PHOTUX
2012-10-22 08:19 - 2012-10-22 08:19 - 00522017 ____A (hxxp://www.TOPSYS.net) C:\Users\angelika\Downloads\FotobuchProfi.exe
2012-10-22 07:30 - 2012-11-01 18:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-22 07:30 - 2012-10-22 07:30 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-22 07:06 - 2012-10-22 07:06 - 00000000 ____D C:\Users\angelika\AppData\Roaming\No Company Name


==================== One Month Modified Files and Folders =======

2012-11-21 14:45 - 2009-09-20 16:09 - 00661854 ____A C:\Windows\System32\perfh007.dat
2012-11-21 14:45 - 2009-09-20 16:09 - 00133990 ____A C:\Windows\System32\perfc007.dat
2012-11-21 14:45 - 2009-07-14 06:13 - 01520238 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-21 14:43 - 2012-11-21 14:43 - 00000000 ____D C:\FRST
2012-11-21 14:40 - 2009-09-20 06:17 - 01646562 ____A C:\Windows\WindowsUpdate.log
2012-11-21 14:39 - 2011-10-30 12:56 - 00000330 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2012-11-21 14:39 - 2010-02-07 11:50 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-21 13:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2012-11-21 10:20 - 2012-10-24 07:04 - 00007616 ____A C:\Windows\setupact.log
2012-11-21 08:12 - 2010-02-07 11:50 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-21 08:10 - 2012-11-21 14:48 - 01461037 ____A (Farbar) C:\Users\angelika\Desktop\FRST64.exe
2012-11-21 07:43 - 2009-07-14 05:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-21 07:43 - 2009-07-14 05:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-21 07:36 - 2012-04-08 07:06 - 00000332 ____A C:\Windows\Tasks\PCCT - MAGIX AG.job
2012-11-21 07:36 - 2012-03-23 09:29 - 00000284 ____A C:\Windows\Tasks\MxTray.job
2012-11-21 07:36 - 2010-10-07 16:37 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2012-11-21 07:36 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 18:14 - 2012-11-18 20:01 - 00115964 ____A C:\Users\angelika\Desktop\OTL.Txt
2012-11-20 17:27 - 2012-11-20 17:27 - 00000000 ____D C:\Users\angelika\Documents\.plugins
2012-11-20 16:24 - 2012-10-24 07:04 - 00045246 ____A C:\Windows\PFRO.log
2012-11-20 16:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-20 15:59 - 2012-11-20 15:56 - 00000000 ____D C:\Users\angelika\Desktop\Neuer Ordner
2012-11-20 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-11-20 09:54 - 2012-11-20 09:54 - 00021770 ____A C:\ComboFix.txt
2012-11-20 09:54 - 2012-11-20 08:54 - 00000000 ____D C:\Qoobox
2012-11-20 09:54 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2012-11-20 09:50 - 2012-11-20 08:54 - 00000000 ____D C:\Windows\erdnt
2012-11-20 09:46 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-11-20 09:43 - 2012-10-23 05:30 - 00000000 ____D C:\Users\angelika\AppData\Roaming\convert
2012-11-20 09:00 - 2012-11-17 10:39 - 00001395 ____A C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk
2012-11-20 09:00 - 2012-11-17 10:39 - 00001246 ____A C:\Users\angelika\Desktop\Norton Download Manager.lnk
2012-11-20 09:00 - 2012-03-02 13:23 - 00000000 ____D C:\Users\All Users\Norton
2012-11-20 08:55 - 2012-11-20 08:55 - 00000799 ____A C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk
2012-11-20 08:23 - 2012-11-17 12:33 - 00002381 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-11-20 08:23 - 2012-11-17 12:32 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-11-19 08:57 - 2012-11-19 08:57 - 00001916 ____A C:\Users\angelika\Desktop\aswMBR.txt
2012-11-19 08:57 - 2012-11-19 08:57 - 00000512 ____A C:\Users\angelika\Desktop\MBR.dat
2012-11-19 03:14 - 2012-11-19 03:14 - 00000000 ____A C:\Users\angelika\defogger_reenable
2012-11-19 03:14 - 2009-11-22 01:43 - 00000000 ____D C:\users\angelika
2012-11-19 03:08 - 2009-12-27 16:33 - 00000000 ____D C:\Users\angelika\Documents\MAGIX_MxTray
2012-11-19 03:05 - 2012-11-19 03:05 - 00076086 ____A C:\AdwCleaner[S1].txt
2012-11-19 03:01 - 2011-04-29 06:38 - 00000000 ____D C:\Users\angelika\Desktop\Termine Veranstaltungen 2012 ToDoListe
2012-11-18 20:05 - 2012-11-18 20:05 - 00100450 ____A C:\Users\angelika\Desktop\Extras.Txt
2012-11-18 18:41 - 2012-11-18 19:34 - 00602112 ____A (OldTimer Tools) C:\Users\angelika\Desktop\OTL.exe
2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Malwarebytes
2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\Windows\CheckSur
2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\2ee80120ce644b9489ce6ebf1aa1ab
2012-11-18 16:14 - 2009-11-21 20:01 - 00000000 ____D C:\Daten-Angelika
2012-11-18 15:42 - 2012-11-18 15:42 - 03668863 ____A C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv
2012-11-18 15:40 - 2012-11-18 15:24 - 00000000 ____D C:\Program Files (x86)\MozBackup
2012-11-18 15:30 - 2012-11-18 15:30 - 00004078 ____A C:\Users\angelika\Downloads\german.zip
2012-11-18 15:24 - 2012-11-18 15:24 - 01035926 ____A C:\Users\angelika\Downloads\MozBackup-1.5.1-EN.exe
2012-11-18 15:24 - 2012-11-18 15:24 - 00001035 ____A C:\Users\Public\Desktop\MozBackup.lnk
2012-11-18 14:21 - 2012-01-11 09:07 - 00000000 ____D C:\Users\angelika\Desktop\Keyborard Harmonielehre und Klavier
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Tific
2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Local\Symantec
2012-11-17 13:17 - 2012-11-04 15:18 - 00000000 ____D C:\Users\angelika\Desktop\Für Rechtsanwalt
2012-11-17 13:02 - 2009-11-22 01:43 - 00194104 ____A C:\Users\angelika\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 12:33 - 2012-11-17 12:33 - 00000000 ____D C:\Program Files\Symantec
2012-11-17 12:33 - 2012-03-02 13:24 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-11-17 12:33 - 2012-03-02 13:24 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-11-17 12:32 - 2012-11-17 12:31 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-11-17 12:13 - 2009-07-14 05:45 - 05180312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-17 11:53 - 2009-09-01 02:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-17 11:40 - 2009-07-14 03:34 - 00000510 ____A C:\Windows\win.ini
2012-11-17 11:15 - 2012-11-17 11:15 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader(1).exe
2012-11-17 10:39 - 2012-11-17 10:39 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader.exe
2012-11-17 10:39 - 2012-04-21 08:19 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-11-17 10:35 - 2010-09-15 18:22 - 00000000 ____D C:\users\Ulli
2012-11-17 10:34 - 2012-03-02 13:24 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-11-17 10:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-11-15 08:30 - 2012-03-02 08:22 - 00000000 ____D C:\Users\angelika\Desktop\Ausflüge und Freizeit und Urlaub
2012-11-01 18:57 - 2012-10-22 07:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-01 17:53 - 2012-11-01 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-10-29 09:31 - 2012-10-29 09:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-29 07:58 - 2009-11-21 20:02 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Adobe
2012-10-24 07:26 - 2009-08-31 20:24 - 00000000 ____D C:\Users\All Users\Adobe
2012-10-24 07:25 - 2009-08-31 20:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-10-24 07:24 - 2009-11-23 03:54 - 00000000 ____D C:\Users\angelika\AppData\Local\Adobe
2012-10-24 07:04 - 2012-10-24 07:04 - 00000000 ____A C:\Windows\setuperr.log
2012-10-23 06:27 - 2012-10-22 08:30 - 00000000 ____D C:\Users\angelika\Documents\PHOTUX
2012-10-23 05:42 - 2012-10-23 05:30 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-10-23 05:40 - 2012-04-08 07:02 - 00000000 ____D C:\Users\angelika\AppData\Local\CrashDumps
2012-10-23 05:40 - 2009-07-27 21:41 - 00000000 ____D C:\Windows\Panther
2012-10-23 05:37 - 2012-10-23 05:37 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-23 05:37 - 2012-10-23 05:36 - 00000000 ____D C:\Program Files\CCleaner
2012-10-23 05:31 - 2012-10-23 05:31 - 00000009 ____A C:\END
2012-10-23 05:24 - 2012-10-23 05:24 - 01068800 ____A C:\Users\angelika\Downloads\CCleaner-Setup.exe
2012-10-23 04:29 - 2010-09-20 02:19 - 00000000 ____D C:\Users\angelika\AppData\Roaming\MAGIX Fotobuch
2012-10-22 08:19 - 2012-10-22 08:19 - 00522017 ____A (hxxp://www.TOPSYS.net) C:\Users\angelika\Downloads\FotobuchProfi.exe
2012-10-22 07:30 - 2012-10-22 07:30 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-22 07:06 - 2012-10-22 07:06 - 00000000 ____D C:\Users\angelika\AppData\Roaming\No Company Name

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2012-11-18 22:16:03
Restore point made on: 2012-11-19 03:00:41
Restore point made on: 2012-11-19 09:04:59
Restore point made on: 2012-11-20 09:57:46
Restore point made on: 2012-11-20 16:23:25

==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3998.79 MB
Available physical RAM: 2667.71 MB
Total Pagefile: 5020.93 MB
Available Pagefile: 3683.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:143.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:30.22 GB) (Free:28.07 GB) FAT32
6 Drive h: () (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B         
  Datentr„ger 1    Kein Medium        0 B      0 B         
  Datentr„ger 2    Online           30 GB      0 B         
  Datentr„ger 3    Kein Medium        0 B      0 B         
  Datentr„ger 4    Kein Medium        0 B      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    11 GB  1024 KB
  Partition 2    Prim„r             100 MB    11 GB
  Partition 3    Prim„r             453 GB    11 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         PQSERVICE    NTFS   Partition     11 GB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre  System (partition with boot components)  

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   ACER         NTFS   Partition    453 GB  Fehlerfre  Startpar

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   ACER         NTFS   Partition    453 GB  Fehlerfre  Startpar

=========================================================

Partitions of Disk 2:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r              30 GB  4096 KB

==================================================================================

Disk: 2
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     E                FAT32  Wechselmed    30 GB  Fehlerfre          

=========================================================

Disk: 2
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     E                FAT32  Wechselmed    30 GB  Fehlerfre          

=========================================================

Last Boot: 2012-11-20 15:02

==================== End Of Log =============================

Alt 21.11.2012, 17:32   #25
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Zitat:
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
Leider falsch gescannt. Bitte wiederholen!
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 23.11.2012, 17:25   #26
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 24.11.2012, 10:41   #27
ryder
/// TB-Ausbilder
 
Hacker kontrolliert meinen PC - Standard

Hacker kontrolliert meinen PC


Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Antwort
Seite 2 von 2 1 2

Themen zu Hacker kontrolliert meinen PC
ahnung, brauche, dringend, einfach, hacker, hacker angriff, hilft, inter, interne, internet, kontrolle, kontrolliert, neu, norton, plötzlich, schnelle, schnelle hilfe, system, system neu, tipps, verbindung, wirklich


« Ordner können nicht gelöscht werden, Programme werden nicht gefunden | Probleme bei der Aktualisierung von AVIRA »


Ähnliche Themen: Hacker kontrolliert meinen PC


  1. Internetverbindung wird kontrolliert
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (9)
  2. Microsoft lässt Regierungen kontrolliert in den Quellcode blicken
    Nachrichten - 03.06.2015 (0)
  3. internet wird kontrolliert-Chrome
    Plagegeister aller Art und deren Bekämpfung - 31.05.2015 (11)
  4. Internetverbindung wird kontrolliert
    Plagegeister aller Art und deren Bekämpfung - 02.05.2015 (11)
  5. Internetverbindung wird kontrolliert
    Plagegeister aller Art und deren Bekämpfung - 18.10.2014 (1)
  6. Troj/Necurs-M in C:\WINDOWS\system32\drivers\d8146e3232754481.sys -- greift Hacker auf meinen PC zu?
    Log-Analyse und Auswertung - 03.11.2012 (5)
  7. lost+found: Hacker-Fehlalarm, Hacker-Sündenbock, Captcha-Hacker, Hacker-Apps
    Nachrichten - 02.11.2012 (0)
  8. Skypevirus: Kontrolliert und verbreitet sich selber...
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (1)
  9. Hacker greift dauernt auf meinen rechner zu ( ip durch hamachi -.-)
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (9)
  10. Scripts auf meinen Homepages / Hacker ?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2010 (6)
  11. Hacker kontrolliert meine Rechner trotz Formation der Festplatte!
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (21)
  12. Wird mein PC von außen kontrolliert?
    Log-Analyse und Auswertung - 21.12.2008 (8)
  13. Wer kontrolliert meinen Computer?
    Mülltonne - 20.12.2008 (0)
  14. Bitte kontrolliert den login
    Log-Analyse und Auswertung - 17.12.2007 (6)
  15. Hilft mir ein hacker auf meinen pc
    Antiviren-, Firewall- und andere Schutzprogramme - 28.10.2007 (4)
  16. Hilfeeee Hacker auf meinen Pc
    Mülltonne - 18.05.2007 (1)
  17. Hatte VIREN, wer kontrolliert mein HJT Logfile? BITTE!
    Log-Analyse und Auswertung - 03.10.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hacker kontrolliert meinen PC - Scan mit MBAR Malware 1 wurde gefunden und gelöscht. Habe 2 mal durchlaufen lassen. Der 2. Durchlauf war ohne, alles frei. Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org - Hacker kontrolliert meinen PC...
Archiv
Du betrachtest: Hacker kontrolliert meinen PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131