| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "We are Hacked"- MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2013, 14:17
| #1 |
 |  "We are Hacked"- Meldung Hallo, ich habe heute "unglücklich" auf ein Link bei FB geklickt. Es öffnete sich eine schwarze Seite, mit grüner Schrift. Groß oben stand "We are Hacked". Darunter stand noch mehr, habe aber sofort die Seite geschlossen. Nun möchte ich wissen....wurde ich gehackt oder wurden Schadprogramme auf mein Laptop geschleust? Sandbox verwende ich. CC Cleaner habe ich drüberlaufen lassen. Da dann alles behoben. Beim Öffnen der Seite, um OTL herunterzuladen, kommt leider die Meldung "Fehler: Netzwerk-Zeitüberschreitung". Könnt ihr mir bitte weiterhelfen? Dank im voraus. Geändert von Kékfrankos (07.06.2013 um 14:51 Uhr) |
|
07.06.2013, 14:51
| #2 |
| /// the machine /// TB-Ausbilder    | "We are Hacked"- Meldung Hi,
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ |
|
07.06.2013, 14:55
| #3 |
| | "We are Hacked"- Meldung Hallo Schrauber. Ich habe versucht, die OTL Seite zuöffnen (Habe es oben editiert). Da kommt immer "Netzwerk-Zeitüberschreitung".
__________________ |
|
07.06.2013, 15:00
| #4 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- Meldung Von nem anderen PC laden, Stick, rüber auf den PC hier, laufen lassen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2013, 15:18
| #5 |
| | "We are Hacked"- Meldung Ich habe leider kein Stick, habe aber ein Alternativdownload gefunden. Hier die Logs: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.06.2013 16:00:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\André\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 32,75% Memory free
6,09 Gb Paging File | 2,61 Gb Available in Paging File | 42,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 28,66 Gb Free Space | 19,88% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 62,67 Gb Free Space | 43,47% Space Free | Partition Type: NTFS
Computer Name: ANDRÉ-PC | User Name: André | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09069EA3-8F73-4F5E-8393-22D767DC5118}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0CCBA1A4-E776-4F5B-9F50-CB7ADCDEF3B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00938E78-141B-448D-B9C7-2325B9767DFB}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa manager 13\manager13.exe |
"{04E78D02-657F-4D45-8C93-1A84BCCDC8E0}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{05614D2A-EDC0-466A-9652-4C2B277D4184}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{060CDED8-83B1-447F-A3B4-3461507489E5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{0C6E0F10-7302-4C2B-8930-67DB8668572A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{174BDFC6-5957-4BEA-BC23-14F8680CF8FD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{1CB0F133-A93D-400D-B414-1EEB832DBEA3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2A2ED0F3-2465-4881-B1AA-B63E8CDE7628}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2D77D3E7-937F-4BA1-B08E-3D2D8F78E662}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2E0D6B29-0E50-48FC-A5D3-63A9839CFF14}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{32C776B1-88B3-498B-BDDD-382E5DA221A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5143AFC6-D586-40CC-A0EB-EE8154EA2BFF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5426B4D8-11C5-4418-B531-70355A855A0D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5CA83A55-0BE2-4BB4-AD60-86DA0223D797}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7B4DB9D8-0411-49AD-B5A0-AF4CF3D7C505}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{880770E0-E22F-4199-A14D-668F304A1E64}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{B21CB3B2-AB05-4F16-AD61-C31254C957E8}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa manager 13\manager13.exe |
"{BC6B9988-EAC2-4DD5-9D68-DEDC84C63626}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C815E185-D1CB-49C9-ADE5-0C3CA3A3EC04}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{C9361CDA-5327-41E0-986C-6AC76875DDCA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DD454E4D-9C61-4C8B-BFCA-909BA829AB37}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{DFC257AA-6D1B-4855-9692-0AD178EDA1BD}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EDB00631-7B9E-47BF-9109-89803C79F2FC}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{FF428371-A23D-4465-9338-4E82B8CE62F3}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"TCP Query User{26905F2E-E73A-4BE4-84AE-78AA847B2F80}C:\program files\common files\nokia\fuse\fuse.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\fuse\fuse.exe |
"TCP Query User{612267D1-9703-4A4C-88D2-05AAC4B59B6D}C:\program files\nokia\phoenix\phoenix.exe" = protocol=6 | dir=in | app=c:\program files\nokia\phoenix\phoenix.exe |
"TCP Query User{F1FB0FBB-893E-413B-8095-CCA5E0E65826}C:\program files\common files\nokia\fuse\fuseservice.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\fuse\fuseservice.exe |
"UDP Query User{0938D49B-932A-4E91-A2DA-BFA31AD85CB8}C:\program files\nokia\phoenix\phoenix.exe" = protocol=17 | dir=in | app=c:\program files\nokia\phoenix\phoenix.exe |
"UDP Query User{9375A4E9-7224-4ADD-B2C5-71EC8325FB50}C:\program files\common files\nokia\fuse\fuseservice.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\fuse\fuseservice.exe |
"UDP Query User{B5A3FF06-3165-46C0-A112-C27F9F6D5186}C:\program files\common files\nokia\fuse\fuse.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\fuse\fuse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD935EA-AA51-4271-8668-F64F34D67CD7}" = Phoenix Service Software
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{2FF5FC32-B2AC-4505-A381-350670AA46D4}" = Fuse Drivers
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"AceIt_is1" = AceIt v1.3.1
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Convoi" = Convoi 1.50
"DemexV1" = DEMEX
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"H-Start Bc fekvõhelyes kocsi" = H-Start Bc fekvõhelyes kocsi
"H-Start BDt 400" = H-Start BDt 400
"H-Start WLAB hálókocsi" = H-Start WLAB hálókocsi
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Origin" = Origin
"Phoenix Service Software 2011.24.002.46258_is1" = Phoenix Service Software 2011.24.002.46258
"ProTrain Thema 1 - Nachtzüge 1.0" = ProTrain Thema 1 - Nachtzüge 1.0
"r8brain" = r8brain 1.9
"Sandboxie" = Sandboxie 3.76 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TGATool2A_is1" = TGATool2A version 4.00.34
"The route Bratislava-Brno-Praha for MSTS_is1" = The route Bratislava-Brno-Praha for MSTS version from BP 77 /
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store (German Language Pack)" = Train Store (German Language Pack)
"Train Store V3.2" = Train Store V3.2
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WNLT" = IB Updater Service
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"PKP ED72-021" = PKP ED72-021
"PKP EN57-1234" = PKP EN57-1234
"PKP EN57-1407" = PKP EN57-1407
"PKP EN57-2009" = PKP EN57-2009
"PKP EN57-647" = PKP EN57-647
"PKP PR Bhp 025" = PKP PR Bhp 025
"PKP PR Bhp 352" = PKP PR Bhp 352
"Route_Riter v7.5" = Route_Riter v7.5
"TrainSim.pl PMK_TRAINS v2.1" = TrainSim.pl PMK_TRAINS v2.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.05.2013 00:32:01 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.05.2013 01:09:56 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.05.2013 08:46:41 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.05.2013 10:18:17 | Computer Name = André-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager12.exe, Version 1.0.0.3, Zeitstempel
0x4ee1398a, fehlerhaftes Modul d3d11.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4abc1d78, Ausnahmecode 0xc0000005, Fehleroffset 0x606908b8, Prozess-ID 0x924, Anwendungsstartzeit
01ce517705fd1674.
Error - 16.05.2013 01:21:18 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.05.2013 07:52:45 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2013 01:14:52 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2013 01:23:44 | Computer Name = André-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1330 Anfangszeit: 01ce52bdda0eeed2 Zeitpunkt der
Beendigung: 241
Error - 17.05.2013 05:41:44 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2013 08:34:26 | Computer Name = André-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.06.2013 03:24:51 | Computer Name = André-PC | Source = DCOM | ID = 10010
Description =
Error - 02.06.2013 03:26:37 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.06.2013 00:04:41 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.06.2013 03:14:16 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.06.2013 02:01:17 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.06.2013 23:02:06 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.06.2013 04:49:36 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2013 00:00:39 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2013 05:52:51 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2013 01:07:41 | Computer Name = André-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2013 16:00:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\André\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 32,75% Memory free 6,09 Gb Paging File | 2,61 Gb Available in Paging File | 42,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 28,66 Gb Free Space | 19,88% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 62,67 Gb Free Space | 43,47% Space Free | Partition Type: NTFS Computer Name: ANDRÉ-PC | User Name: André | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\André\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Origin\OriginClientService.exe (Electronic Arts) PRC - C:\Programme\Origin\Origin.exe (Electronic Arts) PRC - C:\Windows\System32\jmdp\stij.exe () PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Windows\System32\dmwu.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia) PRC - C:\Users\ANDR~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Origin Games\FIFA Manager 12\Manager12.exe (Electronic Arts Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Origin\tufao.dll () MOD - C:\Windows\System32\jmdp\stij.exe () MOD - C:\Windows\System32\jmdp\lmrn.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\86365ae159cb808d52a7e3ba2700ea6c\System.Web.ni.dll () MOD - C:\Windows\System32\jmdp\sqlite3.dll () MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Origin Games\FIFA Manager 12\patching.dll () MOD - C:\Programme\Origin Games\FIFA Manager 12\Telemetry.dll () MOD - C:\Programme\Origin Games\FIFA Manager 12\GfxCore.dll () MOD - C:\Programme\Sony\Sony PC Companion\Report.dll () MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3006.0__739b31b1908c49e5\Framework.UIComponent.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll () MOD - C:\Windows\System32\SysHook.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Acer\Acer VCM\AcerControl.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0912&m=aspire_5730 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://homepage.acer.com/rdr.aspx? [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://homepage.acer.com/rdr.aspx? [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE501 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={277C697B-048F-11E2-8132-001D72C6155E}&src=2&crg=3.1010000.10013&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 09:06:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.21 00:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\André\AppData\Roaming\mozilla\Extensions [2013.04.12 04:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\nxmt9fxl.default\extensions [2013.01.06 14:54:00 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\André\AppData\Roaming\mozilla\firefox\profiles\nxmt9fxl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.04.12 04:16:04 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\André\AppData\Roaming\mozilla\firefox\profiles\nxmt9fxl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.06.03 06:07:35 | 000,002,100 | ---- | M] () -- C:\Users\André\AppData\Roaming\mozilla\firefox\profiles\nxmt9fxl.default\searchplugins\MyStart.xml [2012.09.22 10:26:26 | 000,003,915 | ---- | M] () -- C:\Users\André\AppData\Roaming\mozilla\firefox\profiles\nxmt9fxl.default\searchplugins\sweetim.xml [2012.10.28 09:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\ANDRé\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXMT9FXL.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.10.28 09:06:09 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: No name found = C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7843D5A3-F368-466F-A9B7-00DDAB07EC13}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7ED7B-04AE-4E3D-8D0C-514547E5BF3C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\André\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\André\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{26985bd9-9e88-11e2-bc3b-001d72c6155e}\Shell - "" = AutoRun O33 - MountPoints2\{26985bd9-9e88-11e2-bc3b-001d72c6155e}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.07 15:58:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\André\Desktop\OTL.exe [2013.06.07 15:54:16 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Roaming\Malwarebytes [2013.06.07 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.07 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.07 15:53:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.07 15:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.07 14:38:07 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Roaming\SUPERAntiSpyware.com [2013.06.07 14:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.06.07 14:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.06.07 14:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.06.03 06:07:31 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll [2013.06.03 06:07:31 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2013.06.03 06:07:31 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll [2013.06.03 06:07:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.06.03 06:07:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.06.03 06:07:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT [2013.05.16 07:57:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 07:30:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 07:30:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.16 07:30:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 07:29:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 07:29:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 07:29:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.16 07:29:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.15 16:33:44 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 16:33:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.09.11 05:47:06 | 048,103,936 | ---- | C] (Electronic Arts, Inc.) -- C:\Program Files\OriginSetup.exe [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.07 16:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.07 15:58:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\André\Desktop\OTL.exe [2013.06.07 15:53:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.07 15:49:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.07 15:07:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 15:07:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 14:38:23 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 18ade5de-00de-4c3d-97d3-45cbeafa1ed7.job [2013.06.07 14:38:19 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 32dff6fa-5a23-47d5-9811-e125cb4e1631.job [2013.06.07 07:13:32 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.07 07:13:32 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.07 07:13:32 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.07 07:13:32 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.07 07:07:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.07 07:07:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.06.07 07:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.07 07:07:01 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys [2013.06.05 20:29:50 | 000,010,735 | ---- | M] () -- C:\Users\André\Desktop\Bewerbungen.jpg [2013.06.04 08:03:11 | 000,001,674 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.06.02 21:22:09 | 000,000,000 | ---- | M] () -- C:\Users\André\AppData\Roaming\FileOut.cns [2013.06.02 21:22:09 | 000,000,000 | ---- | M] () -- C:\Users\André\AppData\Roaming\FileIn.cns [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2013.05.21 15:28:38 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.16 13:52:14 | 000,301,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:00:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 16:00:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.11 09:20:24 | 000,000,158 | ---- | M] () -- C:\Windows\TSDataEx.ini [2013.05.11 09:20:24 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2013.05.11 09:20:24 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.07 15:53:33 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.07 14:38:23 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 18ade5de-00de-4c3d-97d3-45cbeafa1ed7.job [2013.06.07 14:38:19 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 32dff6fa-5a23-47d5-9811-e125cb4e1631.job [2013.06.05 20:29:50 | 000,010,735 | ---- | C] () -- C:\Users\André\Desktop\Bewerbungen.jpg [2013.06.05 18:58:49 | 000,078,994 | ---- | C] () -- C:\Users\André\Desktop\Zeugnis2002.pdf [2013.06.03 06:07:29 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2013.06.03 06:07:29 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2013.01.07 22:04:47 | 000,004,644 | ---- | C] () -- C:\Users\André\AppData\Local\recently-used.xbel [2012.11.24 14:29:14 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.11.22 14:56:49 | 000,000,000 | ---- | C] () -- C:\Users\André\Podwójny Elf KS odjezdza ze stacji Katowice + zapowiedz pociagu EX _Klimczok_.mp3 [2012.10.21 19:38:54 | 000,001,674 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.10.13 08:13:31 | 000,000,220 | ---- | C] () -- C:\Windows\Demex.INI [2012.10.11 18:05:26 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini [2012.10.04 16:31:11 | 000,007,052 | ---- | C] () -- C:\Users\André\AppData\Local\d3d9caps.dat [2012.09.23 13:39:35 | 000,016,384 | ---- | C] () -- C:\Users\André\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.21 22:57:53 | 000,000,000 | ---- | C] () -- C:\Users\André\AppData\Roaming\FileOut.cns [2012.09.21 22:57:53 | 000,000,000 | ---- | C] () -- C:\Users\André\AppData\Roaming\FileIn.cns [2012.09.16 07:59:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.09.16 07:59:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.09.12 17:09:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.09.12 07:05:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.09.11 16:45:10 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2012.09.11 06:59:46 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2012.09.11 06:45:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2012.09.11 06:45:39 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2012.09.10 21:51:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2012.09.10 21:44:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.09.10 21:44:04 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.09.10 21:44:04 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2012.09.10 21:37:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2012.09.10 21:37:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2012.09.10 21:37:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
07.06.2013, 17:48
| #6 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- Meldung Hi, Scan mit Combofix
__________________ --> "We are Hacked"- Meldung |
|
07.06.2013, 18:33
| #7 |
| | "We are Hacked"- Meldung Ok. Erledigt. Das müßte dann diese sein. Sorry. Ich weiß nicht, wie das mit "CODE" geht  Ich wurde übrigens nicht aufgefordert, den Laptop neuzustarten. Combofix Logfile: Code:
ATTFilter ComboFix 13-06-07.03 - André 07.06.2013 19:09:29.1.2 - x86
ausgeführt von:: c:\users\AndrÚ\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MW
c:\program files\MW\TGATool2\TGATool2A.exe
c:\program files\MW\TGATool2\unins000.dat
c:\program files\MW\TGATool2\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system32\SET141C.tmp
c:\windows\system32\SETC4A.tmp
c:\windows\system32\SETDB2.tmp
c:\windows\system32\SETF4A.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-07 bis 2013-06-07 ))))))))))))))))))))))))))))))
.
.
2013-06-07 17:24 . 2013-06-07 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 13:54 . 2013-06-07 13:54 -------- d-----w- c:\users\André\AppData\Roaming\Malwarebytes
2013-06-07 13:53 . 2013-06-07 13:53 -------- d-----w- c:\programdata\Malwarebytes
2013-06-07 13:53 . 2013-06-07 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-07 13:53 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-07 12:38 . 2013-06-07 12:38 -------- d-----w- c:\users\André\AppData\Roaming\SUPERAntiSpyware.com
2013-06-07 12:37 . 2013-06-07 12:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-07 12:37 . 2013-06-07 12:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-03 04:07 . 2013-06-03 04:07 -------- d-----w- c:\windows\system32\jmdp
2013-06-03 04:07 . 2013-06-03 04:07 -------- d-----w- c:\windows\system32\ARFC
2013-06-03 04:07 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-03 04:07 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-03 04:07 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-03 04:07 . 2013-05-21 13:31 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-06-03 04:07 . 2013-05-21 13:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-03 04:07 . 2013-06-07 05:10 -------- d-----w- c:\windows\system32\WNLT
2013-05-16 05:57 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 05:30 . 2013-04-04 22:47 149632 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-05-16 05:30 . 2013-04-04 22:00 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-05-16 05:30 . 2013-04-04 21:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 05:30 . 2013-04-04 21:59 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-05-16 05:30 . 2013-04-04 21:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-15 14:33 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:33 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:33 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:00 . 2012-09-11 04:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 14:00 . 2012-09-11 04:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-08 09:49 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 06:05 . 2013-04-07 06:05 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-07 06:05 . 2013-04-07 06:05 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-01 19:59 . 2012-10-21 17:30 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-01 19:59 . 2012-10-21 17:30 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-01 19:59 . 2012-10-21 17:30 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-11 13:25 . 2013-04-10 15:07 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 15:07 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-19 18:55 . 2012-09-11 03:47 48103936 ----a-w- c:\program files\OriginSetup.exe
2012-10-28 07:06 . 2012-10-28 07:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-11 68856]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-12 1088424]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 545552]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 04:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 14:00]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 13:44]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 13:44]
.
2013-06-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 18ade5de-00de-4c3d-97d3-45cbeafa1ed7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-06-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 32dff6fa-5a23-47d5-9811-e125cb4e1631.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://dsl-start.computerbild.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0912&m=aspire_5730
IE: Free YouTube Download - c:\users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\André\AppData\Roaming\Mozilla\Firefox\Profiles\nxmt9fxl.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={277C697B-048F-11E2-8132-001D72C6155E}&src=2&crg=3.1010000.10013&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-H-Start Bc fekvõhelyes kocsi - c:\users\André\Desktop\Uninstal.exe
AddRemove-H-Start BDt 400 - c:\users\André\Desktop\Uninstal.exe
AddRemove-H-Start WLAB hálókocsi - c:\users\André\Desktop\Uninstal.exe
AddRemove-TGATool2A_is1 - c:\program files\MW\TGATool2\unins000.exe
AddRemove-The route Bratislava-Brno-Praha for MSTS_is1 - c:\train simulator\unins000.exe
AddRemove-{587A2120-41D3-11DB-3D6C-00E19E4D4AE1} - c:\program files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.8.0521 EN.exe
AddRemove-PKP ED72-021 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP EN57-1234 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP EN57-1407 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP EN57-2009 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP EN57-647 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP PR Bhp 025 - c:\users\André\Desktop\Uninstal.exe
AddRemove-PKP PR Bhp 352 - c:\users\André\Desktop\Uninstal.exe
AddRemove-TrainSim.pl PMK_TRAINS v2.1 - c:\users\André\Desktop\uninstall_pmk_trains.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-07 19:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-07 19:31:32
ComboFix-quarantined-files.txt 2013-06-07 17:31
.
Vor Suchlauf: 12 Verzeichnis(se), 37.149.593.600 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 38.854.000.640 Bytes frei
.
- - End Of File - - 426B3CC5F87186E613FC23AAD3CAD061
A863475757CC50891AA8458C415E4B25 [/QUOTE] |
|
07.06.2013, 18:34
| #8 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- Meldung So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2013, 18:52
| #9 |
| | "We are Hacked"- Meldung Ok Danke. Dann so hier. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Andr‚ on 07.06.2013 at 19:45:43,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Andr‚\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Andr‚\appdata\local\{568953B7-8923-40A0-8A1D-BE5CC94FEBB6}
Successfully deleted: [Empty Folder] C:\Users\Andr‚\appdata\local\{A9185C68-679A-46AB-B859-6CA5F87657F6}
~~~ FireFox
Emptied folder: C:\Users\Andr‚\AppData\Roaming\mozilla\firefox\profiles\nxmt9fxl.default\minidumps [16 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.06.2013 at 19:51:28,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.302 - Datei am 07/06/2013 um 19:39:52 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : André - ANDRÉ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\André\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IBUpdaterService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\nxmt9fxl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\nxmt9fxl.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\Windows\system32\Zynga
Gelöscht mit Neustart : C:\Windows\system32\Zynga
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Ordner Gelöscht : C:\Users\André\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\nxmt9fxl.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\system32\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Datei : C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\nxmt9fxl.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={277C697B-048F-11E2-8132-001D72[...]
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1366746520275");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10013");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{277C697B-048F-11E2-8132-001D72C6155E}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [23842 octets] - [07/06/2013 19:39:52]
########## EOF - C:\AdwCleaner[S1].txt - [23903 octets] ##########
|
|
08.06.2013, 09:41
| #10 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- MeldungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 10:05
| #11 |
| | "We are Hacked"- Meldung Hallo, EDIT: Ich habe übrigens 2 festverbaute Festplatten. Ich kann also keine anderen Festplatten anschließen und ein Stick habe ich auch nicht. Geändert von Kékfrankos (08.06.2013 um 10:39 Uhr) |
|
08.06.2013, 11:20
| #12 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- Meldung Dann scan einfach das was da ist
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 19:00
| #13 |
| | "We are Hacked"- Meldung Hallo, also diese ESET daddelt schon seit 9:02 Std und ist erst bei 49%. Dauert das wirklich so lange? Dann muß ich wohl den Lappi über die Nacht anlassen?! |
|
08.06.2013, 20:47
| #14 |
| /// the machine /// TB-Ausbilder | "We are Hacked"- Meldung Das ist schon extrem lange, normal sind maximal 4. Wo steht er jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 21:15
| #15 |
| | "We are Hacked"- Meldung Aktuell bei 11:18 Std und 87%. Ok. Hier die beiden Datein. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8970a8c1285b8140bdee1e2db55b74ee
# engine=14023
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-08 10:45:43
# local_time=2013-06-09 12:45:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=771 16777214 33 1 19031451 19031451 0 0
# compatibility_mode=1799 16775165 100 97 114460 236154833 107174 0
# compatibility_mode=5892 16776574 100 100 19462365 208264271 0 0
# scanned=863719
# found=0
# cleaned=0
# scan_time=49711
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
| Themen zu "We are Hacked"- Meldung |
| cc cleaner, cleaner, gehackt, grüner, hacked, heute, laptop, link, meldung, sandbox, schadprogramme, schwarze, seite, sofort, stand, weiterhelfen |
Linear-Darstellung
