Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Interpol NAchricht

Interpol NAchricht


Plagegeister aller Art und deren Bekämpfung: Interpol NAchricht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.04.2014, 12:21   #1
HeLpLeS
 
Interpol NAchricht - Icon27

Interpol NAchricht


Hallo erstmals, ich war heute im Internet unterwegs und plötzlich kam mir eine Seite von Interpol entgegen ich überfliegete es schnell und da stand was von einer Geldstraffe und Gefängnis aus Panik versuchte ich alles zu schließen aber es klappte nicht. Ich öffnete den Task-Manager und beendete dann die Seite. Da ich Windows 8 habe gibt es die Funktion "Auffrischen des Computers" das habe ich dann gemacht. Ich weis jetzt nicht ob der Virus noch da ist oder entfernt wurde. Ich hoffe ihr könnt mir Helfen!!

Alt 22.04.2014, 12:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpol NAchricht - Standard

Interpol NAchricht


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 22.04.2014, 12:38   #3
HeLpLeS
 
Interpol NAchricht - Standard

Interpol NAchricht


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Rijad (administrator) on RIJAD on 22-04-2014 13:29:29
Running from C:\Users\Rijad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44AB7M62
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files (x86)\Acer Remote\ArcServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1527896 2012-06-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = 
SearchScopes: HKCU - {88A9F607-64FF-4532-A71E-FD20FE8D3D7C} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-03-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-03-01]

==================== Services (Whitelisted) =================

S2 0214491398164281mcinstcleanup; C:\Windows\TEMP\021449~1.EXE [828032 2012-09-07] (McAfee, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-21] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 22:52 - 2014-04-22 22:52 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-04-22 22:52 - 2014-04-22 22:52 - 00000000 ____D () C:\Windows.old
2014-04-22 13:29 - 2014-04-22 13:29 - 00000000 ____D () C:\FRST
2014-04-22 13:02 - 2014-04-22 13:02 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\AcerRemote
2014-04-22 13:02 - 2014-04-22 13:02 - 00000000 ____D () C:\Users\Rijad\AppData\Local\Apps\2.0
2014-04-22 13:01 - 2014-04-22 13:01 - 00011820 _____ () C:\Users\Rijad\Desktop\Entfernte Anwendungen.html
2014-04-22 13:01 - 2014-04-22 13:01 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-04-22 13:01 - 2012-08-24 05:39 - 00000000 _____ () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-04-22 13:00 - 2014-04-22 13:00 - 00001770 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2014-04-22 13:00 - 2014-04-22 13:00 - 00001442 _____ () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 13:00 - 2014-04-22 13:00 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-04-22 13:00 - 2014-04-22 13:00 - 00000000 ____D () C:\Program Files\Accessory Store
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\Macromedia
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\Adobe
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Local\VirtualStore
2014-04-22 12:57 - 2014-04-22 12:57 - 00000020 ___SH () C:\Users\Rijad\ntuser.ini
2014-04-22 12:54 - 2014-04-22 13:01 - 00000000 ____D () C:\Users\Rijad
2014-04-22 12:54 - 2014-04-22 12:54 - 00017148 _____ () C:\Windows\diagwrn.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00017148 _____ () C:\Windows\diagerr.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00002022 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Vorlagen
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Startmenü
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Netzwerkumgebung
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Lokale Einstellungen
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Eigene Dateien
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Druckumgebung
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Documents\Eigene Musik
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Documents\Eigene Bilder
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Local\Verlauf
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Local\Anwendungsdaten
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Anwendungsdaten
2014-04-22 12:54 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-22 12:54 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-22 12:54 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-22 12:54 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-22 12:41 - 2014-04-22 22:43 - 00000000 ___HD () C:\$SysReset
2014-04-09 20:02 - 2014-04-09 20:02 - 00000000 ____D () C:\Users\Rijad\Documents\AdobeStockPhotos
2014-04-03 19:11 - 2014-04-03 19:11 - 00921000 _____ (Oracle Corporation) C:\Users\Rijad\Downloads\chromeinstall-7u51.exe
2014-04-03 19:10 - 2014-04-03 19:15 - 276762432 _____ (NVIDIA Corporation) C:\Users\Rijad\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-04-03 19:08 - 2014-04-03 19:08 - 00000000 ____D () C:\Users\Rijad\Documents\Ghost Games
2014-04-03 17:08 - 2014-04-03 17:22 - 00000000 ____D () C:\Users\Rijad\Downloads\NFS Rivals
2014-04-03 16:49 - 2014-04-03 16:49 - 13908362 _____ () C:\Users\Rijad\Downloads\NFS14Rivals.Origin.Crack (MP).7z
2014-04-03 16:46 - 2014-04-03 16:46 - 02087616 _____ () C:\Users\Rijad\Downloads\winrar-x64-501d.exe
2014-04-03 16:46 - 2014-04-03 16:46 - 00351744 _____ () C:\Users\Rijad\Downloads\SETUP__6789_il5711.exe
2014-04-03 16:24 - 2014-04-03 16:24 - 04490523 _____ () C:\Users\Rijad\Downloads\Need-For-Speed-Rivals-Serial-Key-Generator-V1.03-2013.rar
2014-04-03 16:11 - 2014-04-03 16:11 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Rijad\Downloads\OriginThinSetup.exe
2014-04-03 16:09 - 2014-04-10 15:51 - 00027136 ___SH () C:\Users\Rijad\Desktop\Thumbs.db
2014-04-03 14:28 - 2014-04-03 17:10 - 00000000 ____D () C:\Users\Rijad\Downloads\Need.For.Speed.Rivals-RELOADED
2014-04-02 17:04 - 2014-04-02 17:04 - 00626688 _____ () C:\Users\Rijad\Downloads\Detection.msi
2014-03-30 19:17 - 2014-03-30 19:17 - 00386896 _____ (Softonic ) C:\Users\Rijad\Downloads\SoftonicDownloader_fuer_vuescan.exe
2014-03-30 19:10 - 2014-03-30 19:10 - 00845790 _____ () C:\Users\Rijad\Downloads\Scanner-Interface-703.zip
2014-03-30 19:06 - 2014-03-30 19:09 - 00000000 ____D () C:\Users\Rijad\Documents\Fax
2014-03-30 18:15 - 2014-03-30 18:15 - 00000000 ____D () C:\Users\Rijad\Documents\Updater
2014-03-30 18:13 - 2014-03-30 18:13 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-03-30 18:12 - 2014-03-30 18:12 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-03-30 17:50 - 2014-03-30 17:56 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Rijad\Downloads\PS_CS2_Gr_NonRet.exe
2014-03-26 16:41 - 2014-04-22 12:54 - 00000000 ____D () C:\Users\Rijad\Desktop\Games
2014-03-25 19:08 - 2014-04-22 10:16 - 00000000 ____D () C:\Users\Rijad\Documents\ManiaPlanet
2014-03-25 18:38 - 2014-03-25 19:04 - 1632772392 _____ () C:\Users\Rijad\Downloads\ManiaplanetSMStormEliteDemoSetup.exe
2014-03-23 18:59 - 2014-03-23 18:59 - 00000000 ____D () C:\Users\Rijad\Documents\My Cheat Tables

==================== One Month Modified Files and Folders =======

2014-04-22 22:52 - 2014-04-22 22:52 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-04-22 22:52 - 2014-04-22 22:52 - 00000000 ____D () C:\Windows.old
2014-04-22 22:52 - 2012-07-26 10:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-04-22 22:43 - 2014-04-22 12:41 - 00000000 ___HD () C:\$SysReset
2014-04-22 13:29 - 2014-04-22 13:29 - 00000000 ____D () C:\FRST
2014-04-22 13:29 - 2013-03-01 08:15 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-22 13:28 - 2013-03-01 08:17 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2014-04-22 13:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-22 13:02 - 2014-04-22 13:02 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\AcerRemote
2014-04-22 13:02 - 2014-04-22 13:02 - 00000000 ____D () C:\Users\Rijad\AppData\Local\Apps\2.0
2014-04-22 13:02 - 2013-10-08 21:19 - 01014509 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 13:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-22 13:01 - 2014-04-22 13:01 - 00011820 _____ () C:\Users\Rijad\Desktop\Entfernte Anwendungen.html
2014-04-22 13:01 - 2014-04-22 13:01 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ___RD () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-22 13:01 - 2014-04-22 13:01 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-04-22 13:01 - 2014-04-22 12:54 - 00000000 ____D () C:\Users\Rijad
2014-04-22 13:01 - 2013-03-01 07:14 - 00000000 ___HD () C:\OEM
2014-04-22 13:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-22 13:00 - 2014-04-22 13:00 - 00001770 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2014-04-22 13:00 - 2014-04-22 13:00 - 00001442 _____ () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 13:00 - 2014-04-22 13:00 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-04-22 13:00 - 2014-04-22 13:00 - 00000000 ____D () C:\Program Files\Accessory Store
2014-04-22 13:00 - 2014-03-11 16:31 - 00000000 ____D () C:\Users\Rijad\AppData\Local\Packages
2014-04-22 13:00 - 2013-10-01 20:35 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 13:00 - 2013-10-01 20:35 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 13:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\Macromedia
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Roaming\Adobe
2014-04-22 12:58 - 2014-04-22 12:58 - 00000000 ____D () C:\Users\Rijad\AppData\Local\VirtualStore
2014-04-22 12:57 - 2014-04-22 12:57 - 00000020 ___SH () C:\Users\Rijad\ntuser.ini
2014-04-22 12:57 - 2013-03-01 08:16 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-22 12:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-22 12:57 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-22 12:54 - 2014-04-22 12:54 - 00017148 _____ () C:\Windows\diagwrn.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00017148 _____ () C:\Windows\diagerr.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00002022 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Vorlagen
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Startmenü
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Netzwerkumgebung
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Lokale Einstellungen
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Eigene Dateien
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Druckumgebung
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Documents\Eigene Musik
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Documents\Eigene Bilder
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Local\Verlauf
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\AppData\Local\Anwendungsdaten
2014-04-22 12:54 - 2014-04-22 12:54 - 00000000 _SHDL () C:\Users\Rijad\Anwendungsdaten
2014-04-22 12:54 - 2014-03-26 16:41 - 00000000 ____D () C:\Users\Rijad\Desktop\Games
2014-04-22 12:54 - 2013-03-01 07:20 - 00000000 ____D () C:\Windows\Panther
2014-04-22 12:54 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-22 12:54 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-22 12:54 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-22 12:54 - 2012-07-26 09:21 - 00020750 _____ () C:\Windows\setupact.log
2014-04-22 12:54 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-22 12:53 - 2014-04-22 12:53 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-22 12:53 - 2013-10-08 21:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-22 12:53 - 2013-03-01 07:20 - 00005976 _____ () C:\Windows\PFRO.log
2014-04-22 12:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-22 12:53 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 10:16 - 2014-03-25 19:08 - 00000000 ____D () C:\Users\Rijad\Documents\ManiaPlanet
2014-04-21 14:14 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 15:51 - 2014-04-03 16:09 - 00027136 ___SH () C:\Users\Rijad\Desktop\Thumbs.db
2014-04-10 13:23 - 2014-03-20 16:06 - 00027136 ___SH () C:\Users\Rijad\Downloads\Thumbs.db
2014-04-09 20:02 - 2014-04-09 20:02 - 00000000 ____D () C:\Users\Rijad\Documents\AdobeStockPhotos
2014-04-03 19:15 - 2014-04-03 19:10 - 276762432 _____ (NVIDIA Corporation) C:\Users\Rijad\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-04-03 19:11 - 2014-04-03 19:11 - 00921000 _____ (Oracle Corporation) C:\Users\Rijad\Downloads\chromeinstall-7u51.exe
2014-04-03 19:08 - 2014-04-03 19:08 - 00000000 ____D () C:\Users\Rijad\Documents\Ghost Games
2014-04-03 17:22 - 2014-04-03 17:08 - 00000000 ____D () C:\Users\Rijad\Downloads\NFS Rivals
2014-04-03 17:10 - 2014-04-03 14:28 - 00000000 ____D () C:\Users\Rijad\Downloads\Need.For.Speed.Rivals-RELOADED
2014-04-03 16:49 - 2014-04-03 16:49 - 13908362 _____ () C:\Users\Rijad\Downloads\NFS14Rivals.Origin.Crack (MP).7z
2014-04-03 16:46 - 2014-04-03 16:46 - 02087616 _____ () C:\Users\Rijad\Downloads\winrar-x64-501d.exe
2014-04-03 16:46 - 2014-04-03 16:46 - 00351744 _____ () C:\Users\Rijad\Downloads\SETUP__6789_il5711.exe
2014-04-03 16:24 - 2014-04-03 16:24 - 04490523 _____ () C:\Users\Rijad\Downloads\Need-For-Speed-Rivals-Serial-Key-Generator-V1.03-2013.rar
2014-04-03 16:11 - 2014-04-03 16:11 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Rijad\Downloads\OriginThinSetup.exe
2014-04-02 17:04 - 2014-04-02 17:04 - 00626688 _____ () C:\Users\Rijad\Downloads\Detection.msi
2014-03-30 19:17 - 2014-03-30 19:17 - 00386896 _____ (Softonic ) C:\Users\Rijad\Downloads\SoftonicDownloader_fuer_vuescan.exe
2014-03-30 19:10 - 2014-03-30 19:10 - 00845790 _____ () C:\Users\Rijad\Downloads\Scanner-Interface-703.zip
2014-03-30 19:09 - 2014-03-30 19:06 - 00000000 ____D () C:\Users\Rijad\Documents\Fax
2014-03-30 18:15 - 2014-03-30 18:15 - 00000000 ____D () C:\Users\Rijad\Documents\Updater
2014-03-30 18:13 - 2014-03-30 18:13 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-03-30 18:12 - 2014-03-30 18:12 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-03-30 17:56 - 2014-03-30 17:50 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Rijad\Downloads\PS_CS2_Gr_NonRet.exe
2014-03-25 19:04 - 2014-03-25 18:38 - 1632772392 _____ () C:\Users\Rijad\Downloads\ManiaplanetSMStormEliteDemoSetup.exe
2014-03-23 18:59 - 2014-03-23 18:59 - 00000000 ____D () C:\Users\Rijad\Documents\My Cheat Tables

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-01 07:20

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Rijad at 2014-04-22 13:30:15
Running from C:\Users\Rijad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44AB7M62
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 11.6.385 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 311.06 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.15 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.15 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1115 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.15 (Version: 311.15 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23726ED5-FCEB-49CC-BC6A-D0787300E3F4} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-01-22] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {71EDB063-5FEE-4D22-A94B-525E84C552A8} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {80FDE010-12F9-400E-BCCC-6C1A5C23EB05} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Identity Card\FUB.bat [2012-05-30] ()
Task: {91BA1672-1407-40E4-9D4B-02867E554A83} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {A61D0B5A-C32F-45BF-B34F-433DF08EBA3F} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {C2A80B66-AAD7-4B09-A594-F8285782D5E8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E8D928FB-5A15-49B8-A23C-74F5D8FE9214} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F83B44E8-B335-4003-A13E-E3C5DDA63879} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: {FA50CE9B-5023-4456-961B-885EDF3FF00A} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-24] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2013-03-01 08:16 - 2012-06-22 17:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
2013-10-08 21:32 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-06 10:06 - 2013-07-15 10:48 - 00054680 _____ () C:\Program Files (x86)\Acer Remote\plugins\general.dll
2013-02-06 10:06 - 2013-07-15 10:48 - 00040344 _____ () C:\Program Files (x86)\Acer Remote\plugins\ITunesBase.dll
2013-02-06 10:06 - 2013-07-15 10:48 - 00039832 _____ () C:\Program Files (x86)\Acer Remote\plugins\WinEight.dll
2013-02-06 10:06 - 2013-07-15 10:48 - 00110488 _____ () C:\Program Files (x86)\Acer Remote\plugins\WMPBase.dll
2013-02-06 10:06 - 2013-07-15 10:48 - 00040344 _____ () C:\Program Files (x86)\Acer Remote\plugins\YTBBase.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 01:25:38 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16433 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10a4

Startzeit: 01cf5e1a10739a2d

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: d0550862-ca10-11e3-be6f-7427eab6f2bd

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/22/2014 00:53:49 PM) (Source: ESENT) (User: )
Description: services (776) Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.

Error: (04/22/2014 00:53:49 PM) (Source: ESENT) (User: )
Description: services (776) Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\WINDOWS\Security\Database\secedit.sdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.


System errors:
=============
Error: (04/22/2014 00:58:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (10/08/2013 10:08:46 PM) (Source: DCOM) (User: Rijad)
Description: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}


Microsoft Office Sessions:
=========================
Error: (04/22/2014 01:25:38 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.1643310a401cf5e1a10739a2d0C:\Windows\Explorer.EXEd0550862-ca10-11e3-be6f-7427eab6f2bd

Error: (04/22/2014 00:53:49 PM) (Source: ESENT)(User: )
Description: services776-1216

Error: (04/22/2014 00:53:49 PM) (Source: ESENT)(User: )
Description: services776-1216C:\WINDOWS\Security\Database\secedit.sdb


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8149.41 MB
Available physical RAM: 5719.33 MB
Total Pagefile: 12757.41 MB
Available Pagefile: 10042.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.6 GB) (Free:348.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A3C85569)

Partition: GPT Partition Type.

==================== End Of Log ============================
__________________
Alt 22.04.2014, 12:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpol NAchricht - Standard

Interpol NAchricht


Zitat:
C:\Users\Rijad\Downloads\NFS14Rivals.Origin.Crack (MP).7z


Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.04.2014, 12:55   #5
HeLpLeS
 
Interpol NAchricht - Standard

Interpol NAchricht


HÄ ich weis nicht was ich illegales habe


Alt 22.04.2014, 13:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpol NAchricht - Standard

Interpol NAchricht


Steht doch da! Ich habs extra zitiert! Du hast mindestens im Download-Ordner einen Crack für NFS14 (?) wohl Need for Speed sein soll
__________________
--> Interpol NAchricht

Antwort

Themen zu Interpol NAchricht
compu, computers, entfern, entfernt, funktion, gefängnis, heute, hoffe, inter, interne, internet, interpol trojaner, nachricht, panik, plötzlich, schließe, schließen, schnell, seite, stand, task-manager, unterwegs, versuch, virus, windows, windows 8, zahlen?


« Malwarebytes-Scan Infizierung- Registrierungsschlüssel: 1 | Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll »


Ähnliche Themen: Interpol NAchricht


  1. Steam-Nachricht mit .scr Datei
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (3)
  2. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  3. Meine heutige Nachricht an M-K-D-B
    Log-Analyse und Auswertung - 25.01.2014 (1)
  4. Nachricht von BSI gefälscht?
    Diskussionsforum - 24.01.2014 (2)
  5. Pay Pal Nachricht geöffnet
    Log-Analyse und Auswertung - 17.10.2013 (15)
  6. Groupon Nachricht mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (5)
  7. T-Mobile spam: MMS-Nachricht
    Diskussionsforum - 12.02.2013 (24)
  8. GMX Nachricht: ich bin infiziert mit Zeus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (24)
  9. Facebook Nachricht mit amazon.zip
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (35)
  10. Virus wegen Icq Nachricht
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (9)
  11. Nachricht von der Koobface-Gang
    Nachrichten - 18.05.2010 (0)
  12. Nachricht vom Virenscanner
    Log-Analyse und Auswertung - 07.02.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Interpol NAchricht - Hallo erstmals, ich war heute im Internet unterwegs und plötzlich kam mir eine Seite von Interpol entgegen ich überfliegete es schnell und da stand was von einer Geldstraffe und Gefängnis - Interpol NAchricht...
Archiv
Du betrachtest: Interpol NAchricht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130