| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Aol Mailaccount gehackt - Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.05.2013, 19:48
| #1 |
| |  Aol Mailaccount gehackt - Trojaner? Hallo, ich besuche jetzt diese Seite zum ersten mal und hoffe das ich alles richtig gemacht habe! Ich habe von heute Mittag an das Problem das einer meinen AOL Email Account gehackt hat und Spammails versendet hat. Ich habe einige Freunde angerufen ( wo ich weiß das ich Mail Kontakt hatte) diese erhielten auch diese Mail Nun bin ich nach Hause und wollte auf Aol Mail mein Passwort ändern dun komme nicht mal mehr an meine Mails da ich diese Mailadresse auch für 3 Bewerbungen genutzt habe währe es toll da nochmal ran zu kommen allerdings erreicht man bei AOL keinen.. kann mir hier geholfen werden? Und nun habe ich auch Angst das es ein Trojaner war und habe es hier alles : GMER 2.1.19163 - hxxp://www.gmer.net Rootkit quick scan 2013-05-13 20:15:25 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST340014A rev.8.16 37,25GB Running: gmer_2.1.19163.exe; Driver: C:\Users\BCKER~1\AppData\Local\Temp\ufdiipoc.sys ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- System - GMER 2.1 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9193ABA0] ---- EOF - GMER 2.1 ---- efogger_disable by jpshortstuff (23.02.10.1) Log created at 19:30 on 13/05/2013 (Bäcker) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 19:35:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bäcker\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,55% Memory free
5,99 Gb Paging File | 5,00 Gb Available in Paging File | 83,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,15 Gb Total Space | 20,31 Gb Free Space | 54,67% Space Free | Partition Type: NTFS
Drive D: | 37,26 Gb Total Space | 37,08 Gb Free Space | 99,52% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: BÄCKER-PC | User Name: Bäcker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E627FEC-AE63-463F-97E0-76AF304A0FA6}" = lport=5910 | protocol=6 | dir=in | name=vnc5910 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F24E2A8-D732-478B-A76F-C70FA5F8F19D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{523E8BFC-DFD1-4073-ADA6-1D20B584F8B0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7573FC7B-B732-4134-9F7C-488B21C1EB23}" = protocol=17 | dir=in | app=c:\users\bäcker\appdata\local\crossloop\tvnserver.exe |
"{94A4F343-B567-483A-96C1-CDD0D7454C24}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{CCDFAC06-8F7E-49E4-B8B9-F42F6B7D2BEE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{E30D1D37-A316-4767-8F4C-F6D95D31514F}" = protocol=6 | dir=in | app=c:\users\bäcker\appdata\local\crossloop\vncviewer.exe |
"{E340036F-1C33-4A3E-9383-7744C4451372}" = protocol=17 | dir=in | app=c:\users\bäcker\appdata\local\crossloop\vncviewer.exe |
"{F113E643-0F80-4133-BB29-FB8206B27CEF}" = protocol=6 | dir=in | app=c:\users\bäcker\appdata\local\crossloop\tvnserver.exe |
"TCP Query User{29C07C5C-8F6F-4CBF-A924-7A38060BC439}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{4026ED3F-7B9B-48E2-A349-BEC4DEA06F8E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B59F7781-9DDB-4872-A0F5-0D70B01A8557}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{BF33D6A9-BEF6-4199-8A50-351DC2DEB3C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFAD3B6-3852-46A3-B19E-AE99B8E9C248}" = Adobe Shockwave Player 11.6
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.14
"avast" = avast! Free Antivirus
"CrossLoop_is1" = CrossLoop 2.82
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"M928366" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RocketDock_is1" = RocketDock 1.3.5
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2006 18:06:26 | Computer Name = Bäcker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.06.2006 18:06:32 | Computer Name = Bäcker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.06.2006 18:06:32 | Computer Name = Bäcker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.06.2006 18:06:37 | Computer Name = Bäcker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.04.2013 04:30:40 | Computer Name = Bäcker-PC | Source = VSS | ID = 8194
Description =
Error - 03.04.2013 04:51:27 | Computer Name = Bäcker-PC | Source = VSS | ID = 8194
Description =
Error - 03.04.2013 05:29:03 | Computer Name = Bäcker-PC | Source = VSS | ID = 8194
Description =
Error - 03.04.2013 05:41:55 | Computer Name = Bäcker-PC | Source = VSS | ID = 8194
Description =
Error - 05.04.2013 12:20:33 | Computer Name = Bäcker-PC | Source = VSS | ID = 8194
Description =
Error - 19.04.2013 07:22:13 | Computer Name = Bäcker-PC | Source = MsiInstaller | ID = 11935
Description =
[ System Events ]
Error - 12.05.2013 14:47:50 | Computer Name = Bäcker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 12.05.2013 17:10:34 | Computer Name = Bäcker-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 12.05.2013 17:10:34 | Computer Name = Bäcker-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 12.05.2013 17:10:35 | Computer Name = Bäcker-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 12.05.2013 17:10:35 | Computer Name = Bäcker-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 12.05.2013 17:10:36 | Computer Name = Bäcker-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 13.05.2013 03:27:34 | Computer Name = Bäcker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 25.06.2006 18:03:38 | Computer Name = Bäcker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 25.06.2006 18:09:29 | Computer Name = Bäcker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 13.05.2013 13:35:22 | Computer Name = Bäcker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2013 20:18:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bäcker\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,26% Memory free
5,99 Gb Paging File | 4,90 Gb Available in Paging File | 81,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,15 Gb Total Space | 20,31 Gb Free Space | 54,66% Space Free | Partition Type: NTFS
Drive D: | 37,26 Gb Total Space | 37,08 Gb Free Space | 99,52% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: BÄCKER-PC | User Name: Bäcker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.13 20:17:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bäcker\Downloads\OTL (1).exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.07 20:54:54 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.05 18:54:30 | 000,532,480 | ---- | M] (VIA TECH) -- C:\Programme\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Programme\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2009.12.16 18:00:49 | 000,167,936 | ---- | M] () -- C:\Programme\VIA\VIAudioi\EnvyADeck\Envy24Api.dll
MOD - [2009.08.07 15:35:50 | 000,069,632 | ---- | M] () -- C:\Programme\VIA\VIAudioi\EnvyADeck\QsApoApi.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
========== Services (SafeList) ==========
SRV - [2013.04.17 22:00:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.07 20:54:54 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.05 19:08:44 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2011.04.05 19:08:12 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\BCKER~1\AppData\Local\Temp\ufdiipoc.sys -- (ufdiipoc)
DRV - [2013.03.14 20:38:53 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.10.01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvolwin7.sys -- (Sftvol)
DRV - [2011.10.01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirwin7.sys -- (Sftredir)
DRV - [2011.10.01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaywin7.sys -- (Sftplay)
DRV - [2011.10.01 01:30:36 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfswin7.sys -- (Sftfs)
DRV - [2009.12.03 19:42:33 | 000,675,840 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
IE - HKLM\..\SearchScopes\{1607697B-D0C8-6DE4-EC89-00368AD10661}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e24769b9-9058-4283-93c1-2e127f013f42&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e24769b9-9058-4283-93c1-2e127f013f42&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 6E 1B 1C D9 20 CE 01 [binary data]
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e24769b9-9058-4283-93c1-2e127f013f42&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e24769b9-9058-4283-93c1-2e127f013f42&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\..\SearchScopes\{1607697B-D0C8-6DE4-EC89-00368AD10661}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e24769b9-9058-4283-93c1-2e127f013f42&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
IE - HKU\S-1-5-21-2566017910-799899612-3597449316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Mysearchdial (Enabled)
CHR - default_search_provider: search_url = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://start.mysearchdial.com/?f=1&a=ironmsd04&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CyBtC0DtAyDyEtBtD0CtN0D0Tzu0SyEyByCtN1L2XzutBtFtBtFtCtFyDtCyDtN1L1Czu1L1C1F1G1H1B1QtDyE&cr=667771447&ir=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Google Mail = C:\Users\Bäcker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe (VIA TECH)
O4 - HKU\S-1-5-21-2566017910-799899612-3597449316-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43156A04-8BE1-4527-B8E6-26BD4CCAEFC3}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{30f20bb4-8cd7-11e2-8e3c-000f1f9d02dc}\Shell - "" = AutoRun
O33 - MountPoints2\{30f20bb4-8cd7-11e2-8e3c-000f1f9d02dc}\Shell\AutoRun\command - "" = G:\Office.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.04 18:37:32 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\Ashampoo
[2013.04.22 22:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013.04.22 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Local\SoftGrid Client
[2013.04.22 18:49:05 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\SoftGrid Client
[2013.04.22 18:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2013.04.22 18:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.04.22 18:44:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.22 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.04.22 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2013.04.22 18:43:31 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\TP
[2013.04.21 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop
[2013.04.21 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Local\CrossLoop
[2013.04.21 15:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader 2
[2013.04.21 15:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.04.21 12:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2013.04.21 12:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.04.19 13:21:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.04.19 13:21:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.04.19 13:20:14 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\pdfforge
[2013.04.19 13:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.04.19 13:20:00 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\Windows\System32\pdfcmon.dll
[2013.04.19 13:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.04.19 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Roaming\OpenCandy
[2013.04.19 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Bäcker\AppData\Local\Programs
========== Files - Modified Within 30 Days ==========
[2013.05.13 20:13:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 20:13:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 20:10:14 | 000,699,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.13 20:10:14 | 000,653,970 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.13 20:10:14 | 000,149,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.13 20:10:14 | 000,121,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.13 20:06:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.13 20:05:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 20:05:41 | 2415,173,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 19:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 19:30:56 | 000,000,176 | ---- | M] () -- C:\Users\Bäcker\defogger_reenable
[2013.05.13 19:24:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.23 08:13:50 | 000,267,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.05.13 19:30:39 | 000,000,176 | ---- | C] () -- C:\Users\Bäcker\defogger_reenable
[2013.04.21 15:33:12 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.04.21 15:09:08 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.04.05 18:26:48 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.04.05 18:26:47 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.04.05 18:20:20 | 000,254,000 | ---- | C] ( ) -- C:\Windows\System32\Audio3D.dll
[2013.04.05 18:20:20 | 000,254,000 | ---- | C] ( ) -- C:\Windows\System32\A3D.dll
[2013.03.27 11:55:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.03.27 11:55:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.03.27 11:53:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2013.03.27 11:53:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013.03.14 20:08:50 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe
[2013.03.14 20:08:50 | 000,012,165 | ---- | C] () -- C:\Windows\unins002.dat
[2013.03.14 20:08:42 | 000,066,560 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2013.03.14 20:08:40 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2013.03.14 20:08:40 | 000,138,752 | ---- | C] () -- C:\Windows\System32\libpng15.dll
[2013.03.14 20:08:38 | 001,187,609 | ---- | C] () -- C:\Windows\unins001.exe
[2013.03.14 20:08:38 | 000,010,926 | ---- | C] () -- C:\Windows\unins001.dat
[2013.03.14 19:51:57 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013.03.14 19:51:57 | 000,007,960 | ---- | C] () -- C:\Windows\unins000.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.05.04 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\Ashampoo
[2013.03.14 20:52:02 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\DAEMON Tools Lite
[2013.04.05 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\DVDVideoSoft
[2013.04.19 13:19:47 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\OpenCandy
[2013.04.19 13:20:14 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\pdfforge
[2013.05.12 23:22:06 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\SoftGrid Client
[2013.04.22 18:47:30 | 000,000,000 | ---D | M] -- C:\Users\Bäcker\AppData\Roaming\TP
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013.04.07 22:08:14 | 001,152,000 | ---- | C] ()(C:\Users\Bäcker\Documents\scream_&_shout#will.i.am?_britney_spears##.m4a) -- C:\Users\Bäcker\Documents\scream_&_shout#will.i.am、_britney_spears##.m4a
[2013.01.04 20:57:42 | 001,152,000 | ---- | M] ()(C:\Users\Bäcker\Documents\scream_&_shout#will.i.am?_britney_spears##.m4a) -- C:\Users\Bäcker\Documents\scream_&_shout#will.i.am、_britney_spears##.m4a
< End of report >
Ich hoffe ich habe bis hier alles richtig gemacht und sag schon mal Danke für eure kompetente Hilfe |
| Themen zu Aol Mailaccount gehackt - Trojaner? |
| adobe reader xi, aol email account, aolaccount geknackt, aswrvrt.sys, autorun, bho, converter, desktop, email, error, fehler, firefox, flash player, format, gehackt-trojaner-wurm-heimlicher zugriff, google, homepage, install.exe, logfile, microsoft office starter 2010, mp3, msiinstaller, plug-in, problem, registry, required, rundll, scan, security, software, tarma, tcp, trojaner, trojaner?, udp, ändern |
Baum-Darstellung