ApricotX | 09.02.2013 00:14 | Email von Telekom-Abuse-Team | Log-File anbei Hallo zusammen,
ich habe mich nun mal durch etliche Seiten gelesen und hoffe, dass ich nun alles korrekt mache.
Ich hatte eine Email von der Telekom bekommen mit folgenden Inhalt (gekürzt): Code:
wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Das bedeutet konkret:
Unbekannte Personen nutzen möglicherweise Ihren Internet-Zugang missbräuchlich. Eventuell sind diesen auch bereits Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt!
.....
Zur Präzisierung, was passiert ist: An Ihrem Internetzugang wurde ein sogenannter "Open Resolver" festgestellt. Hierbei handelt es sich um einen auf einem Ihrer Geräte betriebenen Nameserver. Die Echtheit der Mail vom Telekom-Abuse Team wurde mir telefonisch bestätigt.
Ich stehe auch aktuell im Kontakt zu denen per Email.
Ich hoffe jedoch, von hier auch Hilfe zu bekommen.
So, hier nun die nötigen Log-Files:
DeFogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:20 on 08/02/2013 (GG)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- OTL (wobei bei mir nur die OTL.TXT generiert wird und keine Extra.txt): Code:
OTL logfile created on: 08.02.2013 23:35:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,65% Memory free
7,99 Gb Paging File | 6,93 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 60,95 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 65,33 Gb Total Space | 21,14 Gb Free Space | 32,36% Space Free | Partition Type: NTFS
Drive E: | 400,33 Gb Total Space | 55,54 Gb Free Space | 13,87% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 104,95 Gb Free Space | 35,21% Space Free | Partition Type: NTFS
Computer Name: GG-PC | User Name: GG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (OKI OPHJ DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OKI OPHJ DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 15 16 22 5C 04 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.01.15 22:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.08 19:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.01.08 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GG\AppData\Roaming\mozilla\Extensions
[2013.01.08 19:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.8_1\
CHR - Extension: YouTube = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: SearchPreview = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.8_0\
CHR - Extension: LastPass = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: TabJump - Intelligenter Tab-Navigator = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\
CHR - Extension: Downloads = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Bubble Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf\1.5_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: dict-cc = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\
CHR - Extension: Google Plus News, Blogs, Tips & Updates = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifkacmmanhigddiffpdffnfnmjdiho\3_0\
CHR - Extension: Robot Theme, inspired by Android\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11.1_0\
CHR - Extension: Google Mail = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [StrokeIt] C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe ()
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.08 23:08:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.07 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Malwarebytes
[2013.02.07 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 12:41:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 12:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.06 11:40:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.02.06 11:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2013.02.06 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Whiteboard
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Presenter
[2013.02.05 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013.02.05 09:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.04 20:33:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\HD_Speed_ENG
[2013.02.04 20:33:20 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\h2testw_1.4
[2013.02.04 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Tools&More
[2013.01.29 10:29:32 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013.01.29 10:29:32 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013.01.29 10:29:32 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013.01.29 10:29:30 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013.01.29 10:29:30 | 000,031,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys
[2013.01.29 10:29:09 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013.01.29 10:29:08 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013.01.29 10:29:08 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013.01.29 10:29:04 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013.01.29 10:29:03 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013.01.29 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2013.01.29 10:09:04 | 000,000,000 | ---D | C] -- C:\Virtualisation
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\VMware
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013.01.29 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.28 13:36:18 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Nero
[2013.01.28 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Nero
[2013.01.28 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.01.28 12:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.01.28 12:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.01.28 12:19:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.25 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Programs
[2013.01.25 23:48:56 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.25 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.01.21 15:57:03 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Steuer-Sparbuch
[2013.01.21 15:39:16 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.01.21 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl Data Service
[2013.01.21 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl
[2013.01.21 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO
[2013.01.21 15:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.01.21 15:12:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Neuer Ordner
[2013.01.17 21:04:32 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\vlc
[2013.01.17 21:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.16 20:40:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Skype
[2013.01.16 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.16 20:40:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.16 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.15 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Splashtop
[2013.01.15 23:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.01.15 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.01.15 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}
[2013.01.15 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2013.01.15 23:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.15 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.01.14 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.14 22:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2013.01.14 22:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2013.01.14 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\ElevatedDiagnostics
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.13 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:23:45 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.13 00:22:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.12 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.12 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.12 23:52:08 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2013.01.12 23:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.01.12 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Adobe
[2013.01.12 23:45:53 | 000,000,000 | R--D | C] -- C:\Users\GG\Documents
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.12 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\TeamViewer
[2013.01.12 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Okidata
[2013.01.12 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Okidata
[2013.01.12 17:37:05 | 000,158,208 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPDMN075.DLL
[2013.01.11 00:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.01.11 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.10 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Dropbox
========== Files - Modified Within 30 Days ==========
[2013.02.08 23:33:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 23:33:32 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.08 23:23:42 | 000,365,568 | ---- | M] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | M] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:18 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.08 23:08:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.08 23:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.02.08 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.08 22:41:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 21:54:50 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.08 21:54:50 | 000,656,612 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.08 21:54:50 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.08 21:54:50 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.08 21:54:50 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.08 11:06:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.02.07 12:41:21 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.06 11:40:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.01.29 10:29:00 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 09:57:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013.01.25 21:23:31 | 000,001,059 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.23 19:21:42 | 000,000,026 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.21 15:48:55 | 000,000,547 | ---- | M] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 23:20:23 | 000,415,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.14 22:47:55 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 16:14:13 | 000,001,763 | ---- | M] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.11 00:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
========== Files Created - No Company Name ==========
[2013.02.08 23:23:41 | 000,365,568 | ---- | C] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | C] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:17 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.07 12:41:21 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.29 09:57:44 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013.01.29 09:57:42 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.25 23:56:19 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.01.25 23:56:19 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.01.21 15:37:57 | 000,000,547 | ---- | C] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.21 15:12:56 | 000,001,763 | ---- | C] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 22:52:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.01.15 22:42:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.01.14 22:47:55 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 22:41:44 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2013.01.13 14:58:22 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.01.13 14:58:22 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.12 17:44:39 | 000,000,026 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.11 00:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.01.10 21:47:52 | 000,001,059 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.08 18:33:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.01.21 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.02.08 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Dropbox
[2013.01.15 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.25 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.13 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Rainmeter
[2013.01.08 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TCB Networks
[2013.01.12 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TeamViewer
========== Purity Check ==========
< End of report > Gmer.txt: Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 23:51:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\GG\AppData\Local\Temp\pxddqpoc.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c71401 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c71419 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c71431 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c7144a 2 bytes [C7, 74]
.text ... * 9
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c714dd 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c714f5 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c7150d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c71525 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c7153d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c71555 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c7156d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c71585 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c7159d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c715b5 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c715cd 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c716b2 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c716bd 2 bytes [C7, 74]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000071d413b0 2 bytes [D4, 71]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000071d413c0 2 bytes [D4, 71]
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000071d4153e 2 bytes [D4, 71]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000071d41553 2 bytes [D4, 71]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c71401 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c71419 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c71431 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c7144a 2 bytes [C7, 74]
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c714dd 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c714f5 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c7150d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c71525 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c7153d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c71555 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c7156d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c71585 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c7159d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c715b5 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c715cd 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c716b2 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c716bd 2 bytes [C7, 74]
---- EOF - GMER 2.0 ----
Mit Microsoft Security Essentials habe ich auch einen Scan durchlaufen lassen mit folgendem Ergebnis: Code:
Exploit:JS/Blacole.HI
D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm)
Exploit:Java/Blacole.GL
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class
Exploit:Java/CVE-2012-1723
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class
Exploit:Java/Bacole.GM
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class
Exploit:Java/CVE-2012-1723.gen!A
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class
Hierzu muss ich sagen, dass alle Funde auf der D Festplatte liegen, welche ich nicht als Windows Partition verwende. Die Windows Partition ist C. Dort wurde auch nichts verdächtiges gefunden.
Zwar ist auf der D auch ein Betriebssystem vorhanden (auch Bootbar), jedoch verwende ich diese aktuell nicht.
Weiterhin handelt es sich beim Speicherort der gefundenen Exploits um Cache bzw. Temporarly-Internet-Files Verzeichnisse.
Malwarebytes hat nichts verdächtiges gefunden.
Ich bin jetzt nämlich etwas verwirrt. Ist nun was mit meinem PC? Hab ich was drauf? Ich meine, die T-Com schickt ja nicht aus Spaß solche Mails. Da muss ja dann konkret was vorgefallen sein. Sie gaben mir sogar ein Datum mit Uhrzeit wann das war. Zu der Zeit war ich nicht am Rechner (zumindest würde ich das mit 80%-iger Sicherheit sagen).
Rechner neu aufsetzen? Oder ist er nun clean? Schwierig schwierig.
Ich hoffe, ich habe alle Infos entsprechend den Vorgaben gemacht und nichts vergessen.
Ich bedanke mich schon mal recht herzlich für die Mühe und die Hilfe.
Viele Grüße |