Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Warnung von der Telekom

Warnung von der Telekom


Log-Analyse und Auswertung: Warnung von der Telekom

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.01.2013, 08:45   #1
siogs
 
Warnung von der Telekom - Standard

Warnung von der Telekom


Hallo,
die Telekom hat mir ein Mail gesandt:
Auszug:
sehr geehrter Kunde,,

wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Das bedeutet konkret:
Unbekannte Personen nutzen möglicherweise Ihren Internet-Zugang missbräuchlich. Eventuell sind diesen auch bereits Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt!

Es besteht kein Zweifel daran, dass Ihr Internet-Zugang die Quelle ist, denn bei jeder Einwahl ins Internet wird Ihrem Router eine IP-Adresse zugewiesen. Wir haben verlässlich ermittelt, dass die genannte IP-Adresse zu dem Zeitpunkt Ihrer Zugangsnummer zugeordnet war:

IP: xxxxxxxxxx (die IP Nr entspricht nicht der, die ich habe!!)
Zeitangaben: 28.01.2013, 14:04:35 (MEZ)
Daher habe ich mit meinem Virenprogrammen: Microsoft Security Essentials und Melewarebaytes intensive Suchläufe - ohne Erfolg- durchgeführt.
Daher habe ich nach der Anweisung die entsprechenden Logfiles erstellt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.01.2013 08:07:25 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 40,94% Memory free
5,98 Gb Paging File | 3,99 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,22 Gb Total Space | 125,65 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive E: | 219,67 Gb Total Space | 24,20 Gb Free Space | 11,01% Space Free | Partition Type: NTFS
Drive F: | 9,77 Gb Total Space | 6,61 Gb Free Space | 67,72% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Citrix\GoToMeeting\1083\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\1083\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\1083\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
PRC - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Twonky\TwonkyServer\TwonkyServer.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\DATA BECKER\TWIN7 2.0\DBDefragSrvc.exe ()
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Windows\System32\HPSIsvc.exe (HP)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DATA BECKER\TWIN7 2.0\tw7smartsvc.exe (zoneLink)
PRC - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32api.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\_elementtree.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\_socket.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32ts.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32com.shell.shell.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\pyexpat.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._html2.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32crypt.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._gdi_.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\pythoncom26.dll ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\_ctypes.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32profile.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._misc_.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32security.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\pywintypes26.dll ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\_ssl.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32pdh.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._core_.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\_hashlib.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32process.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._windows_.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._wizard.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32file.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32inet.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\wx._controls_.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\win32event.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\unicodedata.pyd ()
MOD - C:\Users\Peter\AppData\Local\Temp\_MEI50082\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ebd8e7de507b634d15b3e16614270f06\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e6f1669a51fbf73520ae79dca19f005e\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\pcpmngr-18.0.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
MOD - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
MOD - C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll ()
MOD - C:\Program Files\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\MICROS~4\Office14\OUTLCTL.DLL ()
MOD - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
SRV - (TwonkyProxy) -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (TwonkyServer) -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (DriveDefragService) -- C:\Program Files\DATA BECKER\TWIN7 2.0\DBDefragSrvc.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\vmware-authd.exe (VMware, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP)
SRV - (TW7SmartService) -- C:\Program Files\DATA BECKER\TWIN7 2.0\tw7smartsvc.exe (zoneLink)
SRV - (DBService) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (MemeoBackgroundService) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (OkiPar) -- C:\Windows\System32\DRIVERS\OKIPAR.SYS File not found
DRV - (kgloapow) -- C:\Users\Peter\AppData\Local\Temp\kgloapow.sys File not found
DRV - (MpKsl8553529b) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2768BBA-8617-4B32-96C1-0CE7DDFDF503}\MpKsl8553529b.sys (Microsoft Corporation)
DRV - (MpKsl7fd750d9) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2768BBA-8617-4B32-96C1-0CE7DDFDF503}\MpKsl7fd750d9.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (CXPLRCAP) -- C:\Windows\System32\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 33 6B 7B B4 3C CC 01 [binary data]
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4612_5&babsrc=SP_clro&mntrId=94471c4a000000000000001a4b914fb4
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\..\SearchScopes\{8534E58C-499A-474E-A48F-CAD7D98DFED9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE449
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4612_5&babsrc=HP_clro&mntrId=94471c4a000000000000001a4b914fb4"
FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7Bdfefbe51-ca52-484b-adf0-6b158b05262d%7D:2.4.897.175
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Peter\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Peter\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Peter\Music\npAmazonMP3DownloaderPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.16 13:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 14:17:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.09 11:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.22 16:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.16 13:11:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.16 21:11:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 14:17:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.09 11:46:08 | 000,000,000 | ---D | M]
 
[2011.07.08 19:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2013.01.30 17:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions
[2013.01.09 14:00:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.12.06 14:06:32 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2013.01.30 17:55:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.01.12 09:14:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.24 09:15:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.30 19:21:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\ich@maltegoetz.de
[2013.01.17 15:37:20 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\2zxyj3m9.default\extensions\toolbar@web.de
[2011.09.21 15:08:10 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\2zxyj3m9.default\extensions\finder@meingutscheincode.de.xpi
[2012.02.24 14:23:19 | 000,190,619 | ---- | M] () (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\2zxyj3m9.default\extensions\lieferheld@extensions.partneraddons.de.xpi
[2013.01.17 15:37:11 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\2zxyj3m9.default\extensions\toolbar@web.de.xpi
[2012.12.06 11:38:23 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\2zxyj3m9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.11.24 09:15:05 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\2zxyj3m9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.03 10:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.03 10:58:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.03 10:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2012.12.03 10:58:43 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.11.16 21:11:38 | 000,000,000 | ---D | M] (PC Performer Manager) -- C:\PROGRAMDATA\PC PERFORMER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2013.01.20 14:17:26 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.16 21:10:34 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 17:52:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
CHR - Extension: No name found = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\1083\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3947633346-259260690-2598524737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSetting = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CA40A65-677D-4CE9-8A9B-35D1838327C5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{213529D4-7195-479C-B66E-9B81EBE34AB3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B1AD45-DCBA-40B7-939C-D646651973DA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E32575A-3632-41DF-A877-810960809A6F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A7176EA-E9CA-44AD-A453-0EA4359DAD91}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54AB5DE4-EAD1-4E40-BE25-41FBA761419B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B22D8FA-7430-4E54-9D64-030F9516A5E4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E3BD102-F518-4073-9E9B-6728D4F8A455}: DhcpNameServer = 192.168.206.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62C84FCA-61AD-4ABA-9F78-C3CA95EE4CBB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95818D56-9DEF-4DB7-BC0F-3E8477F2D7B9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1421115-CCC4-4781-8569-F41D7B83550D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C543A99A-2CBD-494C-81A4-947697F66993}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75C273B-824F-4B9B-B242-19073F724F80}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4D99A24-D630-4920-98BC-3543C5746BFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC8325C6-40E4-4257-8A44-4312104CDF49}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE18E64-3231-4DA8-849A-9978B1C1BAAF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\pc performer manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.26 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.26 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.23 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Schulung
[2013.01.16 15:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.01.16 14:58:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\Schulung
[2013.01.14 19:09:26 | 000,000,000 | -HSD | C] -- C:\Users\Peter\AppData\Roaming\Common
[2013.01.14 19:09:23 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\DisplayFusion
[2013.01.14 19:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[2013.01.14 19:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayFusion
[2013.01.14 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\DisplayFusion Backups
[2013.01.14 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MMTaskbar
[2013.01.11 09:39:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\KVB-Erstattungsantrag PC
[2013.01.10 14:52:34 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2013.01.10 14:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013.01.10 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Citrix
[2013.01.09 20:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyServer
[2013.01.09 20:14:39 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\TwonkyServer
[2013.01.09 20:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twonky
[2013.01.09 20:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Twonky
[2013.01.08 07:52:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\CyberLink
[2013.01.05 12:08:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Programs
[2012.09.17 16:02:00 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[2012.01.18 16:11:44 | 002,732,656 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmware-remotemks.exe
[2012.01.18 16:11:44 | 000,761,456 | ---- | C] (VMware, Inc.) -- C:\Program Files\vnetlib.exe
[2012.01.18 16:11:44 | 000,157,808 | ---- | C] (VMware, Inc.) -- C:\Program Files\elevated.dll
[2012.01.18 16:11:44 | 000,023,664 | ---- | C] (The GLib developer community) -- C:\Program Files\gmodule-2.0.dll
[2012.01.18 16:11:42 | 001,073,264 | ---- | C] (The GLib developer community) -- C:\Program Files\glib-2.0.dll
[2012.01.18 16:11:42 | 000,070,768 | ---- | C] (The libsigc++ development team (see AUTHORS)) -- C:\Program Files\sigc-2.0.dll
[2012.01.18 16:11:40 | 000,796,272 | ---- | C] (VMware, Inc.) -- C:\Program Files\vixDiskMountApi.dll
[2012.01.18 16:11:40 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnat.exe
[2012.01.18 16:11:40 | 000,333,936 | ---- | C] (VMware, Inc.) -- C:\Program Files\vnetstats.exe
[2012.01.18 16:11:38 | 000,390,768 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmappsdk.dll
[2012.01.18 16:11:38 | 000,180,848 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmware-unity-helper.exe
[2012.01.18 16:11:36 | 015,095,408 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmware-vmx.exe
[2012.01.18 16:11:36 | 000,106,608 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmdkShellExt.dll
[2012.01.18 16:11:36 | 000,068,208 | ---- | C] (VMware, Inc.) -- C:\Program Files\adjperm.dll
[2012.01.18 16:11:34 | 005,326,960 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmapputil.dll
[2012.01.18 16:11:34 | 000,088,176 | ---- | C] (Free Software Foundation) -- C:\Program Files\intl.dll
[2012.01.18 16:11:32 | 000,783,472 | ---- | C] (VMware, Inc.) -- C:\Program Files\vnetlib.dll
[2012.01.18 16:11:32 | 000,417,904 | ---- | C] (VMware, Inc.) -- C:\Program Files\vixDiskMountServer.exe
[2012.01.18 16:11:32 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Program Files\VMnetDHCP.exe
[2012.01.18 16:11:28 | 001,132,144 | ---- | C] (VMware, Inc.) -- C:\Program Files\sysimgbase.dll
[2012.01.18 16:11:26 | 000,348,784 | ---- | C] (VMware, Inc.) -- C:\Program Files\vnetsniffer.exe
[2012.01.18 16:11:26 | 000,051,824 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmwarestring.dll
[2012.01.18 16:11:24 | 004,118,128 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmplayer.exe
[2012.01.18 16:11:22 | 002,984,560 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmware-remotemks-debug.exe
[2012.01.18 16:11:20 | 005,625,968 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnetui.dll
[2012.01.18 16:11:20 | 000,286,832 | ---- | C] (The GLib developer community) -- C:\Program Files\gobject-2.0.dll
[2012.01.18 16:11:18 | 007,942,768 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmwarecui.dll
[2012.01.18 16:11:18 | 004,590,192 | ---- | C] (VMware, Inc.) -- C:\Program Files\gvmomi.dll
[2012.01.18 16:11:18 | 000,572,016 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmappcfg.dll
[2012.01.18 16:11:16 | 000,113,776 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmeventmsg.dll
[2012.01.18 16:11:16 | 000,060,016 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmUpdateLauncher.exe
[2012.01.18 16:11:14 | 001,123,440 | ---- | C] (Free Software Foundation) -- C:\Program Files\iconv.dll
[2012.01.18 16:11:12 | 004,591,216 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmwarewui.dll
[2012.01.18 16:11:12 | 000,284,784 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmdbCOM.dll
[2012.01.18 16:11:12 | 000,246,896 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmclientcore.dll
[2012.01.18 16:11:12 | 000,030,832 | ---- | C] (The GLib developer community) -- C:\Program Files\gthread-2.0.dll
[2012.01.18 16:11:10 | 000,297,584 | ---- | C] (Info-ZIP) -- C:\Program Files\zip.exe
[2012.01.18 16:11:08 | 000,025,584 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmkbd.sys
[2012.01.18 16:10:36 | 000,025,712 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnetUserif.sys
[2012.01.18 14:33:04 | 000,011,264 | ---- | C] (VMware, Inc.) -- C:\Program Files\vprintproxy.exe
[2012.01.18 14:33:02 | 000,930,680 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPView.dll
[2012.01.18 14:33:02 | 000,172,920 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPViewdeu.dll
[2012.01.18 14:33:02 | 000,168,816 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPViewjpn.dll
[2012.01.18 14:33:00 | 000,603,000 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPClnt.dll
[2012.01.18 14:33:00 | 000,116,048 | R--- | C] (ThinPrint GmbH) -- C:\Program Files\TPClnVM.dll
[2012.01.18 14:33:00 | 000,083,264 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPClnRDP.dll
[2012.01.18 14:33:00 | 000,082,848 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPClntloc.dll
[2012.01.18 14:33:00 | 000,082,848 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPClntdeu.dll
[2012.01.18 14:33:00 | 000,078,728 | R--- | C] (ThinPrint AG) -- C:\Program Files\TPClntjpn.dll
[2012.01.18 14:12:08 | 000,440,944 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmPerfmon.dll
[2012.01.18 13:27:24 | 001,025,136 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\libeay32.dll
[2012.01.18 13:27:24 | 000,217,200 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\ssleay32.dll
[2012.01.18 13:27:20 | 000,079,872 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmware-authd.exe
[2012.01.18 13:27:16 | 000,004,096 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmauthd.dll
[2012.01.18 13:27:12 | 004,397,568 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmwarebase.dll
[2012.01.18 13:06:02 | 000,055,408 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnetBridge.dll
[2012.01.18 13:06:02 | 000,049,776 | ---- | C] (VMware, Inc.) -- C:\Program Files\vnetinst.dll
[2012.01.18 13:06:02 | 000,036,464 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnetBridge.sys
[2012.01.18 13:06:02 | 000,019,568 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnet.sys
[2012.01.18 13:06:02 | 000,016,624 | ---- | C] (VMware, Inc.) -- C:\Program Files\vmnetAdapter.sys
[2011.09.15 07:52:52 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe25BA.dll
[2011.08.18 18:43:36 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3072.dll
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 07:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.31 07:44:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.31 07:44:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 07:23:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947633346-259260690-2598524737-1000UA.job
[2013.01.30 21:28:46 | 000,015,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 21:28:46 | 000,015,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 21:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.30 21:19:10 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 19:50:43 | 000,717,602 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.30 19:50:43 | 000,668,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.30 19:50:43 | 000,604,338 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2013.01.30 19:50:43 | 000,156,144 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.30 19:50:43 | 000,126,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 19:50:43 | 000,109,404 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2013.01.30 18:34:39 | 000,000,000 | ---- | M] () -- C:\Users\Peter\defogger_reenable
[2013.01.30 08:23:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947633346-259260690-2598524737-1000Core.job
[2013.01.28 20:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013.01.26 13:12:07 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.26 11:05:40 | 000,201,643 | ---- | M] () -- C:\Users\Peter\Documents\Scan0002.pdf
[2013.01.24 20:07:35 | 000,741,369 | ---- | M] () -- C:\Users\Peter\Documents\Jahresbericht 2012.pdf
[2013.01.22 09:36:38 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector smart recovery.lnk
[2013.01.16 17:19:28 | 000,003,047 | ---- | M] () -- C:\Users\Peter\Desktop\Microsoft Excel 2010.lnk
[2013.01.16 16:41:08 | 000,487,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.16 15:23:15 | 000,001,818 | ---- | M] () -- C:\Users\Peter\Desktop\Google Drive.lnk
[2013.01.16 11:57:45 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.01.16 11:06:36 | 000,001,083 | ---- | M] () -- C:\Users\Peter\Desktop\Synchronisieren (Mobile Master).lnk
[2013.01.16 09:19:13 | 000,001,605 | ---- | M] () -- C:\Users\Peter\Desktop\1.Fa. Weiland - Verknüpfung.lnk
[2013.01.14 19:09:19 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2013.01.11 10:18:41 | 000,007,597 | ---- | M] () -- C:\Users\Peter\AppData\Local\resmon.resmoncfg
[2013.01.10 14:52:34 | 000,001,358 | ---- | M] () -- C:\Users\Peter\Desktop\GoToMeeting.lnk
[2013.01.09 20:14:54 | 000,001,142 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
[2013.01.09 20:14:54 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TwonkyServer.lnk
[2013.01.09 20:14:53 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv7
[2013.01.09 07:57:20 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job
[2013.01.06 11:34:48 | 000,376,089 | ---- | M] () -- C:\Users\Peter\Documents\Scan0001.pdf
[2013.01.05 12:08:53 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.04 14:44:51 | 000,010,495 | ---- | M] () -- C:\Users\Peter\siogs_elster_2048.pfx
[2013.01.03 16:09:30 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.30 18:34:39 | 000,000,000 | ---- | C] () -- C:\Users\Peter\defogger_reenable
[2013.01.26 13:12:07 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.26 11:05:40 | 000,201,643 | ---- | C] () -- C:\Users\Peter\Documents\Scan0002.pdf
[2013.01.24 20:07:34 | 000,741,369 | ---- | C] () -- C:\Users\Peter\Documents\Jahresbericht 2012.pdf
[2013.01.16 17:19:28 | 000,003,047 | ---- | C] () -- C:\Users\Peter\Desktop\Microsoft Excel 2010.lnk
[2013.01.16 15:23:15 | 000,001,818 | ---- | C] () -- C:\Users\Peter\Desktop\Google Drive.lnk
[2013.01.16 11:57:45 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.01.16 11:57:45 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.01.16 09:19:13 | 000,001,605 | ---- | C] () -- C:\Users\Peter\Desktop\1.Fa. Weiland - Verknüpfung.lnk
[2013.01.14 19:09:19 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2013.01.10 14:52:34 | 000,001,358 | ---- | C] () -- C:\Users\Peter\Desktop\GoToMeeting.lnk
[2013.01.09 20:14:54 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
[2013.01.09 20:14:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TwonkyServer.lnk
[2013.01.09 20:14:53 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2013.01.06 11:34:48 | 000,376,089 | ---- | C] () -- C:\Users\Peter\Documents\Scan0001.pdf
[2013.01.04 14:44:38 | 000,010,495 | ---- | C] () -- C:\Users\Peter\siogs_elster_2048.pfx
[2013.01.03 16:03:31 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2012.11.19 10:14:15 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.11.14 08:47:03 | 000,000,875 | ---- | C] () -- C:\Users\Peter\AppData\Local\recently-used.xbel
[2012.10.01 09:47:53 | 000,004,096 | -H-- | C] () -- C:\Users\Peter\AppData\Local\keyfile3.drm
[2012.08.29 18:07:25 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2012.08.29 18:07:24 | 000,604,338 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2012.08.29 18:07:24 | 000,109,404 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2012.08.29 18:07:24 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2012.05.15 19:07:10 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.05.15 19:07:10 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.05.15 19:07:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2012.05.15 18:50:10 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.05.15 18:50:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.03.15 08:15:05 | 000,144,496 | ---- | C] () -- C:\Program Files\liblber.dll
[2012.03.15 08:14:59 | 000,329,328 | ---- | C] () -- C:\Program Files\libcurl.dll
[2012.03.15 08:05:34 | 000,644,720 | ---- | C] () -- C:\Program Files\glibmm-2.4.dll
[2012.03.15 08:05:23 | 001,229,424 | ---- | C] () -- C:\Program Files\libxml2.dll
[2012.03.15 08:05:20 | 000,122,992 | ---- | C] () -- C:\Program Files\libcds.dll
[2012.03.15 08:05:14 | 000,102,000 | ---- | C] () -- C:\Program Files\xmlrpc.dll
[2012.03.15 08:05:04 | 000,297,072 | ---- | C] () -- C:\Program Files\libldap.dll
[2012.03.15 08:04:55 | 000,317,552 | ---- | C] () -- C:\Program Files\libldap_r.dll
[2012.02.29 12:20:55 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.28 18:49:34 | 000,038,792 | ---- | C] () -- C:\Windows\System32\c1regsvr.exe
[2012.01.18 16:11:42 | 000,039,536 | ---- | C] () -- C:\Program Files\xmlparse.dll
[2012.01.18 16:11:38 | 000,069,232 | ---- | C] () -- C:\Program Files\zlib1.dll
[2012.01.18 16:11:36 | 000,431,824 | ---- | C] () -- C:\Program Files\mkisofs.exe
[2012.01.18 16:11:16 | 000,076,400 | ---- | C] () -- C:\Program Files\xmltok.dll
[2012.01.18 16:10:18 | 000,004,381 | ---- | C] () -- C:\Program Files\netbridge.inf
[2012.01.18 16:10:12 | 009,609,648 | R--- | C] () -- C:\Program Files\icudt44l.dat
[2012.01.18 16:10:10 | 000,035,818 | R--- | C] () -- C:\Program Files\vm-support.vbs
[2012.01.18 16:10:08 | 000,629,556 | R--- | C] () -- C:\Program Files\mozilla-root-certs.crt
[2012.01.18 16:10:08 | 000,000,460 | R--- | C] () -- C:\Program Files\tools-key.pub
[2012.01.18 16:10:08 | 000,000,000 | ---- | C] () -- C:\Program Files\vmnetmgr.dll
[2012.01.18 16:10:04 | 000,044,656 | R--- | C] () -- C:\Program Files\LearnMore.jp.html
[2012.01.18 16:10:02 | 000,716,214 | R--- | C] () -- C:\Program Files\EULA.jp.rtf
[2012.01.18 16:10:02 | 000,078,194 | R--- | C] () -- C:\Program Files\EULA.rtf
[2012.01.18 16:10:02 | 000,022,809 | R--- | C] () -- C:\Program Files\LearnMore.html
[2012.01.18 15:35:08 | 061,898,752 | ---- | C] () -- C:\Program Files\windows.iso
[2012.01.18 15:35:08 | 000,000,256 | ---- | C] () -- C:\Program Files\windows.iso.sig
[2012.01.18 14:12:06 | 000,002,962 | R--- | C] () -- C:\Program Files\vmPerfmon.ini
[2012.01.18 14:12:06 | 000,000,789 | R--- | C] () -- C:\Program Files\vmPerfmon.h
[2012.01.18 13:06:02 | 000,013,108 | ---- | C] () -- C:\Program Files\netadapter.inf
[2012.01.18 13:06:02 | 000,009,136 | ---- | C] () -- C:\Program Files\vmnetadapter.cat
[2012.01.18 13:06:02 | 000,008,406 | ---- | C] () -- C:\Program Files\vmnetbridge.cat
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.07 11:03:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012.01.07 11:02:59 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2012.01.07 11:02:58 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012.01.07 11:02:58 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011.12.12 14:46:17 | 000,000,021 | ---- | C] () -- C:\Users\Peter\AppData\Local\mc.pixel.data
[2011.11.08 16:02:53 | 000,017,280 | ---- | C] () -- C:\Users\Peter\BLUNK_E7H.ECR
[2011.11.07 20:18:53 | 000,000,364 | ---- | C] () -- C:\Windows\PcTool.ini
[2011.11.07 19:35:14 | 000,000,364 | ---- | C] () -- C:\Windows\System32\PcTool.ini
[2011.08.23 11:19:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.17 19:16:50 | 000,245,207 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011.08.17 19:16:50 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.08.01 09:20:38 | 000,007,597 | ---- | C] () -- C:\Users\Peter\AppData\Local\resmon.resmoncfg
[2011.07.16 19:38:06 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.07.12 11:13:49 | 000,008,704 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 13:00:26 | 000,386,560 | ---- | C] () -- C:\Windows\System32\mmSQL.dll
[2011.07.09 18:02:51 | 000,037,069 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.07.09 17:53:27 | 000,037,043 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.07.08 16:35:15 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2011.07.08 12:31:45 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.08 12:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.07 16:33:51 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.09.07 16:10:35 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Tobit
[2011.09.07 16:10:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WD
[2012.06.23 14:36:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Amazon
[2012.12.22 12:04:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Audacity
[2012.01.25 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG
[2012.11.16 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Babylon
[2012.07.17 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\becker
[2012.02.22 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\bsnes
[2012.11.28 14:15:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Cakewalk
[2011.07.11 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canneverbe Limited
[2013.01.14 19:09:26 | 000,000,000 | -HSD | M] -- C:\Users\Peter\AppData\Roaming\Common
[2012.09.26 08:06:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\convert
[2012.09.11 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DataDesign
[2013.01.14 19:09:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DisplayFusion
[2012.09.07 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Downloaded Installations
[2011.07.21 14:27:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Engelmann Media
[2012.08.06 21:34:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\EurekaLog
[2013.01.28 17:23:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2012.01.15 20:35:31 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GetRightToGo
[2012.11.20 09:25:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GHISLER
[2012.02.22 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\HDX4 GmbH
[2011.07.09 16:03:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\inkscape
[2011.09.23 06:58:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Jumping Bytes
[2013.01.16 11:02:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mobile Master
[2011.08.21 17:25:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mp3DirectCut
[2011.12.16 11:46:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2011.07.11 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenCandy
[2011.08.18 07:31:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2012.11.18 11:08:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PerformerSoft
[2012.07.30 07:10:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PixelPlanet
[2013.01.09 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ProtectDisc
[2011.09.08 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Quark
[2013.01.17 10:36:08 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TeamViewer
[2012.05.02 06:58:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Thunderbird
[2012.07.13 08:54:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Tobit
[2012.11.19 10:48:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TW7Booster
[2013.01.09 20:14:39 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TwonkyServer
[2012.06.22 12:41:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\UltraMixer
[2011.07.09 15:56:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\WD
[2012.01.11 08:56:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Windows Live Writer
[2012.12.01 12:04:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Wondershare
[2012.11.12 15:18:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\XnView
[2012.01.20 14:27:27 | 000,000,000 | ---D | M] -- C:\Users\Peter_Internet\AppData\Roaming\Tobit
[2012.01.20 14:27:25 | 000,000,000 | ---D | M] -- C:\Users\Peter_Internet\AppData\Roaming\WD
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 07:52:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD5000BEVT-00A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Peter\AppData\Local\Temp\kgloapow.sys
 
 
---- System - GMER 2.0 ----
 
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x8344DFEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8344DFEC] ZwCreateKey [0x8344DFEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x8344DFF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8344DFF1] ZwOpenKey [0x8344DFF1]
 
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 8344DFFB
 
---- Kernel code sections - GMER 2.0 ----
 
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8348AA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C44D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 834CB5F4 3 Bytes [EC, DF, 44]
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 834CB7B4 3 Bytes [F1, DF, 44]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9B9E269D]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0xB2E0D000, 0x48E1C, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0xB2E63224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0xB2E63000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xB2E79400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB2F03C20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB2F03C20]
.protectÿÿÿÿhardlockunknown last code section [0xB2F03A00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xB2F03A00, 0x50CA, 0xE0000020]
.text user32.dll!DialogBoxParamW 76143B9B 5 Bytes [E9, 90, 08, 27, F1] {JMP 0xf1270895}
 
---- User code sections - GMER 2.0 ----
 
.text C:\Windows\system32\taskhost.exe[1876] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Windows\system32\Dwm.exe[1932] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Windows\Explorer.EXE[1968] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2056] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text ... 
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!SetScrollRange 76128EC5 5 Bytes JMP 10090DF0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!DefWindowProcA 7612BB1C 7 Bytes JMP 10054ED0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!GetSysColorBrush 7612F1ED 5 Bytes JMP 10083A90 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!GetScrollInfo 76132DA3 7 Bytes JMP 10090CC0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!SetScrollInfo 761348DA 7 Bytes JMP 10090D70 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!GetSysColor 7613DB7A 5 Bytes JMP 10083A50 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!DrawFrameControl 7614B4F9 7 Bytes JMP 10081650 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!GetScrollRange 7615045A 5 Bytes JMP 10090D30 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!SetScrollPos 761504BE 5 Bytes JMP 10090DB0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!GetScrollPos 76150E43 5 Bytes JMP 10090D00 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!EnableScrollBar 761519CE 7 Bytes JMP 10090C80 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!EndDialog 76153BA3 5 Bytes JMP 10054EB0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[2812] USER32.dll!ShowScrollBar 76153C89 5 Bytes JMP 10090E40 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[2860] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Citrix\GoToMeeting\1083\g2mstart.exe[2888] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[3340] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[3520] kernel32.dll!SetUnhandledExceptionFilter 76B2F4FB 5 Bytes JMP 00642C40 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Users\Peter\Downloads\gmer_2.0.18454.exe[4792] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4912] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\DisplayFusion\DisplayFusion.exe[5000] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe[5080] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text C:\Program Files\Twonky\TwonkyServer\twonkytray.exe[5100] USER32.dll!DialogBoxParamW 76143B9B 5 Bytes JMP 673B4430 C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
.text ... 
 
---- Registry - GMER 2.0 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b83d0fb 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b83d0fb@d4889062401d 0xFB 0xD2 0x08 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b83d0fb@001620d49eed 0xA2 0x76 0x2F 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b83d0fb (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b83d0fb@d4889062401d 0xFB 0xD2 0x08 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b83d0fb@001620d49eed 0xA2 0x76 0x2F 0xBF ...
 
---- EOF - GMER 2.0 ----
--- --- ---
 

Themen zu Warnung von der Telekom
adblock, adobe, adware.agent, avg, avg secure search, becker, bho, bluestacks, bonjour, defender, desktop, explorer, flash player, heuristics.shuriken, kreditkarte, kunde, performer, plug-in, pup.bundleinstaller.bi, pup.bundleoffer.downloader.s, pup.installbrain, pup.loadtubes, pup.offerbundler.st, pup.smspay.pgen, registry, secunia psi, secure search, security, senden, software, spyware.onlinegames, taskhost.exe, telekom abuse team, warnung, windows


« Scarevirus und Bootsektorvirus | ZIP-Datei aus Email geöffnet, seitdem spinnt Task-Manager. Trojaner eingefangen? »


Ähnliche Themen: Warnung von der Telekom


  1. Telekom Schreiben Trojaner Warnung
    Plagegeister aller Art und deren Bekämpfung - 28.05.2015 (27)
  2. Warnung von Telekom bezüglich Trojaner/Botnet Infektion :(
    Log-Analyse und Auswertung - 10.04.2015 (5)
  3. Windows 7: Warnung vor Trojaner durch Telekom
    Log-Analyse und Auswertung - 01.02.2015 (7)
  4. Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung)
    Log-Analyse und Auswertung - 19.12.2014 (5)
  5. Trojaner-Warnung: falsche TELEKOM Mobilfunk-Rechnungen
    Diskussionsforum - 12.11.2014 (0)
  6. Trojaner-Warnung: Telekom Rechnungen für den Monat November 2014
    Diskussionsforum - 11.11.2014 (0)
  7. Trojaner-Warnung: Telekom E-Mail mit “Rechnung Online Monat Mai oder Juni 2014”
    Diskussionsforum - 10.06.2014 (0)
  8. Telekom Deutschland GmbH Spam: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden
    Diskussionsforum - 17.01.2014 (15)
  9. Brief von der Telekom: Warnung vor Hacking von unserem Account (Schadsoftware?)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (29)
  10. Trojaner Warnung von der Telekom
    Log-Analyse und Auswertung - 09.09.2013 (9)
  11. CITADEL Warnung von Telekom erhalten
    Log-Analyse und Auswertung - 16.07.2013 (1)
  12. Des Dramas zweiter Teil: Warnung der Telekom vor Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (8)
  13. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  14. Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (2)
  15. ZeuS/ZBot Telekom Warnung OTL Log files
    Log-Analyse und Auswertung - 17.04.2013 (21)
  16. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  17. Keine websearch in Firefox & IE: syntax error hxxp://johndoeppctest.com/ads_prod; (Warnung Telekom)
    Log-Analyse und Auswertung - 05.06.2011 (20)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Warnung von der Telekom - Hallo, die Telekom hat mir ein Mail gesandt: Auszug: sehr geehrter Kunde,, wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte - Warnung von der Telekom...
Archiv
Du betrachtest: Warnung von der Telekom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19