Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Email von Telekom-Abuse-Team | Log-File anbei

Email von Telekom-Abuse-Team | Log-File anbei


Log-Analyse und Auswertung: Email von Telekom-Abuse-Team | Log-File anbei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.02.2013, 00:14   #1
ApricotX
 
Email von Telekom-Abuse-Team | Log-File anbei - Standard

Email von Telekom-Abuse-Team | Log-File anbei


Hallo zusammen,
ich habe mich nun mal durch etliche Seiten gelesen und hoffe, dass ich nun alles korrekt mache.

Ich hatte eine Email von der Telekom bekommen mit folgenden Inhalt (gekürzt):

Code:
ATTFilter
wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Das bedeutet konkret:
Unbekannte Personen nutzen möglicherweise Ihren Internet-Zugang missbräuchlich. Eventuell sind diesen auch bereits Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt!
.....
Zur Präzisierung, was passiert ist: An Ihrem Internetzugang wurde ein sogenannter "Open Resolver" festgestellt. Hierbei handelt es sich um einen auf einem Ihrer Geräte betriebenen Nameserver.
Die Echtheit der Mail vom Telekom-Abuse Team wurde mir telefonisch bestätigt.
Ich stehe auch aktuell im Kontakt zu denen per Email.

Ich hoffe jedoch, von hier auch Hilfe zu bekommen.
So, hier nun die nötigen Log-Files:

DeFogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:20 on 08/02/2013 (GG)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL (wobei bei mir nur die OTL.TXT generiert wird und keine Extra.txt):
Code:
ATTFilter
OTL logfile created on: 08.02.2013 23:35:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,65% Memory free
7,99 Gb Paging File | 6,93 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 60,95 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 65,33 Gb Total Space | 21,14 Gb Free Space | 32,36% Space Free | Partition Type: NTFS
Drive E: | 400,33 Gb Total Space | 55,54 Gb Free Space | 13,87% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 104,95 Gb Free Space | 35,21% Space Free | Partition Type: NTFS
 
Computer Name: GG-PC | User Name: GG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (OKI OPHJ DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OKI OPHJ DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHJLDCS.EXE (Oki Data Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 15 16 22 5C 04 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.01.15 22:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.08 19:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.08 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GG\AppData\Roaming\mozilla\Extensions
[2013.01.08 19:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.8_1\
CHR - Extension: YouTube = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: SearchPreview = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.8_0\
CHR - Extension: LastPass = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: TabJump - Intelligenter Tab-Navigator = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\
CHR - Extension: Downloads = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Bubble Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf\1.5_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: dict-cc = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\
CHR - Extension: Google Plus News, Blogs, Tips & Updates = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifkacmmanhigddiffpdffnfnmjdiho\3_0\
CHR - Extension: Robot Theme, inspired by Android\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11.1_0\
CHR - Extension: Google Mail = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [StrokeIt] C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe ()
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.08 23:08:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.07 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Malwarebytes
[2013.02.07 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 12:41:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 12:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.06 11:40:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.02.06 11:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2013.02.06 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Whiteboard
[2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Presenter
[2013.02.05 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013.02.05 09:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.04 20:33:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\HD_Speed_ENG
[2013.02.04 20:33:20 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\h2testw_1.4
[2013.02.04 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Tools&More
[2013.01.29 10:29:32 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013.01.29 10:29:32 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013.01.29 10:29:32 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013.01.29 10:29:30 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013.01.29 10:29:30 | 000,031,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys
[2013.01.29 10:29:09 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013.01.29 10:29:08 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013.01.29 10:29:08 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013.01.29 10:29:04 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013.01.29 10:29:03 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013.01.29 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2013.01.29 10:09:04 | 000,000,000 | ---D | C] -- C:\Virtualisation
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\VMware
[2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013.01.29 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.28 13:36:18 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Nero
[2013.01.28 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Nero
[2013.01.28 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.01.28 12:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.01.28 12:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.01.28 12:19:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.25 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Programs
[2013.01.25 23:48:56 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.25 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.01.21 15:57:03 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Steuer-Sparbuch
[2013.01.21 15:39:16 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.01.21 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl Data Service
[2013.01.21 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl
[2013.01.21 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO
[2013.01.21 15:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.01.21 15:12:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Neuer Ordner
[2013.01.17 21:04:32 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\vlc
[2013.01.17 21:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.16 20:40:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Skype
[2013.01.16 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.16 20:40:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.16 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.15 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Splashtop
[2013.01.15 23:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.01.15 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.01.15 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}
[2013.01.15 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2013.01.15 23:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.15 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.01.14 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.14 22:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2013.01.14 22:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2013.01.14 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\ElevatedDiagnostics
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician
[2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.13 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:23:45 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.13 00:22:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
[2013.01.13 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
[2013.01.13 00:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
[2013.01.12 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.12 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.12 23:52:08 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2013.01.12 23:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.01.12 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Adobe
[2013.01.12 23:45:53 | 000,000,000 | R--D | C] -- C:\Users\GG\Documents
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.12 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\TeamViewer
[2013.01.12 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Okidata
[2013.01.12 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Okidata
[2013.01.12 17:37:05 | 000,158,208 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPDMN075.DLL
[2013.01.11 00:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.01.11 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.10 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 23:33:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 23:33:32 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.08 23:23:42 | 000,365,568 | ---- | M] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | M] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:18 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.08 23:08:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2013.02.08 23:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.02.08 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.08 22:41:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 21:54:50 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.08 21:54:50 | 000,656,612 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.08 21:54:50 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.08 21:54:50 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.08 21:54:50 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.08 11:06:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.02.07 12:41:21 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.06 11:40:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe
[2013.01.29 10:29:00 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 09:57:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013.01.25 21:23:31 | 000,001,059 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.23 19:21:42 | 000,000,026 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.21 15:48:55 | 000,000,547 | ---- | M] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 23:20:23 | 000,415,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.14 22:47:55 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 16:14:13 | 000,001,763 | ---- | M] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.11 00:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.08 23:23:41 | 000,365,568 | ---- | C] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe
[2013.02.08 23:19:09 | 000,000,000 | ---- | C] () -- C:\Users\GG\defogger_reenable
[2013.02.08 23:15:17 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2013.02.07 12:41:21 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.29 09:57:44 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013.01.29 09:57:42 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.25 23:56:19 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
[2013.01.25 23:56:19 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
[2013.01.21 15:37:57 | 000,000,547 | ---- | C] () -- C:\Windows\wiso.ini
[2013.01.21 15:37:55 | 000,002,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.21 15:12:56 | 000,001,763 | ---- | C] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk
[2013.01.15 23:29:52 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\DirComp.lnk
[2013.01.15 22:52:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.01.15 22:42:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.01.14 22:47:55 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2013.01.14 22:41:44 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2013.01.13 14:58:22 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.01.13 14:58:22 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.01.12 23:06:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.12 17:44:39 | 000,000,026 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat
[2013.01.11 00:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013.01.11 00:51:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.01.10 21:47:52 | 000,001,059 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.08 18:33:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.21 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Buhl Data Service
[2013.02.08 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Dropbox
[2013.01.15 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\FreeFileSync
[2013.01.25 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Mp3tag
[2013.01.13 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Rainmeter
[2013.01.08 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TCB Networks
[2013.01.12 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 

< End of report >
Gmer.txt:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 23:51:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\GG\AppData\Local\Temp\pxddqpoc.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074c71401 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074c71419 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074c71431 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074c7144a 2 bytes [C7, 74]
.text  ...                                                                                                                                         * 9
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074c714dd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074c714f5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074c7150d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074c71525 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074c7153d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074c71555 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074c7156d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074c71585 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074c7159d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074c715b5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074c715cd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074c716b2 2 bytes [C7, 74]
.text  C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074c716bd 2 bytes [C7, 74]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                   0000000071d413b0 2 bytes [D4, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                  0000000071d413c0 2 bytes [D4, 71]
.text  ...                                                                                                                                         * 20
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                  0000000071d4153e 2 bytes [D4, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                  0000000071d41553 2 bytes [D4, 71]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17             0000000074c71401 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17               0000000074c71419 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17             0000000074c71431 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42             0000000074c7144a 2 bytes [C7, 74]
.text  ...                                                                                                                                         * 9
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                0000000074c714dd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17         0000000074c714f5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                0000000074c7150d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17         0000000074c71525 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17               0000000074c7153d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000074c71555 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17             0000000074c7156d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17               0000000074c71585 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  0000000074c7159d 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17               0000000074c715b5 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17             0000000074c715cd 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20         0000000074c716b2 2 bytes [C7, 74]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31         0000000074c716bd 2 bytes [C7, 74]

---- EOF - GMER 2.0 ----

Mit Microsoft Security Essentials habe ich auch einen Scan durchlaufen lassen mit folgendem Ergebnis:

Code:
ATTFilter
Exploit:JS/Blacole.HI
D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm)

Exploit:Java/Blacole.GL
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class

Exploit:Java/CVE-2012-1723
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class

Exploit:Java/Bacole.GM
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class

Exploit:Java/CVE-2012-1723.gen!A
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class

Hierzu muss ich sagen, dass alle Funde auf der D Festplatte liegen, welche ich nicht als Windows Partition verwende. Die Windows Partition ist C. Dort wurde auch nichts verdächtiges gefunden.
Zwar ist auf der D auch ein Betriebssystem vorhanden (auch Bootbar), jedoch verwende ich diese aktuell nicht.

Weiterhin handelt es sich beim Speicherort der gefundenen Exploits um Cache bzw. Temporarly-Internet-Files Verzeichnisse.

Malwarebytes hat nichts verdächtiges gefunden.

Ich bin jetzt nämlich etwas verwirrt. Ist nun was mit meinem PC? Hab ich was drauf? Ich meine, die T-Com schickt ja nicht aus Spaß solche Mails. Da muss ja dann konkret was vorgefallen sein. Sie gaben mir sogar ein Datum mit Uhrzeit wann das war. Zu der Zeit war ich nicht am Rechner (zumindest würde ich das mit 80%-iger Sicherheit sagen).

Rechner neu aufsetzen? Oder ist er nun clean? Schwierig schwierig.

Ich hoffe, ich habe alle Infos entsprechend den Vorgaben gemacht und nichts vergessen.
Ich bedanke mich schon mal recht herzlich für die Mühe und die Hilfe.

Viele Grüße

 

Themen zu Email von Telekom-Abuse-Team | Log-File anbei
adblock, antivirus, autorun, bho, browser, email, exploit:java/blacole.gl, exploit:js/blacole.hi, festplatte, flash player, format, helper, hijack, homepage, hängen, jdownloader, karte, kreditkarte, neu aufsetzen, object, realtek, registry, robot, security, sicherheit, software, starmoney, windows


« Virustotal false positive bei CCleaner ccsetup327.exe ? | aswMBR Log »


Ähnliche Themen: Email von Telekom-Abuse-Team | Log-File anbei


  1. Email vom Telekom-Abuse Team mit Hinweis auf Trojaner gozi2
    Log-Analyse und Auswertung - 20.10.2015 (11)
  2. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  3. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  4. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  5. Zeus Trojaner eingefangen lt. email vom Abuse-Team der Telekom!
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (10)
  6. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  7. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  9. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  10. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  11. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  12. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  13. Brief von Telekom Abuse Team wegen Verdachts auf Hacking
    Log-Analyse und Auswertung - 14.07.2013 (24)
  14. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  15. Email vom Telekom Abuse Team: Zugriff auf fremde Rechner über meinen Internet-Anschluss
    Log-Analyse und Auswertung - 11.06.2013 (8)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Email von Telekom-Abuse-Team | Log-File anbei - Hallo zusammen, ich habe mich nun mal durch etliche Seiten gelesen und hoffe, dass ich nun alles korrekt mache. Ich hatte eine Email von der Telekom bekommen mit folgenden Inhalt - Email von Telekom-Abuse-Team | Log-File anbei...
Archiv
Du betrachtest: Email von Telekom-Abuse-Team | Log-File anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131