| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gema-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2012, 10:25
| #1 |
 |  Gema-Trojaner Hallo, habe schon den OTLPEN Scan laufen lassen, wie im Thread vorher beschrieben. OTL Log-File ergibt folgendes: OTL logfile created on: 3/19/2012 10:52:15 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19.53 Gb Total Space | 2.11 Gb Free Space | 10.82% Space Free | Partition Type: NTFS Drive D: | 39.06 Gb Total Space | 18.06 Gb Free Space | 46.24% Space Free | Partition Type: NTFS Drive E: | 15.96 Gb Total Space | 2.19 Gb Free Space | 13.72% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/02/18 11:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/12/08 09:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/08/27 12:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008/08/07 06:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2004/09/29 07:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | Boot] -- -- (m5289) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/02/15 13:09:14 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/10/11 09:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/07/30 09:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/07/30 09:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/07/30 09:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/07/30 09:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/07/26 07:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/12 08:48:56 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004/08/03 19:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/08/02 16:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/07/26 16:19:16 | 000,029,696 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ULILAN.SYS -- (ULI5261) DRV - [2004/07/08 10:58:50 | 000,044,928 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AGPKX.SYS -- (uliagpkx) DRV - [2004/02/24 06:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/01/19 17:54:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/26 17:17:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/11 12:04:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/01/19 17:54:31 | 000,000,000 | ---D | M] [2011/01/16 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions [2012/02/27 13:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions [2012/01/07 11:47:32 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2011/03/22 10:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions\nostmp [2011/03/08 16:02:13 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions\vshare@toolbar [2012/01/19 04:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011/11/19 06:33:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2012/02/26 17:17:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011/09/28 21:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011/09/28 21:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011/09/28 21:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011/09/28 21:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011/09/28 21:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe () O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\Administrator_ON_C..\Run: [] File not found O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe () O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.) F3 - HKU\Administrator_ON_C WinNT: Run - (d:\progra~1\remind\warner.exe) - d:\Programme\Remind\WARNER.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe () O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe () O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/16 14:50:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{9899ed98-2742-11e1-8f4a-00138f1b4693}\Shell - "" = AutoRun O33 - MountPoints2\{9899ed98-2742-11e1-8f4a-00138f1b4693}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9899ed98-2742-11e1-8f4a-00138f1b4693}\Shell\AutoRun\command - "" = H:\DPFMate.exe O33 - MountPoints2\{f170cd16-2e2a-11e1-8f55-00138f1b4693}\Shell - "" = AutoRun O33 - MountPoints2\{f170cd16-2e2a-11e1-8f55-00138f1b4693}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f170cd16-2e2a-11e1-8f55-00138f1b4693}\Shell\AutoRun\command - "" = H:\PhotoViewer.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012/03/17 09:23:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012/03/16 12:07:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012/03/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema [2012/03/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema [2012/03/13 19:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\4.0 [2012/03/13 19:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.tfo4 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/17 08:06:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/03/17 08:05:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/17 08:02:26 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/03/16 11:52:28 | 000,249,929 | ---- | M] () -- C:\WINDOWS\System32\gema.exe [2012/03/16 11:28:01 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/03/14 19:07:57 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/03/14 17:53:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/03/14 06:57:43 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER [2012/03/08 05:34:26 | 000,000,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Kalender.2012.lnk [2012/03/06 20:27:47 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MAGIX Music Maker 16.lnk [2012/03/05 09:47:00 | 000,080,258 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Nachhilfe-1-12.ods_0.ods [2012/03/05 09:29:18 | 000,448,824 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/03/05 09:29:18 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/03/05 09:29:18 | 000,080,520 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/03/05 09:29:18 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/03/05 07:25:41 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Robota.INI [2012/02/29 12:23:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/27 13:10:54 | 000,002,169 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anvil Studio 2011.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/16 11:52:34 | 000,249,929 | ---- | C] () -- C:\WINDOWS\System32\gema.exe [2012/03/08 05:34:26 | 000,000,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Kalender.2012.lnk [2012/03/05 16:22:50 | 000,080,258 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Nachhilfe-1-12.ods_0.ods [2012/02/28 07:24:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2012/02/15 17:33:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/08 10:51:48 | 000,008,046 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\setupBanner.jpg [2012/02/08 10:51:46 | 000,037,607 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\license.rtf [2012/01/06 20:02:17 | 000,113,617 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2012/01/06 20:02:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2011/12/31 08:23:12 | 000,112,678 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp [2011/12/31 08:23:12 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp [2011/08/21 10:17:19 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\asdrawim.ini [2011/03/16 10:53:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/02/15 05:29:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011/02/15 05:29:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011/01/17 08:10:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011/01/17 07:17:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unagp.exe [2011/01/16 20:32:14 | 000,119,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/16 15:57:45 | 000,032,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/01/16 15:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/01/16 15:03:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2011/01/16 15:03:48 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/01/16 15:03:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnLAN.exe [2011/01/16 15:03:13 | 000,003,566 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011/01/16 15:03:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011/01/16 14:53:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/01/16 14:47:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/01/16 14:42:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/01/16 14:41:08 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/04/27 04:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2007/03/12 12:59:00 | 000,299,008 | ---- | C] () -- C:\Programme\navigram_register.exe [2006/10/16 02:58:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\aspolyzt.dll [2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 08:00:00 | 000,448,824 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 08:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 08:00:00 | 000,080,520 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 08:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/07/06 06:59:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\asdrawli.dll [2005/07/04 09:17:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ASDRAWMA.DLL [2004/08/17 11:34:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AS_SORT.DLL [2003/05/22 06:31:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\ASDRAW32.DLL [2002/07/12 10:29:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AS_MDB32.DLL [2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL [2001/07/06 10:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2012/02/12 20:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Anvil Studio [2011/08/21 09:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ASCON Installer [2011/08/21 10:10:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ASCON Programme [2011/01/17 10:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BluetoothDriverInstaller [2011/12/28 09:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSW [2011/01/17 08:10:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited [2011/01/17 07:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers [2012/03/16 11:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema [2011/01/18 20:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ID3-TagIT 3 [2012/01/06 20:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express [2012/01/24 12:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2011/05/11 05:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Navigram [2011/05/17 11:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2011/05/17 11:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Ovi Suite [2011/01/16 21:10:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2011/01/16 16:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera [2011/01/19 17:59:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite [2011/10/16 18:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simfy [2011/03/02 05:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems [2011/07/04 04:15:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE [2011/01/17 08:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012/03/16 11:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema [2011/01/18 19:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ID3-TagIT 3 [2011/01/19 18:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012/01/24 12:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012/01/24 13:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Magix Shared [2011/01/19 18:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011/01/17 11:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011/01/19 17:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011/01/17 10:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011/12/11 13:40:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011/03/02 05:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011/07/04 04:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE [2011/01/16 15:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/03/06 20:28:44 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2011/01/16 14:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011/05/11 04:45:08 | 000,000,000 | ---D | M] -- C:\Internet Explorer 4.0 Setup [2012/03/17 16:18:03 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2011/01/16 15:13:46 | 000,000,000 | ---D | M] -- C:\Program Files [2012/01/24 12:27:42 | 000,000,000 | R--D | M] -- C:\Programme [2011/01/16 15:26:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/02/15 05:29:51 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2011/01/16 14:54:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/03/16 12:07:50 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2007/03/12 12:59:00 | 000,299,008 | ---- | M] () -- C:\Programme\navigram_register.exe Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2006/02/28 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys [2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/02/28 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 02:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2008/04/14 02:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2006/02/28 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\sp2qfe\explorer.exe [2008/04/14 02:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008/04/14 02:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe [2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\sp2gdr\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 02:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2008/04/14 02:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 02:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2008/04/14 02:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006/02/28 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll [2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\SoftwareDistribution\Download\e3b9e8cd6239a53ea3486ac0e70fdfac\sp2gdr\user32.dll [2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2qfe\user32.dll [2006/02/28 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\SoftwareDistribution\Download\e3b9e8cd6239a53ea3486ac0e70fdfac\sp2qfe\user32.dll [2008/04/14 02:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll [2008/04/14 02:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 02:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008/04/14 02:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006/02/28 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006/02/28 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 02:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe [2008/04/14 02:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011/01/16 15:40:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011/01/16 15:40:29 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011/01/16 15:40:29 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2011/12/19 04:08:29 | 006,076,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2011/12/19 04:08:29 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 02:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 02:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2008/04/14 02:52:24 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll [2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > Wie gehe ich nun weiter vor? Kann ich die gleiche fix.txt datei verwenden? Danke! |
|
19.03.2012, 10:32
| #2 |
| /// Malwareteam    | Gema-Trojaner Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1: Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: GMER Bitte
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
19.03.2012, 10:38
| #3 |
| | Gema-Trojaner Starte ich den Defogger über den OTLPEN-Desktop? Auf meinen Windows-XP Desktop kann ich ja nicht zugreifen...
__________________ |
|
19.03.2012, 10:55
| #4 | |
| /// Malwareteam | Gema-TrojanerZitat:
 Starte den Rechner im abgesicherten Modus mit Netzwerktreibern - dazu beim Systemstart VOR dem Windowsbildschirm die F8-Taste drücken! 
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.03.2012, 10:59
| #5 |
| | Gema-Trojaner Ja. Das funktioniert aber leider nicht. Da erscheint auch der Gema-Trojaner |
|
19.03.2012, 11:32
| #6 |
| /// Malwareteam | Gema-Trojaner Schritt 1: Fix mit OTLPEN Auf einem anderen PC, drücke die Windows- und die R-Taste gleichzeitig, schreibe notepad in das Fesnter, drücke OK. Kopiere den Text aus folgender Codebox in das Fenster und speichere die Datei unter Fix.TXT auf einem USB-Stick. Code:
ATTFilter :OTL
IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="
[2011/03/08 16:02:13 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions\vsh are@toolbar
[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe ()
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe ()
O4 - HKU\Administrator_ON_C..\Run: [] File not found
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe ()
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe ()
[2012/03/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/16 11:52:28 | 000,249,929 | ---- | M] () -- C:\WINDOWS\System32\gema.exe
[2012/03/16 11:52:34 | 000,249,929 | ---- | C] () -- C:\WINDOWS\System32\gema.exe
:COMMANDS
[EMPTYTEMP]
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK Drücke den "Fix"-Butto, lade die fix.txt von deinem USB-Stick. Klicke erneut auf "Fix". Wiondows sollte nun normal starten und otl.txt öffnen - poste deren Inhalt bitte hier in dein Thema!
__________________ --> Gema-Trojaner |
|
19.03.2012, 11:48
| #7 |
| | Gema-Trojaner ========== OTL ========== Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully. Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems Prefs.js: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=" removed from keyword.URL Folder C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\6livzf2o.default\extensions\vsh are@toolbar\ not found. C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gema deleted successfully. C:\WINDOWS\system32\gema.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gema. deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe moved successfully. Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\gema deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe deleted successfully. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\gema.exe deleted successfully. File C:\WINDOWS\system32\gema.exe not found. Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe deleted successfully. File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe not found. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema folder moved successfully. File C:\WINDOWS\System32\gema.exe not found. File C:\WINDOWS\System32\gema.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2454 bytes ->Temporary Internet Files folder emptied: 305600 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 505 bytes Total Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 03192012_134655 |
|
19.03.2012, 12:04
| #8 |
| /// Malwareteam | Gema-Trojaner Der Rechner sollte wieder bedienbar sein: Dann weiter mit Schritt 1-3 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.03.2012, 13:23
| #9 |
| | Gema-Trojaner Wenn der tdssKiller nichts findet ist alles wieder in Ordnung? Oder trotzdem den Report hier posten? |
|
19.03.2012, 13:40
| #10 |
| /// Malwareteam | Gema-Trojaner Bitte alle angeforderten logs stets posten! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.03.2012, 13:49
| #11 |
| | Gema-Trojaner GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-19 15:20:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-23
Running: 2trv94ou.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgdcipow.sys
---- System - GMER 1.0.15 ----
SSDT BA7EBF0C ZwClose
SSDT BA7EBEC6 ZwCreateKey
SSDT BA7EBF16 ZwCreateSection
SSDT BA7EBEBC ZwCreateThread
SSDT BA7EBECB ZwDeleteKey
SSDT BA7EBED5 ZwDeleteValueKey
SSDT BA7EBF07 ZwDuplicateObject
SSDT BA7EBEDA ZwLoadKey
SSDT BA7EBEA8 ZwOpenProcess
SSDT BA7EBEAD ZwOpenThread
SSDT BA7EBF2F ZwQueryValueKey
SSDT BA7EBEE4 ZwReplaceKey
SSDT BA7EBF20 ZwRequestWaitReplyPort
SSDT BA7EBEDF ZwRestoreKey
SSDT BA7EBF1B ZwSetContextThread
SSDT BA7EBF25 ZwSetSecurityObject
SSDT BA7EBED0 ZwSetValueKey
SSDT BA7EBF2A ZwSystemDebugControl
SSDT BA7EBEB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9278900]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[388] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 011D1B30 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a7d0ac314
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a7d0ac314@fce55756cdc2 0xFE 0x6F 0xF7 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a7d0ac314 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a7d0ac314@fce55756cdc2 0xFE 0x6F 0xF7 0xE4 ...
---- EOF - GMER 1.0.15 ----
|
|
19.03.2012, 13:50
| #12 |
| | Gema-Trojaner 13:49:47.0875 3548 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 13:49:48.0093 3548 ============================================================ 13:49:48.0093 3548 Current date / time: 2012/03/19 13:49:48.0093 13:49:48.0093 3548 SystemInfo: 13:49:48.0093 3548 13:49:48.0093 3548 OS Version: 5.1.2600 ServicePack: 3.0 13:49:48.0093 3548 Product type: Workstation 13:49:48.0093 3548 ComputerName: PC-ZIMMER 13:49:48.0093 3548 UserName: Administrator 13:49:48.0093 3548 Windows directory: C:\WINDOWS 13:49:48.0093 3548 System windows directory: C:\WINDOWS 13:49:48.0093 3548 Processor architecture: Intel x86 13:49:48.0093 3548 Number of processors: 1 13:49:48.0093 3548 Page size: 0x1000 13:49:48.0093 3548 Boot type: Normal boot 13:49:48.0093 3548 ============================================================ 13:49:49.0375 3548 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:49:49.0375 3548 \Device\Harddisk0\DR0: 13:49:49.0375 3548 MBR used 13:49:49.0375 3548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637 13:49:49.0390 3548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x4E1EDEC 13:49:49.0406 3548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1FE9C24 13:49:49.0500 3548 Initialize success 13:49:49.0500 3548 ============================================================ 13:49:50.0937 0976 ============================================================ 13:49:50.0937 0976 Scan started 13:49:50.0937 0976 Mode: Manual; 13:49:50.0937 0976 ============================================================ 13:49:51.0609 0976 Abiosdsk - ok 13:49:51.0640 0976 abp480n5 - ok 13:49:51.0703 0976 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:49:51.0703 0976 ACPI - ok 13:49:51.0765 0976 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:49:51.0765 0976 ACPIEC - ok 13:49:51.0796 0976 adpu160m - ok 13:49:51.0843 0976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 13:49:51.0843 0976 aec - ok 13:49:51.0906 0976 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 13:49:51.0906 0976 AFD - ok 13:49:51.0937 0976 Aha154x - ok 13:49:51.0968 0976 aic78u2 - ok 13:49:52.0000 0976 aic78xx - ok 13:49:52.0046 0976 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 13:49:52.0062 0976 ALCXSENS - ok 13:49:52.0125 0976 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 13:49:52.0125 0976 ALCXWDM - ok 13:49:52.0187 0976 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 13:49:52.0187 0976 AliIde - ok 13:49:52.0234 0976 amsint - ok 13:49:52.0281 0976 asc - ok 13:49:52.0312 0976 asc3350p - ok 13:49:52.0343 0976 asc3550 - ok 13:49:52.0390 0976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:49:52.0390 0976 AsyncMac - ok 13:49:52.0453 0976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:49:52.0453 0976 atapi - ok 13:49:52.0500 0976 Atdisk - ok 13:49:52.0562 0976 ati2mtag (8948961a4bd498a29e5eeefe548e380f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 13:49:52.0578 0976 ati2mtag - ok 13:49:52.0625 0976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:49:52.0640 0976 Atmarpc - ok 13:49:52.0703 0976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:49:52.0703 0976 audstub - ok 13:49:52.0765 0976 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 13:49:52.0765 0976 avgntflt - ok 13:49:52.0796 0976 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys 13:49:52.0812 0976 avipbb - ok 13:49:52.0843 0976 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 13:49:52.0843 0976 avkmgr - ok 13:49:52.0906 0976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:49:52.0906 0976 Beep - ok 13:49:52.0953 0976 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 13:49:52.0968 0976 BthEnum - ok 13:49:53.0015 0976 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 13:49:53.0015 0976 BTHMODEM - ok 13:49:53.0078 0976 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 13:49:53.0078 0976 BthPan - ok 13:49:53.0140 0976 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys 13:49:53.0140 0976 BTHPORT - ok 13:49:53.0187 0976 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 13:49:53.0187 0976 BTHUSB - ok 13:49:53.0234 0976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:49:53.0234 0976 cbidf2k - ok 13:49:53.0265 0976 cd20xrnt - ok 13:49:53.0312 0976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:49:53.0312 0976 Cdaudio - ok 13:49:53.0359 0976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 13:49:53.0375 0976 Cdfs - ok 13:49:53.0406 0976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:49:53.0406 0976 Cdrom - ok 13:49:53.0437 0976 Changer - ok 13:49:53.0500 0976 CmdIde - ok 13:49:53.0546 0976 Cpqarray - ok 13:49:53.0562 0976 dac2w2k - ok 13:49:53.0593 0976 dac960nt - ok 13:49:53.0640 0976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 13:49:53.0640 0976 Disk - ok 13:49:53.0765 0976 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 13:49:53.0781 0976 dmboot - ok 13:49:53.0859 0976 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 13:49:53.0859 0976 dmio - ok 13:49:53.0906 0976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:49:53.0906 0976 dmload - ok 13:49:53.0953 0976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 13:49:53.0953 0976 DMusic - ok 13:49:54.0015 0976 dpti2o - ok 13:49:54.0062 0976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 13:49:54.0062 0976 drmkaud - ok 13:49:54.0140 0976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 13:49:54.0140 0976 Fastfat - ok 13:49:54.0187 0976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:49:54.0187 0976 Fdc - ok 13:49:54.0218 0976 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 13:49:54.0234 0976 Fips - ok 13:49:54.0265 0976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:49:54.0265 0976 Flpydisk - ok 13:49:54.0312 0976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 13:49:54.0328 0976 FltMgr - ok 13:49:54.0359 0976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:49:54.0359 0976 Fs_Rec - ok 13:49:54.0406 0976 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:49:54.0406 0976 Ftdisk - ok 13:49:54.0453 0976 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 13:49:54.0453 0976 gameenum - ok 13:49:54.0500 0976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:49:54.0500 0976 Gpc - ok 13:49:54.0562 0976 hpn - ok 13:49:54.0609 0976 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 13:49:54.0609 0976 HPZid412 - ok 13:49:54.0656 0976 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 13:49:54.0656 0976 HPZipr12 - ok 13:49:54.0703 0976 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 13:49:54.0703 0976 HPZius12 - ok 13:49:54.0750 0976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 13:49:54.0765 0976 HTTP - ok 13:49:54.0796 0976 i2omgmt - ok 13:49:54.0812 0976 i2omp - ok 13:49:54.0859 0976 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:49:54.0875 0976 i8042prt - ok 13:49:54.0921 0976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:49:54.0921 0976 Imapi - ok 13:49:54.0968 0976 ini910u - ok 13:49:55.0000 0976 IntelIde - ok 13:49:55.0062 0976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 13:49:55.0062 0976 Ip6Fw - ok 13:49:55.0125 0976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:49:55.0125 0976 IpFilterDriver - ok 13:49:55.0171 0976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:49:55.0171 0976 IpInIp - ok 13:49:55.0218 0976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:49:55.0218 0976 IpNat - ok 13:49:55.0265 0976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:49:55.0265 0976 IPSec - ok 13:49:55.0296 0976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:49:55.0296 0976 IRENUM - ok 13:49:55.0343 0976 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:49:55.0343 0976 isapnp - ok 13:49:55.0390 0976 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:49:55.0390 0976 Kbdclass - ok 13:49:55.0437 0976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 13:49:55.0437 0976 kmixer - ok 13:49:55.0500 0976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 13:49:55.0500 0976 KSecDD - ok 13:49:55.0546 0976 lbrtfdc - ok 13:49:55.0593 0976 m5289 - ok 13:49:55.0640 0976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:49:55.0640 0976 mnmdd - ok 13:49:55.0703 0976 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 13:49:55.0703 0976 Modem - ok 13:49:55.0750 0976 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:49:55.0750 0976 Mouclass - ok 13:49:55.0781 0976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 13:49:55.0781 0976 MountMgr - ok 13:49:55.0812 0976 mraid35x - ok 13:49:55.0875 0976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:49:55.0875 0976 MRxDAV - ok 13:49:55.0953 0976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:49:55.0953 0976 MRxSmb - ok 13:49:56.0031 0976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 13:49:56.0031 0976 Msfs - ok 13:49:56.0062 0976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:49:56.0062 0976 MSKSSRV - ok 13:49:56.0125 0976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:49:56.0125 0976 MSPCLOCK - ok 13:49:56.0171 0976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 13:49:56.0171 0976 MSPQM - ok 13:49:56.0218 0976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:49:56.0218 0976 mssmbios - ok 13:49:56.0265 0976 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 13:49:56.0265 0976 ms_mpu401 - ok 13:49:56.0328 0976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 13:49:56.0328 0976 Mup - ok 13:49:56.0390 0976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 13:49:56.0390 0976 NDIS - ok 13:49:56.0437 0976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:49:56.0437 0976 NdisTapi - ok 13:49:56.0500 0976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:49:56.0500 0976 Ndisuio - ok 13:49:56.0531 0976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:49:56.0531 0976 NdisWan - ok 13:49:56.0578 0976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 13:49:56.0578 0976 NDProxy - ok 13:49:56.0625 0976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:49:56.0640 0976 NetBIOS - ok 13:49:56.0687 0976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:49:56.0687 0976 NetBT - ok 13:49:56.0765 0976 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys 13:49:56.0765 0976 nmwcd - ok 13:49:56.0812 0976 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys 13:49:56.0812 0976 nmwcdc - ok 13:49:56.0875 0976 nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\WINDOWS\system32\drivers\nmwcdnsu.sys 13:49:56.0875 0976 nmwcdnsu - ok 13:49:56.0937 0976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 13:49:56.0937 0976 Npfs - ok 13:49:57.0000 0976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 13:49:57.0015 0976 Ntfs - ok 13:49:57.0062 0976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:49:57.0062 0976 Null - ok 13:49:57.0125 0976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:49:57.0125 0976 NwlnkFlt - ok 13:49:57.0156 0976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:49:57.0156 0976 NwlnkFwd - ok 13:49:57.0218 0976 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 13:49:57.0218 0976 Parport - ok 13:49:57.0250 0976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 13:49:57.0250 0976 PartMgr - ok 13:49:57.0296 0976 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 13:49:57.0296 0976 ParVdm - ok 13:49:57.0343 0976 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 13:49:57.0343 0976 pccsmcfd - ok 13:49:57.0406 0976 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 13:49:57.0406 0976 PCI - ok 13:49:57.0437 0976 PCIDump - ok 13:49:57.0453 0976 PCIIde - ok 13:49:57.0531 0976 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:49:57.0531 0976 Pcmcia - ok 13:49:57.0578 0976 PDCOMP - ok 13:49:57.0609 0976 PDFRAME - ok 13:49:57.0640 0976 PDRELI - ok 13:49:57.0671 0976 PDRFRAME - ok 13:49:57.0703 0976 perc2 - ok 13:49:57.0718 0976 perc2hib - ok 13:49:58.0375 0976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:49:58.0375 0976 PptpMiniport - ok 13:49:58.0421 0976 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 13:49:58.0421 0976 Processor - ok 13:49:58.0468 0976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 13:49:58.0468 0976 PSched - ok 13:49:58.0515 0976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:49:58.0515 0976 Ptilink - ok 13:49:58.0562 0976 ql1080 - ok 13:49:58.0578 0976 Ql10wnt - ok 13:49:58.0609 0976 ql12160 - ok 13:49:58.0625 0976 ql1240 - ok 13:49:58.0656 0976 ql1280 - ok 13:49:58.0687 0976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:49:58.0687 0976 RasAcd - ok 13:49:58.0765 0976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:49:58.0765 0976 Rasl2tp - ok 13:49:58.0812 0976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:49:58.0812 0976 RasPppoe - ok 13:49:58.0859 0976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:49:58.0859 0976 Raspti - ok 13:49:58.0921 0976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:49:58.0921 0976 Rdbss - ok 13:49:58.0968 0976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:49:58.0968 0976 RDPCDD - ok 13:49:59.0031 0976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:49:59.0031 0976 rdpdr - ok 13:49:59.0093 0976 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 13:49:59.0093 0976 RDPWD - ok 13:49:59.0171 0976 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:49:59.0171 0976 redbook - ok 13:49:59.0234 0976 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 13:49:59.0234 0976 RFCOMM - ok 13:49:59.0328 0976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:49:59.0343 0976 Secdrv - ok 13:49:59.0390 0976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 13:49:59.0390 0976 serenum - ok 13:49:59.0421 0976 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 13:49:59.0421 0976 Serial - ok 13:49:59.0484 0976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:49:59.0484 0976 Sfloppy - ok 13:49:59.0531 0976 Simbad - ok 13:49:59.0562 0976 Sparrow - ok 13:49:59.0609 0976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 13:49:59.0609 0976 splitter - ok 13:49:59.0656 0976 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 13:49:59.0656 0976 sr - ok 13:49:59.0718 0976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 13:49:59.0718 0976 Srv - ok 13:49:59.0765 0976 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 13:49:59.0781 0976 ssmdrv - ok 13:49:59.0828 0976 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys 13:49:59.0828 0976 StarOpen - ok 13:49:59.0875 0976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:49:59.0875 0976 swenum - ok 13:49:59.0921 0976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 13:49:59.0921 0976 swmidi - ok 13:49:59.0968 0976 symc810 - ok 13:50:00.0000 0976 symc8xx - ok 13:50:00.0031 0976 sym_hi - ok 13:50:00.0046 0976 sym_u3 - ok 13:50:00.0093 0976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 13:50:00.0093 0976 sysaudio - ok 13:50:00.0171 0976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:50:00.0171 0976 Tcpip - ok 13:50:00.0218 0976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:50:00.0218 0976 TDPIPE - ok 13:50:00.0265 0976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 13:50:00.0265 0976 TDTCP - ok 13:50:00.0312 0976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:50:00.0312 0976 TermDD - ok 13:50:00.0359 0976 TosIde - ok 13:50:00.0421 0976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 13:50:00.0421 0976 Udfs - ok 13:50:00.0484 0976 ULI5261 (4b5e42130fa1840b0761a88232ad757b) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS 13:50:00.0484 0976 ULI5261 - ok 13:50:00.0531 0976 uliagpkx (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys 13:50:00.0531 0976 uliagpkx - ok 13:50:00.0562 0976 ultra - ok 13:50:00.0625 0976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 13:50:00.0625 0976 Update - ok 13:50:00.0687 0976 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 13:50:00.0687 0976 upperdev - ok 13:50:00.0750 0976 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 13:50:00.0750 0976 USBAAPL - ok 13:50:00.0796 0976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:50:00.0796 0976 usbccgp - ok 13:50:00.0859 0976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:50:00.0875 0976 usbehci - ok 13:50:00.0937 0976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:50:00.0953 0976 usbhub - ok 13:50:01.0000 0976 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 13:50:01.0000 0976 usbohci - ok 13:50:01.0046 0976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:50:01.0046 0976 usbprint - ok 13:50:01.0093 0976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:50:01.0109 0976 usbscan - ok 13:50:01.0156 0976 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 13:50:01.0156 0976 usbser - ok 13:50:01.0203 0976 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 13:50:01.0203 0976 UsbserFilt - ok 13:50:01.0265 0976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:50:01.0265 0976 USBSTOR - ok 13:50:01.0296 0976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 13:50:01.0296 0976 VgaSave - ok 13:50:01.0328 0976 ViaIde - ok 13:50:01.0390 0976 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 13:50:01.0390 0976 VolSnap - ok 13:50:01.0453 0976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:50:01.0453 0976 Wanarp - ok 13:50:01.0531 0976 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 13:50:01.0531 0976 Wdf01000 - ok 13:50:01.0593 0976 WDICA - ok 13:50:01.0640 0976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 13:50:01.0640 0976 wdmaud - ok 13:50:01.0750 0976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 13:50:01.0750 0976 WpdUsb - ok 13:50:01.0812 0976 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:50:01.0812 0976 WudfPf - ok 13:50:01.0859 0976 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:50:01.0859 0976 WudfRd - ok 13:50:01.0906 0976 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 13:50:02.0046 0976 \Device\Harddisk0\DR0 - ok 13:50:02.0046 0976 Boot (0x1200) (e7e11a11049d3c6f948c7fd4c05c26c2) \Device\Harddisk0\DR0\Partition0 13:50:02.0046 0976 \Device\Harddisk0\DR0\Partition0 - ok 13:50:02.0078 0976 Boot (0x1200) (ac8f034378a9e3d3e2b2867e3c12f2c0) \Device\Harddisk0\DR0\Partition1 13:50:02.0078 0976 \Device\Harddisk0\DR0\Partition1 - ok 13:50:02.0109 0976 Boot (0x1200) (7ed45abad3eacc9ff4870f9953db2808) \Device\Harddisk0\DR0\Partition2 13:50:02.0109 0976 \Device\Harddisk0\DR0\Partition2 - ok 13:50:02.0109 0976 ============================================================ 13:50:02.0109 0976 Scan finished 13:50:02.0109 0976 ============================================================ 13:50:02.0125 2028 Detected object count: 0 13:50:02.0125 2028 Actual detected object count: 0 |
|
19.03.2012, 15:11
| #13 |
| /// Malwareteam | Gema-Trojaner Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.03.2012, 07:18
| #14 |
| /// Malwareteam | Gema-Trojaner Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Gema-Trojaner |
| .com, .dll, 0x00000001, antivir, avira, bho, bonjour, cdburnerxp, converter, desktop, einstellungen, explorer, firefox, format, google earth, helper, kaspersky, logfile, mp3, object, plug-in, realtek, registry, rundll, safer networking, scan, software, windows, windows xp, winlogon.exe |
Linear-Darstellung
