Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gema.exe Infektion Win7 64bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.03.2012, 22:36   #1
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Guten Abend,

Ich habe mir heute den "Gema-Trojaner" eingefangen. Nachdem ich den Prozess (Desktopsperre) im abgesicherten Modus bereits beenden konnte, habe ich mehr oder weniger in Panik manuell 'gema.exe' aus folgenden Ordnern gelöscht

c:/users/***/appdata/roaming/gema/gema.exe
c:/windows/system32/gema.exe
c:/program files/gema/gema.exe

Da ich meine Computer normalerweise fast täglich für Onlinebanking etc. verwende wüsste ich gerne, ob ich um ein neu Aufsetzen von Windows herumkomme und sich das Problem irgendwie manuell beseitigen lässt.

Hier das OTL Logfile, die Logfiles von DDS und das OTL Extras Logfile im Anhang.

OTL
Code:
ATTFilter
OTL logfile created on: 31.03.2012 21:40:50 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,01% Memory free
5,85 Gb Paging File | 4,30 Gb Available in Paging File | 73,52% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 208,57 Gb Total Space | 26,31 Gb Free Space | 12,61% Space Free | Partition Type: NTFS
Drive D: | 9,48 Gb Total Space | 7,52 Gb Free Space | 79,31% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.31 20:59:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.02.25 01:16:56 | 000,278,344 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe
PRC - [2012.02.25 01:16:40 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.06 20:21:42 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.06 20:21:17 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.06.02 03:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
PRC - [2011.06.02 03:01:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.05.04 18:29:49 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011.05.04 18:29:42 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.03.14 13:30:35 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.01.14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.01.14 15:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.01 14:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010.10.23 01:50:24 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.30 14:55:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.25 01:16:40 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.06 20:21:42 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.06 20:21:17 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.07.13 01:49:22 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.06.02 03:01:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011.06.02 03:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.06.02 03:01:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.05.04 18:29:42 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.03.14 13:30:35 | 000,099,864 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.01.14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.10 23:48:58 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2012.03.08 13:17:39 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011.11.02 16:11:49 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.20 18:24:18 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2011.06.02 03:01:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011.06.02 03:01:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.05.04 18:12:47 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.04.09 18:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1) nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.01 14:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.19 18:17:00 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2010.10.23 02:12:42 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.23 02:12:42 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.23 01:17:22 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.10.23 01:17:22 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.10.23 01:16:54 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.04.08 23:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.12.03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.07.22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.11 09:33:56 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: filtaquilla@mesquilla.com:1.2.0
FF - prefs.js..extensions.enabledItems: {F8147CF4-B9E3-445B-AA87-081ED66548F8}:1.6.6
FF - prefs.js..extensions.enabledItems: {CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}:7.3.4.66
FF - prefs.js..extensions.enabledItems: Tangobird@haven667:1.2.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.08 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.13 04:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.31 01:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2012.03.14 23:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2012.03.14 23:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.14 23:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.14 23:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.08 18:26:28 | 000,000,000 | ---D | M]
 
[2011.05.04 18:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.05.04 18:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.25 23:39:39 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\{F8147CF4-B9E3-445B-AA87-081ED66548F8}.XPI
[2011.06.20 11:59:00 | 000,000,000 | ---D | M] (FiltaQuilla) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\FILTAQUILLA@MESQUILLA.COM
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\GCONVERSATION@XULFORUM.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2012.03.07 21:48:17 | 000,002,633 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 2 more lines...
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD37367-AB49-4598-9026-584F9EBB5150}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A2AC28-BB1E-4757-BA93-9B1170060784}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\gema\gema.exe) -  File not found
O20 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk - C:\PROGRA~2\nerds.de\LoopBe1\LOOPBE~1.EXE - (nerds.de)
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\JAN-TI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: Connectify - hkey= - key= - C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: framptr - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: gema - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: gema. - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {0CF3437D-57EB-71AD-A876-E0F353E88792} - Browser Customizations
ActiveX:64bit: {13115E48-4DCC-D3DE-1EEF-7D54E2F92A20} - Offline Browsing Pack
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {531DB786-7F5E-3E71-418C-D5F0A0A9940A} - Offline Browsing Pack
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6413CC8C-F8C3-2E65-DDE5-85907C4E0B56} - Browser Customizations
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B35A3BCB-6A60-828F-57CF-76F1FD9EB0A1} - Microsoft Windows
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.31 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\infekt_logs
[2012.03.31 21:06:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.03.31 21:03:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.31 20:59:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.31 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\5 years of hyperdub
[2012.03.31 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2012.03.29 23:26:50 | 000,000,000 | ---D | C] -- C:\Users\***\ELSTER
[2012.03.29 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.03.29 23:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.03.29 23:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.03.29 23:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.03.26 21:29:51 | 000,000,000 | ---D | C] -- C:\Users\***\zimmar
[2012.03.22 01:23:10 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.03.19 23:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.03.19 22:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.03.19 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2012.03.19 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.03.19 18:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.03.14 23:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks 2012 Hilfe
[2012.03.14 23:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.03.14 23:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.03.14 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.03.14 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.03.14 23:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.03.14 23:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2012
[2012.03.14 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead
[2012.03.14 01:03:31 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012.03.14 01:03:30 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012.03.14 00:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2012.03.14 00:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
[2012.03.13 23:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bome's Mouse Keyboard
[2012.03.13 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2012.03.13 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\***\Music\Documents\Bome's Mouse Keyboard
[2012.03.13 23:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bome's Mouse Keyboard
[2012.03.13 23:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nerds.de
[2012.03.13 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoopBe1 - Internal MIDI Port
[2012.03.13 01:43:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.03.13 00:54:31 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.03.13 00:53:18 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.03.13 00:43:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.03.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure
[2012.03.12 21:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012.03.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.03.12 15:50:07 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.03.10 23:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
[2012.03.10 23:48:58 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.03.10 23:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2012.03.10 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2012.03.10 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012.03.10 03:42:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.03.10 03:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.03.10 03:27:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.03.08 13:17:39 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.03.08 03:33:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz
[2012.03.07 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.03.07 02:15:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.03.07 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MiKTeX
[2012.03.07 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MiKTeX
[2012.03.07 01:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX
[2012.03.07 01:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\LaTeX
[2012.03.07 00:52:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xm1
[2012.03.07 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.03.07 00:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.03.07 00:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.03.07 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2012.03.07 00:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ghostgum
[2012.03.07 00:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.03.07 00:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\gs
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.31 21:44:04 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011.job
[2012.03.31 21:23:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.31 21:08:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.03.31 21:07:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.03.31 21:05:09 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.03.31 21:03:44 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.31 20:59:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.31 20:55:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 20:55:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 20:52:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.31 20:52:48 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.31 20:52:48 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.31 20:52:48 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.31 20:52:48 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.31 20:48:57 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.03.31 20:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.31 20:47:33 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.31 19:51:12 | 000,000,648 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2011.job
[2012.03.31 17:41:56 | 000,035,571 | ---- | M] () -- C:\Users\***\Desktop\Jr2ru.jpg
[2012.03.31 02:49:53 | 000,000,649 | ---- | M] () -- C:\Users\***\Desktop\03 LEON.lnk
[2012.03.27 00:49:45 | 000,045,171 | ---- | M] () -- C:\Users\***\Desktop\Ablaufplan_Diplom-_und_Bachelorarbeiten_SoSe_12_23.3.2012_neu.pdf
[2012.03.24 06:18:47 | 000,590,413 | ---- | M] () -- C:\Users\***\tumblr_m0kywkIcCZ1qm5e7to1_1280.jpg
[2012.03.23 17:37:44 | 000,246,210 | ---- | M] () -- C:\Users\***\tumblr_lzzdkhaUas1qeoegzo1_500.jpg
[2012.03.14 23:33:05 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_17.xml
[2012.03.14 16:26:03 | 005,208,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 01:03:31 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012.03.14 01:03:30 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012.03.14 00:14:30 | 023,490,227 | ---- | M] () -- C:\Users\***\Desktop\lmms-0.4.13-win64.exe
[2012.03.12 21:43:54 | 000,000,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\.backup.dm
[2012.03.11 22:57:55 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.11 22:26:58 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_16.xml
[2012.03.11 19:40:40 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.10 23:48:58 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.03.08 13:17:39 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.03.08 03:32:53 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.03.07 21:48:17 | 000,002,633 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.07 07:14:37 | 000,858,851 | ---- | M] () -- C:\Users\***\r400 service and maintenance.pdf
[2012.03.07 01:39:14 | 000,011,190 | ---- | M] () -- C:\Users\***\gsview64.ini
[2012.03.03 04:05:39 | 000,088,330 | ---- | M] () -- C:\Users\***\sotrue.jpg
 
========== Files Created - No Company Name ==========
 
[2012.03.31 21:08:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.03.31 21:05:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.03.31 17:41:55 | 000,035,571 | ---- | C] () -- C:\Users\***\Desktop\Jr2ru.jpg
[2012.03.31 02:49:53 | 000,000,649 | ---- | C] () -- C:\Users\***\Desktop\03 LEON.lnk
[2012.03.30 14:55:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.27 00:49:45 | 000,045,171 | ---- | C] () -- C:\Users\***\Desktop\Ablaufplan_Diplom-_und_Bachelorarbeiten_SoSe_12_23.3.2012_neu.pdf
[2012.03.24 06:18:43 | 000,590,413 | ---- | C] () -- C:\Users\***\tumblr_m0kywkIcCZ1qm5e7to1_1280.jpg
[2012.03.23 17:37:43 | 000,246,210 | ---- | C] () -- C:\Users\***\tumblr_lzzdkhaUas1qeoegzo1_500.jpg
[2012.03.14 23:33:05 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_17.xml
[2012.03.14 00:10:31 | 023,490,227 | ---- | C] () -- C:\Users\***\Desktop\lmms-0.4.13-win64.exe
[2012.03.13 00:55:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.03.13 00:54:25 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.03.13 00:53:28 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.03.13 00:53:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.03.13 00:53:26 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.03.12 21:43:54 | 000,000,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\.backup.dm
[2012.03.11 18:28:25 | 002,226,450 | ---- | C] () -- C:\Users\***\maskieren_in_illu.pdf
[2012.03.07 22:05:52 | 000,001,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.5.lnk
[2012.03.07 22:02:17 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012.03.07 07:14:37 | 000,858,851 | ---- | C] () -- C:\Users\***\r400 service and maintenance.pdf
[2012.03.07 00:44:46 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.03.07 00:28:29 | 000,011,190 | ---- | C] () -- C:\Users\***\gsview64.ini
[2012.03.03 04:05:39 | 000,088,330 | ---- | C] () -- C:\Users\***\sotrue.jpg
[2012.02.23 04:52:06 | 000,118,784 | RHS- | C] () -- C:\Users\***\AppData\Roaming\newdev6.dll
[2011.07.13 01:50:14 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.07.13 01:36:31 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.05 19:58:12 | 000,793,088 | ---- | C] () -- C:\Program Files (x86)\lame.exe
[2011.06.05 19:58:12 | 000,628,224 | ---- | C] () -- C:\Program Files (x86)\lame_enc.dll
[2011.05.23 23:37:14 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.16 17:51:30 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_16.xml
[2011.05.06 11:16:00 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.05.06 00:37:18 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.06 00:37:18 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.05 02:46:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.05 02:46:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.05 02:45:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.05.04 20:39:26 | 000,024,920 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2011.05.04 20:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.04 19:38:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.04 19:37:52 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.05.04 19:37:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.04 19:34:13 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.05.04 19:34:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.05.04 19:34:12 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.05.04 19:34:12 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011.05.04 19:34:10 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.05.04 19:34:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.04 19:05:26 | 000,544,768 | ---- | C] () -- C:\Program Files\lame.exe
[2011.05.04 19:05:26 | 000,152,064 | ---- | C] () -- C:\Program Files\fonts.exe
 
========== LOP Check ==========
 
[2011.10.25 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2011.06.12 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.07 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.05.05 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.02 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.03.17 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.03.29 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.02.06 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.03.29 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2012.01.28 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander
[2012.03.14 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.03.10 03:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.08.19 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2012.02.09 02:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon
[2012.03.19 23:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.03.14 23:42:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2011.05.16 17:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek
[2011.11.08 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.11.08 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.02.07 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.05.04 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.05.04 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.05.23 23:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.09.13 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.03.14 00:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2011.07.08 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2011.05.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.03.17 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.03.07 00:52:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1
[2012.03.31 21:44:04 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011.job
[2012.02.15 18:54:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.31 19:51:12 | 000,000,648 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.07 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.05.04 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2011.10.25 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2011.05.06 00:08:23 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2011.06.12 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.07 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.05.05 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.02 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.03.17 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.12.04 01:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.03.29 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.02.06 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.03.29 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2012.01.28 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander
[2011.11.30 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.03.14 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.05.04 17:51:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.03.10 03:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.08.19 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2011.08.24 20:23:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.02.09 02:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon
[2012.03.19 23:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.05.04 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.03.14 23:42:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.11.03 21:53:35 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.03.07 02:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiKTeX
[2012.03.30 02:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.05.16 17:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek
[2011.11.08 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.11.08 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.02.07 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.05.04 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.05.04 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.05.23 23:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.09.13 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.03.14 00:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2011.07.08 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.02.21 05:11:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.16 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.05.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.03.17 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2011.12.04 01:11:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.03.07 00:52:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1
 
< %APPDATA%\*.exe /s >
[2012.03.16 03:15:44 | 026,565,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 06:19:02 | 000,871,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe
[2012.03.15 00:02:14 | 000,871,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.03.16 03:16:16 | 000,176,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.05 20:41:03 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.05.04 19:37:52 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0B4CC538-B423-B589-123E-74A0F4894364}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
Tausend Dank im Voraus!

Gruß,

loliver

Alt 02.04.2012, 10:15   #2
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.02.23 04:52:06 | 000,118,784 | RHS- | C] () -- C:\Users\***\AppData\Roaming\newdev6.dll
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

lade getinfo:
File-Upload.net - GetInfo.exe
doppelklicken.
im selben verzeichniss entsteht eine
summary-info.txt
deren inhalt posten
__________________

__________________

Alt 02.04.2012, 14:01   #3
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Hallo Markus,

Vielen Dank für deine Antwort.
Ich habe die Schritte wie beschrieben ausgeführt, hat alles problemlos geklappt. Das "MovedFiles"-Archiv habe ich im Uploadchannel hochgeladen, auch hier alles geklappt.

Hier nun der Output von OTL:
Code:
ATTFilter
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Hier der Output von GetInfo.exe:
Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1cac0a4,dwLowDateTime = 0x462389bf
System32:			 dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x409f32f1
         
Vielen Dank nochmal für deine Hilfe.

Gruß,

loliver
__________________

Alt 02.04.2012, 16:20   #4
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



danke für den upload.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.04.2012, 21:10   #5
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Guten Abend,

Danke für die schnelle Antwort.
Habe nun ComboFix ausgeführt.
Wieso das hosts-File und die beiden jpegs in meinem Benutzerordner (die lagen dort schon ne ganze Weile drin und wurden auch von mir erstellt) gelöscht wurden, ist mir allerdings nicht ganz klar.

Hier das Log:
Code:
ATTFilter
ComboFix 12-04-01.03 - *** 02.04.2012  21:26:44.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3992.2552 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Recycle.Bin
c:\users\***\360.jpg
c:\users\***\50_6.jpg
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-02 bis 2012-04-02  ))))))))))))))))))))))))))))))
.
.
2012-04-02 19:37 . 2012-04-02 19:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-02 11:47 . 2012-04-02 12:17	--------	d-----w-	C:\_OTL
2012-03-30 23:05 . 2012-03-30 23:05	--------	d-----w-	c:\users\***\AppData\Local\DDMSettings
2012-03-30 18:12 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D11A9EB3-2DEC-4171-B9A1-F828E385B700}\mpengine.dll
2012-03-30 12:55 . 2012-03-30 12:55	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 21:26 . 2012-03-29 21:27	--------	d-----w-	c:\users\***\ELSTER
2012-03-29 21:22 . 2012-03-29 21:22	--------	d-----w-	c:\users\***\AppData\Roaming\elsterformular
2012-03-29 21:22 . 2012-03-29 21:22	--------	d-----w-	c:\programdata\elsterformular
2012-03-29 21:22 . 2012-03-29 21:22	--------	d-----w-	c:\program files (x86)\ElsterFormular
2012-03-26 19:29 . 2012-03-26 19:30	--------	d-----w-	c:\users\***\zimmar
2012-03-21 23:23 . 2012-03-30 18:08	--------	d-----w-	c:\users\***\riotsGamesLogs
2012-03-19 21:39 . 2012-03-19 21:39	--------	d-----w-	c:\users\***\AppData\Roaming\LolClient
2012-03-19 20:08 . 2008-07-31 09:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2012-03-19 20:08 . 2008-07-31 09:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2012-03-19 20:08 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2012-03-19 20:08 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2012-03-19 20:08 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2012-03-19 16:33 . 2012-03-30 19:36	--------	d-----w-	c:\users\***\AppData\Local\PMB Files
2012-03-19 16:33 . 2012-03-30 19:36	--------	d-----w-	c:\programdata\PMB Files
2012-03-19 16:32 . 2012-03-19 16:32	--------	d-----w-	c:\program files (x86)\Pando Networks
2012-03-14 21:29 . 2012-03-14 21:30	--------	d-----w-	c:\program files (x86)\Vectorworks 2012 Hilfe
2012-03-14 21:26 . 2012-03-14 21:26	--------	d-----w-	c:\program files (x86)\QuickTime
2012-03-14 21:26 . 2012-03-14 21:26	--------	d-----w-	c:\programdata\Apple Computer
2012-03-14 21:25 . 2012-03-14 21:25	--------	d-----w-	c:\programdata\Apple
2012-03-14 21:25 . 2012-03-14 21:25	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-03-14 17:01 . 2012-03-14 17:01	--------	d-----w-	c:\program files\Propellerhead
2012-03-14 14:13 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 14:13 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 14:13 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 14:12 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 14:12 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:12 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:12 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 14:12 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:12 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:12 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:03 . 2012-03-13 23:03	338432	----a-w-	c:\windows\SysWow64\REX Shared Library.dll
2012-03-13 23:03 . 2012-03-13 23:03	406528	----a-w-	c:\windows\SysWow64\ReWire.dll
2012-03-13 22:53 . 2012-03-13 23:03	--------	d-----w-	c:\programdata\Propellerhead Software
2012-03-13 21:44 . 2012-03-13 22:53	--------	d-----w-	c:\users\***\AppData\Roaming\Propellerhead Software
2012-03-13 21:44 . 2012-03-13 21:44	--------	d-----w-	c:\program files (x86)\Bome's Mouse Keyboard
2012-03-13 21:43 . 2012-03-13 21:43	--------	d-----w-	c:\program files (x86)\nerds.de
2012-03-12 23:43 . 2012-03-12 23:43	--------	d-----w-	c:\windows\system32\SPReview
2012-03-12 23:04 . 2010-11-20 04:00	2560	----a-w-	c:\windows\system32\drivers\de-DE\rdpwd.sys.mui
2012-03-12 23:04 . 2010-11-20 04:12	7168	----a-w-	c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-03-12 23:04 . 2010-11-20 04:07	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2012-03-12 23:04 . 2010-11-20 04:00	4608	----a-w-	c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-03-12 23:04 . 2010-11-20 04:07	2560	----a-w-	c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-03-12 22:54 . 2010-11-20 04:26	69120	----a-w-	c:\windows\system32\dot3cfg.dll
2012-03-12 22:53 . 2010-11-20 04:27	263168	----a-w-	c:\windows\system32\vpnike.dll
2012-03-12 22:43 . 2012-03-12 22:43	--------	d-----w-	c:\windows\system32\EventProviders
2012-03-12 19:43 . 2012-03-12 19:43	--------	d-----w-	c:\users\***\AppData\Local\Proxure
2012-03-12 19:41 . 2012-03-12 19:41	--------	d-----w-	c:\programdata\ClubSanDisk
2012-03-12 17:13 . 2012-03-12 17:13	--------	d-----w-	c:\windows\SysWow64\Wat
2012-03-12 17:13 . 2012-03-12 17:13	--------	d-----w-	c:\windows\system32\Wat
2012-03-12 13:50 . 2012-03-13 05:13	--------	d-----w-	c:\windows\rescache
2012-03-10 21:52 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-03-10 21:52 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-03-10 21:51 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-03-10 21:51 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-03-10 21:48 . 2012-03-10 21:48	31344	----a-w-	c:\windows\system32\drivers\cnnctfy2.sys
2012-03-10 21:48 . 2012-03-10 21:48	--------	d-----w-	c:\program files (x86)\Connectify
2012-03-10 21:48 . 2012-03-10 21:57	--------	d-----w-	c:\programdata\Connectify
2012-03-10 01:42 . 2012-03-10 01:42	--------	d-----w-	c:\users\***\AppData\Roaming\ImgBurn
2012-03-10 01:30 . 2012-03-10 01:30	--------	d-----w-	c:\program files (x86)\ImgBurn
2012-03-08 11:17 . 2012-03-08 11:17	144672	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2012-03-08 01:33 . 2012-03-08 01:33	--------	dc----w-	c:\users\***\AppData\Local\MigWiz
2012-03-07 20:08 . 2012-03-07 20:08	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.dmp.contentviewer
2012-03-07 00:11 . 2012-03-07 00:11	--------	d-----w-	c:\users\***\AppData\Roaming\MiKTeX
2012-03-07 00:11 . 2012-03-07 00:11	--------	d-----w-	c:\users\***\AppData\Local\MiKTeX
2012-03-06 23:43 . 2012-03-07 00:04	--------	d-----w-	c:\program files (x86)\MiKTeX
2012-03-06 23:27 . 2012-03-13 00:55	--------	d-----w-	c:\users\***\LaTeX
2012-03-06 22:52 . 2012-03-06 22:52	--------	d-----w-	c:\users\***\AppData\Roaming\xm1
2012-03-06 22:52 . 2012-03-06 22:52	--------	d-----w-	c:\program files (x86)\Texmaker
2012-03-06 22:28 . 2012-03-06 22:28	--------	d-----w-	c:\program files\Ghostgum
2012-03-06 22:27 . 2012-03-06 22:27	--------	d-----w-	c:\program files\gs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 12:55 . 2011-05-19 12:31	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 23:33 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-03-12 23:33 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-02-23 08:18 . 2011-05-04 16:55	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2010-09-08 02:29 . 2011-05-04 17:05	152064	----a-w-	c:\program files\fonts.exe
2010-06-08 08:16 . 2011-06-05 17:58	793088	----a-w-	c:\program files (x86)\lame.exe
2010-06-08 08:16 . 2011-06-05 17:58	628224	----a-w-	c:\program files (x86)\lame_enc.dll
2008-07-04 07:25 . 2011-05-04 17:05	544768	----a-w-	c:\program files\lame.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-05-04 494616]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-22 98304]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-12 1431888]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-06 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-14 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-06 1543704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:55]
.
2012-04-02 c:\windows\Tasks\Allplan AutoUpdate 2011.job
- c:\program files (x86)\Nemetschek\Allplan_1\prg\LaunchAllplanAutoUpdate.exe [2011-05-04 15:26]
.
2012-04-02 c:\windows\Tasks\WebContent AutoUpdate 2011.job
- c:\program files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe [2011-05-04 15:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-22 414744]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"combofix"="c:\combofix\CF28522.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Standard) - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-02  21:52:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-02 19:52
.
Vor Suchlauf: 26 Verzeichnis(se), 28.937.797.632 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 28.363.034.624 Bytes frei
.
- - End Of File - - D8FC8B530177AB24DD1A356606B0E582
         
Gruß,

loliver


Alt 03.04.2012, 12:07   #6
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> gema.exe Infektion Win7 64bit

Alt 03.04.2012, 17:27   #7
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Guten Abend,

Ich habe nun den Malwarebytes-Scan gemacht, hat soweit auch alles geklappt. Allerdings ist danach ein unangenehmes Problem aufgetreten:
Nachdem Malwarebytes nach dem Scan den Computer neu gestartet hatte, habe ich probiert meine Antivirenprogramm Sophos zu öffnen, da es während des Malwarebytes-Scans einen Adware-Fund angezeigt hatte (als Tooltip vom "On-access-Scan", also ich denke weil Malwarebytes auf die Datei zugegriffen hat). Sophos ließ sich allerdings nicht öffnen, stattdessen erschien die Sanduhr und es ging nichts mehr. Der Taskmanager ließ sich nicht öffnen Alt+Ctrl+Del ging nicht nicht, Win+D auch nicht.
Also habe ich den Computer mithilfe des Ein/Aus-Schalter "heruntergefahren", nach dem Neustart noch einmla probiert Sophos zu öffnen, wieder dasselbe.
Was mich außerdem stutzig macht, ist der Fund des Malwarebytes-Scan. Es handelt sich hierbei um den LAME-Encoder, den ich schon x-fach verwendet habe (also genau diese Datei). Malwarebytes erkennt ihn nun als Spyware...
Ich hoffe ich habe alles richtig gemacht.

Jetzt wollte ich gerade hier das Malwarebytes-Log posten, probiere meinen Desktop aufzurufen um festzustellen, dass dieser eingefroren ist...
Die Verknüpfungen im Startmenü, welches ich aufrufen kann, funktionieren auch nicht bzw. zeigen keine Reaktion.

Ich werde dann wohl wieder meinen gewaltsamen shutdown machen um an das log zu kommen und es hier posten zu können.
Ich hoffe ihr könnt mir weiterhelfen.

Gruß,

loliver

EDIT: Habe es gerade geschafft den Taskmanager zu starten. Keine Auffälligkeiten, keine besondere Auslastung oder unbekannte Prozesse/Dienste. Dennoch ist der Desktop noch immer eingefroren.

Alt 03.04.2012, 17:30   #8
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



starte halt mal neu und gucke obs noch mal passiert
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.04.2012, 17:33   #9
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Whoa, das ging ja mehr als schnell.
Hier erstmal das MBAM-Log, bevor ich probiere Sophos zu öffnen.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

Schutz: Aktiviert

03.04.2012 14:50:25
mbam-log-2012-04-03 (14-50-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 633138
Laufzeit: 2 Stunde(n), 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\lame_enc.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
EDIT: Habe nun im abgesicherten Modus hochgefahren. Ich habe festgestellt, dass Sophos sich problemlos öffnen lässt, solange MBAM nicht läuft. D.h. wenn der Autostart wieder aktiv ist im normalen Modus und die beiden gleichzeitig starten, komme ich nicht mehr in Sophos.
Auch habe ich in Sophos nun den Threat bereinigt, der während des MBAM Scan gefunden wurde.
Es handelte sich um folgendes:

Typ: Adware/PUA Name: NirCmd

Bereinigung problemlos.
Soll ich nun MBAM erstmal aus dem Autostart herausnehmen?

Geändert von loliver (03.04.2012 um 17:48 Uhr)

Alt 03.04.2012, 18:06   #10
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



gehe mal auf start ausführen
msconfig
enter
systemstart.
und schalte dort Malwarebytes aus.
dann ok klicken und normal neustarten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.04.2012, 18:14   #11
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



Habe ich gemacht (zusätzlich den Dienst zu MBAM ausgeschaltet). Meine Beobachtung hat sich bestätigt, d.h. ohne MBAM läuft alles super, Sophos lässt sich öffnen etc..

Alt 04.04.2012, 13:57   #12
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



ok, aber als freeware lösung kannst du ja mbam behalten und von zeit zu zeit nutzen.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.04.2012, 14:15   #13
loliver
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



So, hier die Liste der installierten Programme:

Code:
ATTFilter
7-Zip 9.20 (x64 edition)	Igor Pavlov	04.05.2011	4,53MB	9.20.00.0							notwendig
Adobe Acrobat X Pro - English, Français, Deutsch	Adobe Systems	13.01.2012	2.493MB	10.1.2					notwendig
Adobe AIR	Adobe Systems Incorporated	05.03.2012		3.1.0.4880							notwendig
Adobe Community Help	Adobe Systems Incorporated.	05.05.2011		3.4.980							notwendig
Adobe Content Viewer	Adobe Systems Incorporated	07.03.2012		1.4.0							notwendig
Adobe Download Assistant	Adobe Systems Incorporated	20.08.2011		1.0.3						notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.08.2011	2,72MB	10.2.153.1					notwendig
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated			11.2.202.228					notwendig
Adobe Flash Professional CS5.5	Adobe Systems Incorporated			11.5							notwendig
Adobe Illustrator CS5.1	Adobe Systems Incorporated			15.1								notwendig
Adobe InDesign CS5.5	Adobe Systems Incorporated			7.5								notwendig
Adobe Photoshop CS5.1	Adobe Systems Incorporated			12.1								notwendig
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	12.01.2012	195,7MB	10.1.2					notwendig
Amazon MP3-Downloader 1.0.9														unnötig
Apple Application Support	Apple Inc.	14.03.2012	52,8MB	1.4.1								unbekannt
ATI Catalyst Install Manager	ATI Technologies, Inc.	04.05.2011	22,3MB	3.0.782.0						unbekannt
ATI Uninstaller	ATI Technologies, Inc.			8.752.4-101022a-107489C-Lenovo							unbekannt
AuthenTec TrueSuite	AuthenTec, Inc.	15.05.2011	6,64MB	2.0.0.57								notwendig
AutoCAD Architecture 2012 - Deutsch	Autodesk	01.01.1970		6.7.49.0						notwendig
Autodesk Content Service	Autodesk	13.07.2011	95,9MB	2.0.90								notwendig
Autodesk Design Review 2012	Autodesk, Inc.	13.07.2011		12.0.0.93							notwendig
Autodesk Inventor Fusion 2012	Autodesk, Inc.	13.07.2011		1.0.0.79							notwendig
Autodesk Material Library 2012	Autodesk	13.07.2011	97,9MB	2.5.0.8								notwendig
Autodesk Material Library Base Resolution Image Library 2012	Autodesk	13.07.2011	71,4MB	2.5.0.8				notwendig
Avira UnErase Personal															unnötig
Bome's Mouse Keyboard 2.00	Bome Software	13.03.2012										notwendig
Brother MFL-Pro Suite MFC-5890CN	Brother Industries, Ltd.	24.08.2011		1.0.1.0					notwendig
CCleaner	Piriform			3.17											unnötig
CINEMA 4D 13.051	MAXON Computer GmbH	12.01.2012		13.051								notwendig
Conexant 20561 SmartAudio HD	Conexant			4.92.10.0								notwendig
Connectify	Connectify			3.3.0.23104										notwendig
DAEMON Tools Lite	DT Soft Ltd			4.41.3.0173									notwendig
DivX-Setup	DivX, LLC			2.6.1.8											unnötig
Dropbox	Dropbox, Inc.			1.3.27												notwendig
DVD Decrypter (Remove Only)														notwendig
ElsterFormular	Landesfinanzdirektion Thüringen			13.1.1.8531p								notwendig
FileZilla Client 3.5.3	FileZilla Project			3.5.3									notwendig
FLAC 1.2.1b (remove only)	Xiph.org			1.2.1b									notwendig
foobar2000 v1.1.6	Peter Pawlowski			1.1.6										notwendig
FreeCommander 2009.02b	Marek Jasinski	28.01.2012		2009.02									notwendig
Google SketchUp Pro 8	Google, Inc.	29.11.2011	135,7MB	3.0.3117								notwendig
GPL Ghostscript	Artifex Software Inc.			9.05										notwendig
GSview 5.0	Ghostgum Software Pty Ltd			5.0									notwendig
HandBrake 0.9.6				0.9.6												notwendig
ImgBurn	LIGHTNING UK!	10.03.2012		2.5.6.0											notwendig
InfraRecorder	Christian Kindahl													notwendig
Intel(R) Network Connections Drivers													notwendig
Java(TM) 6 Update 22	Oracle	04.05.2011	97,1MB	6.0.220										notwendig
K-Meleon 1.5.4 de-DE (nur entfernen)	K-Meleon Team			1.5.4								notwendig
League of Legends	Riot Games	19.03.2012		1.02.0000								unnötig
Lenovo Auto Scroll Utility				1.00										notwendig
Lenovo System Interface Driver				1.05										notwendig
LoopBe1 - Internal MIDI Port														notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	03.04.2012		1.60.1.1000			notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.03.2012		4.0.30319				notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	14.07.2011		4.0.30319		notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	11.03.2012		4.0.30319					notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	13.07.2011		4.0.30319			notwendig
Microsoft Report Viewer Redistributable 2008 SP1	Microsoft Corporation	04.05.2011						notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	04.05.2011	0,34MB	8.0.59193				notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	12.01.2012	0,69MB	8.0.56336				notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	04.05.2011	0,77MB	9.0.30729.4148		notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.05.2011	0,58MB	9.0.30729		notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	04.05.2011	0,57MB	9.0.30729.4148		notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	13.07.2011	11,0MB	10.0.30319		notwendig
MiKTeX 2.9	MiKTeX.org			2.9											notwendig
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla			11.0.1									notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	06.05.2011	1,28MB	4.20.9870.0						notwendig
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	06.05.2011	1,33MB	4.20.9876.0						notwendig
Nemetschek Allplan 2011	Nemetschek Allplan GmbH			2011.0									notwendig
Nemetschek SoftLock 2006				1.26.49										notwendig
Nokia Connectivity Cable Driver	Nokia	08.11.2011	4,21MB	7.1.48.0								unnötig
Nokia Suite	Nokia	08.11.2011		3.2.100.0										notwendig
Notepad++				5.9.8												notwendig
OpenOffice.org 3.3	OpenOffice.org	04.05.2011	409MB	3.3.9567								notwendig
Opera 11.61	Opera Software ASA			11.61.1250									notwendig
Panasonic ByteFM 1.1	Panasonic ByteFM Player			1.1									notwendig
Pando Media Booster	Pando Networks Inc.			2.6.0.6									unnötig
PC Connectivity Solution	Nokia	08.11.2011	20,8MB	11.5.13.0								unnötig
PDFCreator	Frank Heindörfer, Philip Chinery	13.09.2011		1.2.3							notwendig
QuickTime	Apple Inc.	14.03.2012	73,7MB	7.69.80.9									notwendig
Reason 5.0	Propellerhead Software AB	13.03.2012		5.0								notwendig	
Renamer 1.1	Mediachance.com	23.08.2011												notwendig
Rhinoceros 4.0	McNeel & Associates	16.05.2011	172,2MB	4.0.20118								notwendig
Skype™ 5.5	Skype Technologies S.A.	26.01.2012	17,0MB	5.5.124									notwendig
Sophos Anti-Virus	Sophos Limited	08.03.2012	26,8MB	9.7.7									notwendig
Sophos AutoUpdate	Sophos Limited	04.09.2011	9,85MB	2.5.10									notwendig
Texmaker																notwendig
ThinkPad Energie-Manager				3.61										notwendig
ThinkPad FullScreen Magnifier				2.24										notwendig
ThinkPad Power Management Driver				1.62.00.00								notwendig
ThinkPad UltraNav Driver				15.2.20.0									notwendig
ThinkVantage Access Connections	Lenovo	23.05.2011	76,2MB	5.83									notwendig
ThinkVantage Communications Utility	Lenovo	23.05.2011		1.43								notwendig
V-Ray for SketchUp	ASGVIS			1.48.89											notwendig
Vectorworks 2011 Hilfe	UNKNOWN	04.05.2011		1.1										notwendig
Vectorworks 2012 Hilfe	UNKNOWN	14.03.2012		1.0										notwendig
VLC media player 1.1.11	VideoLAN			1.1.11										notwendig
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)	Broadcom			04/08/2010 6.3.5.430	notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom			07/28/2009 6.2.0.9800		notwendig
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia			08/22/2008 7.0.0.0				unnötig
µTorrent				2.2.1												notwendig
         

Alt 04.04.2012, 18:03   #14
markusg
/// Malware-holic
 
gema.exe Infektion Win7 64bit - Standard

gema.exe Infektion Win7 64bit



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Amazon
Avira UnErase
DivX
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
League

öffne CCleaner analysieren, ccleanr starten, pc neustarten testen wie das system läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu gema.exe Infektion Win7 64bit
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, adobe flash player, bho, browser, computer, ebanking, error, explorer, firefox, flash player, format, helper, home, igdpmd64.sys, lenovo, lightning, logfile, mozilla thunderbird, neu aufsetzen, nvidia, nvstor.sys, ordner, plug-in, port, problem, programme, prozess, pwmtr64v.dll, registry, rundll, scan, searchscopes, software, win7 64bit, winlogon.exe, wrapper




Ähnliche Themen: gema.exe Infektion Win7 64bit


  1. Win7 - Avast Infektion URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 14.10.2014 (7)
  2. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  3. GVU-Virus Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (17)
  4. GVU Trojaner - WIN7 Pro 64bit
    Log-Analyse und Auswertung - 16.01.2013 (14)
  5. GVU Trojaner 2.07 Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (12)
  6. GVU-Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (9)
  7. GVU 2.07 Trojaner, win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  8. GVU Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  9. GVU 2.07 Win7 64bit
    Log-Analyse und Auswertung - 21.08.2012 (6)
  10. Win7 64bit - GVU 2.07 eingefangen
    Log-Analyse und Auswertung - 12.08.2012 (10)
  11. BKA Trojaner - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (13)
  12. GVU Trojaner Win7 64bit
    Log-Analyse und Auswertung - 26.07.2012 (21)
  13. GVU Trojaner Win7 64bit
    Log-Analyse und Auswertung - 25.07.2012 (11)
  14. GEMA Virus - Windows 7 - 64bit
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  15. Gema.exe win7 64 bit
    Log-Analyse und Auswertung - 17.04.2012 (19)
  16. Verdächtige datei in msconfig nach infektion des GEMA trojaners
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)

Zum Thema gema.exe Infektion Win7 64bit - Guten Abend, Ich habe mir heute den "Gema-Trojaner" eingefangen. Nachdem ich den Prozess (Desktopsperre) im abgesicherten Modus bereits beenden konnte, habe ich mehr oder weniger in Panik manuell 'gema.exe' aus - gema.exe Infektion Win7 64bit...
Archiv
Du betrachtest: gema.exe Infektion Win7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.