|
Plagegeister aller Art und deren Bekämpfung: gema.exe Infektion Win7 64bitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.03.2012, 22:36 | #1 |
| gema.exe Infektion Win7 64bit Guten Abend, Ich habe mir heute den "Gema-Trojaner" eingefangen. Nachdem ich den Prozess (Desktopsperre) im abgesicherten Modus bereits beenden konnte, habe ich mehr oder weniger in Panik manuell 'gema.exe' aus folgenden Ordnern gelöscht c:/users/***/appdata/roaming/gema/gema.exe c:/windows/system32/gema.exe c:/program files/gema/gema.exe Da ich meine Computer normalerweise fast täglich für Onlinebanking etc. verwende wüsste ich gerne, ob ich um ein neu Aufsetzen von Windows herumkomme und sich das Problem irgendwie manuell beseitigen lässt. Hier das OTL Logfile, die Logfiles von DDS und das OTL Extras Logfile im Anhang. OTL Code:
ATTFilter OTL logfile created on: 31.03.2012 21:40:50 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,01% Memory free 5,85 Gb Paging File | 4,30 Gb Available in Paging File | 73,52% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 208,57 Gb Total Space | 26,31 Gb Free Space | 12,61% Space Free | Partition Type: NTFS Drive D: | 9,48 Gb Total Space | 7,52 Gb Free Space | 79,31% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.31 20:59:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.02.25 01:16:56 | 000,278,344 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe PRC - [2012.02.25 01:16:40 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.06 20:21:42 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2011.10.06 20:21:17 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2011.06.02 03:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE PRC - [2011.06.02 03:01:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2011.05.04 18:29:49 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2011.05.04 18:29:42 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.03.14 13:30:35 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2011.01.14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2011.01.14 15:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.01 14:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2010.10.23 01:50:24 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.03.30 14:55:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.02.25 01:16:40 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.06 20:21:42 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2011.10.06 20:21:17 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2011.07.13 01:49:22 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2011.06.02 03:01:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2011.06.02 03:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2011.06.02 03:01:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2011.05.04 18:29:42 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.03.14 13:30:35 | 000,099,864 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2011.01.14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.10 23:48:58 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2012.03.08 13:17:39 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2011.11.02 16:11:49 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.20 18:24:18 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2011.06.02 03:01:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2011.06.02 03:01:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2011.05.04 18:12:47 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.04.09 18:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1) nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM) DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.01 14:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.19 18:17:00 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2010.10.23 02:12:42 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.23 02:12:42 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.23 01:17:22 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.10.23 01:17:22 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.10.23 01:16:54 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.04.08 23:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.12.03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009.07.22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 03:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.11 09:33:56 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd) DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: filtaquilla@mesquilla.com:1.2.0 FF - prefs.js..extensions.enabledItems: {F8147CF4-B9E3-445B-AA87-081ED66548F8}:1.6.6 FF - prefs.js..extensions.enabledItems: {CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}:7.3.4.66 FF - prefs.js..extensions.enabledItems: Tangobird@haven667:1.2.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.08 18:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.13 04:48:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.31 01:04:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2012.03.14 23:26:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2012.03.14 23:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.14 23:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.14 23:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.08 18:26:28 | 000,000,000 | ---D | M] [2011.05.04 18:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.04 18:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.25 23:39:39 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\{F8147CF4-B9E3-445B-AA87-081ED66548F8}.XPI [2011.06.20 11:59:00 | 000,000,000 | ---D | M] (FiltaQuilla) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\FILTAQUILLA@MESQUILLA.COM () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\GCONVERSATION@XULFORUM.ORG.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\LJG9PEBG.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2012.03.07 21:48:17 | 000,002,633 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 2 more lines... O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD37367-AB49-4598-9026-584F9EBB5150}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A2AC28-BB1E-4757-BA93-9B1170060784}: DhcpNameServer = 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\gema\gema.exe) - File not found O20 - HKU\S-1-5-21-3269592610-2925019564-2429195229-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk - C:\PROGRA~2\nerds.de\LoopBe1\LOOPBE~1.EXE - (nerds.de) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\JAN-TI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: Connectify - hkey= - key= - C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: framptr - hkey= - key= - File not found MsConfig:64bit - StartUpReg: gema - hkey= - key= - File not found MsConfig:64bit - StartUpReg: gema. - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {0CF3437D-57EB-71AD-A876-E0F353E88792} - Browser Customizations ActiveX:64bit: {13115E48-4DCC-D3DE-1EEF-7D54E2F92A20} - Offline Browsing Pack ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {531DB786-7F5E-3E71-418C-D5F0A0A9940A} - Offline Browsing Pack ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6413CC8C-F8C3-2E65-DDE5-85907C4E0B56} - Browser Customizations ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B35A3BCB-6A60-828F-57CF-76F1FD9EB0A1} - Microsoft Windows ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.31 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\infekt_logs [2012.03.31 21:06:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com [2012.03.31 21:03:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.31 20:59:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.31 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\5 years of hyperdub [2012.03.31 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings [2012.03.29 23:26:50 | 000,000,000 | ---D | C] -- C:\Users\***\ELSTER [2012.03.29 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular [2012.03.29 23:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.03.29 23:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.03.29 23:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2012.03.26 21:29:51 | 000,000,000 | ---D | C] -- C:\Users\***\zimmar [2012.03.22 01:23:10 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs [2012.03.19 23:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient [2012.03.19 22:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012.03.19 18:33:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files [2012.03.19 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.03.19 18:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.03.14 23:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks 2012 Hilfe [2012.03.14 23:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.03.14 23:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.03.14 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.03.14 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.03.14 23:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.03.14 23:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2012 [2012.03.14 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead [2012.03.14 01:03:31 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2012.03.14 01:03:30 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll [2012.03.14 00:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software [2012.03.14 00:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead [2012.03.13 23:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bome's Mouse Keyboard [2012.03.13 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Propellerhead Software [2012.03.13 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\***\Music\Documents\Bome's Mouse Keyboard [2012.03.13 23:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bome's Mouse Keyboard [2012.03.13 23:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nerds.de [2012.03.13 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoopBe1 - Internal MIDI Port [2012.03.13 01:43:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.03.13 00:54:31 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.03.13 00:53:18 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.03.13 00:43:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.03.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure [2012.03.12 21:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.03.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.03.12 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.03.12 15:50:07 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.03.10 23:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify [2012.03.10 23:48:58 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012.03.10 23:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify [2012.03.10 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify [2012.03.10 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2012.03.10 03:42:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn [2012.03.10 03:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.03.10 03:27:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.03.08 13:17:39 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.03.08 03:33:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz [2012.03.07 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2012.03.07 02:15:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.03.07 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MiKTeX [2012.03.07 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MiKTeX [2012.03.07 01:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX [2012.03.07 01:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\LaTeX [2012.03.07 00:52:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xm1 [2012.03.07 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.03.07 00:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.03.07 00:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.03.07 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostgum [2012.03.07 00:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ghostgum [2012.03.07 00:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2012.03.07 00:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\gs ========== Files - Modified Within 30 Days ========== [2012.03.31 21:44:04 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011.job [2012.03.31 21:23:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.31 21:08:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.31 21:07:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com [2012.03.31 21:05:09 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.03.31 21:03:44 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.31 20:59:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.31 20:55:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.31 20:55:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.31 20:52:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.31 20:52:48 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.31 20:52:48 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.31 20:52:48 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.31 20:52:48 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.31 20:48:57 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.03.31 20:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.31 20:47:33 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2012.03.31 19:51:12 | 000,000,648 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2011.job [2012.03.31 17:41:56 | 000,035,571 | ---- | M] () -- C:\Users\***\Desktop\Jr2ru.jpg [2012.03.31 02:49:53 | 000,000,649 | ---- | M] () -- C:\Users\***\Desktop\03 LEON.lnk [2012.03.27 00:49:45 | 000,045,171 | ---- | M] () -- C:\Users\***\Desktop\Ablaufplan_Diplom-_und_Bachelorarbeiten_SoSe_12_23.3.2012_neu.pdf [2012.03.24 06:18:47 | 000,590,413 | ---- | M] () -- C:\Users\***\tumblr_m0kywkIcCZ1qm5e7to1_1280.jpg [2012.03.23 17:37:44 | 000,246,210 | ---- | M] () -- C:\Users\***\tumblr_lzzdkhaUas1qeoegzo1_500.jpg [2012.03.14 23:33:05 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_17.xml [2012.03.14 16:26:03 | 005,208,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 01:03:31 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2012.03.14 01:03:30 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll [2012.03.14 00:14:30 | 023,490,227 | ---- | M] () -- C:\Users\***\Desktop\lmms-0.4.13-win64.exe [2012.03.12 21:43:54 | 000,000,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\.backup.dm [2012.03.11 22:57:55 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.03.11 22:26:58 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_16.xml [2012.03.11 19:40:40 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.10 23:48:58 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012.03.08 13:17:39 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.03.08 03:32:53 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.03.07 21:48:17 | 000,002,633 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.03.07 07:14:37 | 000,858,851 | ---- | M] () -- C:\Users\***\r400 service and maintenance.pdf [2012.03.07 01:39:14 | 000,011,190 | ---- | M] () -- C:\Users\***\gsview64.ini [2012.03.03 04:05:39 | 000,088,330 | ---- | M] () -- C:\Users\***\sotrue.jpg ========== Files Created - No Company Name ========== [2012.03.31 21:08:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.31 21:05:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.03.31 17:41:55 | 000,035,571 | ---- | C] () -- C:\Users\***\Desktop\Jr2ru.jpg [2012.03.31 02:49:53 | 000,000,649 | ---- | C] () -- C:\Users\***\Desktop\03 LEON.lnk [2012.03.30 14:55:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.27 00:49:45 | 000,045,171 | ---- | C] () -- C:\Users\***\Desktop\Ablaufplan_Diplom-_und_Bachelorarbeiten_SoSe_12_23.3.2012_neu.pdf [2012.03.24 06:18:43 | 000,590,413 | ---- | C] () -- C:\Users\***\tumblr_m0kywkIcCZ1qm5e7to1_1280.jpg [2012.03.23 17:37:43 | 000,246,210 | ---- | C] () -- C:\Users\***\tumblr_lzzdkhaUas1qeoegzo1_500.jpg [2012.03.14 23:33:05 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_17.xml [2012.03.14 00:10:31 | 023,490,227 | ---- | C] () -- C:\Users\***\Desktop\lmms-0.4.13-win64.exe [2012.03.13 00:55:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.03.13 00:54:25 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.03.13 00:53:28 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.03.13 00:53:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.03.13 00:53:26 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.03.12 21:43:54 | 000,000,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\.backup.dm [2012.03.11 18:28:25 | 002,226,450 | ---- | C] () -- C:\Users\***\maskieren_in_illu.pdf [2012.03.07 22:05:52 | 000,001,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.5.lnk [2012.03.07 22:02:17 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2012.03.07 07:14:37 | 000,858,851 | ---- | C] () -- C:\Users\***\r400 service and maintenance.pdf [2012.03.07 00:44:46 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.03.07 00:28:29 | 000,011,190 | ---- | C] () -- C:\Users\***\gsview64.ini [2012.03.03 04:05:39 | 000,088,330 | ---- | C] () -- C:\Users\***\sotrue.jpg [2012.02.23 04:52:06 | 000,118,784 | RHS- | C] () -- C:\Users\***\AppData\Roaming\newdev6.dll [2011.07.13 01:50:14 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.07.13 01:36:31 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.05 19:58:12 | 000,793,088 | ---- | C] () -- C:\Program Files (x86)\lame.exe [2011.06.05 19:58:12 | 000,628,224 | ---- | C] () -- C:\Program Files (x86)\lame_enc.dll [2011.05.23 23:37:14 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.16 17:51:30 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_16.xml [2011.05.06 11:16:00 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.05.06 00:37:18 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.05.06 00:37:18 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.05.05 02:46:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.05 02:46:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.05.05 02:45:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2011.05.04 20:39:26 | 000,024,920 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll [2011.05.04 20:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.04 19:38:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.04 19:37:52 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.05.04 19:37:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.04 19:34:13 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.05.04 19:34:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.05.04 19:34:12 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.05.04 19:34:12 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2011.05.04 19:34:10 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.05.04 19:34:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.04 19:05:26 | 000,544,768 | ---- | C] () -- C:\Program Files\lame.exe [2011.05.04 19:05:26 | 000,152,064 | ---- | C] () -- C:\Program Files\fonts.exe ========== LOP Check ========== [2011.10.25 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2011.06.12 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.07 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2011.05.05 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.11.02 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.03.17 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.03.29 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.02.06 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.03.29 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2012.01.28 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander [2012.03.14 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.03.10 03:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2011.08.19 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2012.02.09 02:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon [2012.03.19 23:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2012.03.14 23:42:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2011.05.16 17:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2011.11.08 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.11.08 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2012.02.07 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.05.04 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.05.04 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.05.23 23:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.09.13 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.03.14 00:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software [2011.07.08 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr [2011.05.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.03.17 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.03.07 00:52:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1 [2012.03.31 21:44:04 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011.job [2012.02.15 18:54:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.31 19:51:12 | 000,000,648 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.07 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011.05.04 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2011.10.25 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2011.05.06 00:08:23 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother [2011.06.12 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.07 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2011.05.05 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.11.02 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.05 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2012.03.17 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.12.04 01:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2012.03.29 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.02.06 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.03.29 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2012.01.28 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander [2011.11.30 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2012.03.14 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2011.05.04 17:51:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.03.10 03:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2011.08.19 19:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2011.08.24 20:23:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.02.09 02:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon [2012.03.19 23:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2011.05.04 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.03.14 23:42:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.11.03 21:53:35 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.03.07 02:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiKTeX [2012.03.30 02:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.05.16 17:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2011.11.08 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.11.08 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2012.02.07 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.05.04 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.05.04 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.05.23 23:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.09.13 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.03.14 00:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software [2011.07.08 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr [2012.02.21 05:11:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011.07.16 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011.05.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.03.17 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.12.04 01:11:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2012.03.07 00:52:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1 < %APPDATA%\*.exe /s > [2012.03.16 03:15:44 | 026,565,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 06:19:02 | 000,871,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe [2012.03.15 00:02:14 | 000,871,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.03.16 03:16:16 | 000,176,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.03.05 20:41:03 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.05.04 19:37:52 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0B4CC538-B423-B589-123E-74A0F4894364}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Gruß, loliver |
02.04.2012, 10:15 | #2 |
/// Malware-holic | gema.exe Infektion Win7 64bit hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.02.23 04:52:06 | 000,118,784 | RHS- | C] () -- C:\Users\***\AppData\Roaming\newdev6.dll :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
lade getinfo: File-Upload.net - GetInfo.exe doppelklicken. im selben verzeichniss entsteht eine summary-info.txt deren inhalt posten
__________________ |
02.04.2012, 14:01 | #3 |
| gema.exe Infektion Win7 64bit Hallo Markus,
__________________Vielen Dank für deine Antwort. Ich habe die Schritte wie beschrieben ausgeführt, hat alles problemlos geklappt. Das "MovedFiles"-Archiv habe ich im Uploadchannel hochgeladen, auch hier alles geklappt. Hier nun der Output von OTL: Code:
ATTFilter Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter System volume information: dwHighDateTime = 0x1cac0a4,dwLowDateTime = 0x462389bf System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8 dwSerialNumber = 0x409f32f1 Gruß, loliver |
02.04.2012, 16:20 | #4 | |
/// Malware-holic | gema.exe Infektion Win7 64bit danke für den upload. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.04.2012, 21:10 | #5 |
| gema.exe Infektion Win7 64bit Guten Abend, Danke für die schnelle Antwort. Habe nun ComboFix ausgeführt. Wieso das hosts-File und die beiden jpegs in meinem Benutzerordner (die lagen dort schon ne ganze Weile drin und wurden auch von mir erstellt) gelöscht wurden, ist mir allerdings nicht ganz klar. Hier das Log: Code:
ATTFilter ComboFix 12-04-01.03 - *** 02.04.2012 21:26:44.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3992.2552 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe C:\Recycle.Bin c:\users\***\360.jpg c:\users\***\50_6.jpg c:\windows\security\Database\tmp.edb c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((( Dateien erstellt von 2012-03-02 bis 2012-04-02 )))))))))))))))))))))))))))))) . . 2012-04-02 19:37 . 2012-04-02 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-02 11:47 . 2012-04-02 12:17 -------- d-----w- C:\_OTL 2012-03-30 23:05 . 2012-03-30 23:05 -------- d-----w- c:\users\***\AppData\Local\DDMSettings 2012-03-30 18:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D11A9EB3-2DEC-4171-B9A1-F828E385B700}\mpengine.dll 2012-03-30 12:55 . 2012-03-30 12:55 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 21:26 . 2012-03-29 21:27 -------- d-----w- c:\users\***\ELSTER 2012-03-29 21:22 . 2012-03-29 21:22 -------- d-----w- c:\users\***\AppData\Roaming\elsterformular 2012-03-29 21:22 . 2012-03-29 21:22 -------- d-----w- c:\programdata\elsterformular 2012-03-29 21:22 . 2012-03-29 21:22 -------- d-----w- c:\program files (x86)\ElsterFormular 2012-03-26 19:29 . 2012-03-26 19:30 -------- d-----w- c:\users\***\zimmar 2012-03-21 23:23 . 2012-03-30 18:08 -------- d-----w- c:\users\***\riotsGamesLogs 2012-03-19 21:39 . 2012-03-19 21:39 -------- d-----w- c:\users\***\AppData\Roaming\LolClient 2012-03-19 20:08 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2012-03-19 20:08 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2012-03-19 20:08 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2012-03-19 20:08 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2012-03-19 20:08 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2012-03-19 16:33 . 2012-03-30 19:36 -------- d-----w- c:\users\***\AppData\Local\PMB Files 2012-03-19 16:33 . 2012-03-30 19:36 -------- d-----w- c:\programdata\PMB Files 2012-03-19 16:32 . 2012-03-19 16:32 -------- d-----w- c:\program files (x86)\Pando Networks 2012-03-14 21:29 . 2012-03-14 21:30 -------- d-----w- c:\program files (x86)\Vectorworks 2012 Hilfe 2012-03-14 21:26 . 2012-03-14 21:26 -------- d-----w- c:\program files (x86)\QuickTime 2012-03-14 21:26 . 2012-03-14 21:26 -------- d-----w- c:\programdata\Apple Computer 2012-03-14 21:25 . 2012-03-14 21:25 -------- d-----w- c:\programdata\Apple 2012-03-14 21:25 . 2012-03-14 21:25 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-03-14 17:01 . 2012-03-14 17:01 -------- d-----w- c:\program files\Propellerhead 2012-03-14 14:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 14:13 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 14:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 14:12 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 14:12 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 14:12 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 14:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 14:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 14:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 14:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:03 . 2012-03-13 23:03 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll 2012-03-13 23:03 . 2012-03-13 23:03 406528 ----a-w- c:\windows\SysWow64\ReWire.dll 2012-03-13 22:53 . 2012-03-13 23:03 -------- d-----w- c:\programdata\Propellerhead Software 2012-03-13 21:44 . 2012-03-13 22:53 -------- d-----w- c:\users\***\AppData\Roaming\Propellerhead Software 2012-03-13 21:44 . 2012-03-13 21:44 -------- d-----w- c:\program files (x86)\Bome's Mouse Keyboard 2012-03-13 21:43 . 2012-03-13 21:43 -------- d-----w- c:\program files (x86)\nerds.de 2012-03-12 23:43 . 2012-03-12 23:43 -------- d-----w- c:\windows\system32\SPReview 2012-03-12 23:04 . 2010-11-20 04:00 2560 ----a-w- c:\windows\system32\drivers\de-DE\rdpwd.sys.mui 2012-03-12 23:04 . 2010-11-20 04:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui 2012-03-12 23:04 . 2010-11-20 04:07 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui 2012-03-12 23:04 . 2010-11-20 04:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui 2012-03-12 23:04 . 2010-11-20 04:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui 2012-03-12 22:54 . 2010-11-20 04:26 69120 ----a-w- c:\windows\system32\dot3cfg.dll 2012-03-12 22:53 . 2010-11-20 04:27 263168 ----a-w- c:\windows\system32\vpnike.dll 2012-03-12 22:43 . 2012-03-12 22:43 -------- d-----w- c:\windows\system32\EventProviders 2012-03-12 19:43 . 2012-03-12 19:43 -------- d-----w- c:\users\***\AppData\Local\Proxure 2012-03-12 19:41 . 2012-03-12 19:41 -------- d-----w- c:\programdata\ClubSanDisk 2012-03-12 17:13 . 2012-03-12 17:13 -------- d-----w- c:\windows\SysWow64\Wat 2012-03-12 17:13 . 2012-03-12 17:13 -------- d-----w- c:\windows\system32\Wat 2012-03-12 13:50 . 2012-03-13 05:13 -------- d-----w- c:\windows\rescache 2012-03-10 21:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-03-10 21:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-03-10 21:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-03-10 21:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-03-10 21:48 . 2012-03-10 21:48 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2012-03-10 21:48 . 2012-03-10 21:48 -------- d-----w- c:\program files (x86)\Connectify 2012-03-10 21:48 . 2012-03-10 21:57 -------- d-----w- c:\programdata\Connectify 2012-03-10 01:42 . 2012-03-10 01:42 -------- d-----w- c:\users\***\AppData\Roaming\ImgBurn 2012-03-10 01:30 . 2012-03-10 01:30 -------- d-----w- c:\program files (x86)\ImgBurn 2012-03-08 11:17 . 2012-03-08 11:17 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2012-03-08 01:33 . 2012-03-08 01:33 -------- dc----w- c:\users\***\AppData\Local\MigWiz 2012-03-07 20:08 . 2012-03-07 20:08 -------- d-----w- c:\users\***\AppData\Roaming\com.adobe.dmp.contentviewer 2012-03-07 00:11 . 2012-03-07 00:11 -------- d-----w- c:\users\***\AppData\Roaming\MiKTeX 2012-03-07 00:11 . 2012-03-07 00:11 -------- d-----w- c:\users\***\AppData\Local\MiKTeX 2012-03-06 23:43 . 2012-03-07 00:04 -------- d-----w- c:\program files (x86)\MiKTeX 2012-03-06 23:27 . 2012-03-13 00:55 -------- d-----w- c:\users\***\LaTeX 2012-03-06 22:52 . 2012-03-06 22:52 -------- d-----w- c:\users\***\AppData\Roaming\xm1 2012-03-06 22:52 . 2012-03-06 22:52 -------- d-----w- c:\program files (x86)\Texmaker 2012-03-06 22:28 . 2012-03-06 22:28 -------- d-----w- c:\program files\Ghostgum 2012-03-06 22:27 . 2012-03-06 22:27 -------- d-----w- c:\program files\gs . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-30 12:55 . 2011-05-19 12:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-12 23:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-12 23:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-02-23 08:18 . 2011-05-04 16:55 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl 2010-09-08 02:29 . 2011-05-04 17:05 152064 ----a-w- c:\program files\fonts.exe 2010-06-08 08:16 . 2011-06-05 17:58 793088 ----a-w- c:\program files (x86)\lame.exe 2010-06-08 08:16 . 2011-06-05 17:58 628224 ----a-w- c:\program files (x86)\lame_enc.dll 2008-07-04 07:25 . 2011-05-04 17:05 544768 ----a-w- c:\program files\lame.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-05-04 494616] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-22 98304] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-12 1431888] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656] R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x] S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-06 167960] S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-14 99864] S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-06 1543704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] . . Inhalt des "geplante Tasks" Ordners . 2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:55] . 2012-04-02 c:\windows\Tasks\Allplan AutoUpdate 2011.job - c:\program files (x86)\Nemetschek\Allplan_1\prg\LaunchAllplanAutoUpdate.exe [2011-05-04 15:26] . 2012-04-02 c:\windows\Tasks\WebContent AutoUpdate 2011.job - c:\program files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe [2011-05-04 15:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-22 414744] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592] "combofix"="c:\combofix\CF28522.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-(Standard) - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe c:\program files (x86)\Connectify\ConnectifyD.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-04-02 21:52:14 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-04-02 19:52 . Vor Suchlauf: 26 Verzeichnis(se), 28.937.797.632 Bytes frei Nach Suchlauf: 31 Verzeichnis(se), 28.363.034.624 Bytes frei . - - End Of File - - D8FC8B530177AB24DD1A356606B0E582 loliver |
03.04.2012, 12:07 | #6 |
/// Malware-holic | gema.exe Infektion Win7 64bit malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> gema.exe Infektion Win7 64bit |
03.04.2012, 17:27 | #7 |
| gema.exe Infektion Win7 64bit Guten Abend, Ich habe nun den Malwarebytes-Scan gemacht, hat soweit auch alles geklappt. Allerdings ist danach ein unangenehmes Problem aufgetreten: Nachdem Malwarebytes nach dem Scan den Computer neu gestartet hatte, habe ich probiert meine Antivirenprogramm Sophos zu öffnen, da es während des Malwarebytes-Scans einen Adware-Fund angezeigt hatte (als Tooltip vom "On-access-Scan", also ich denke weil Malwarebytes auf die Datei zugegriffen hat). Sophos ließ sich allerdings nicht öffnen, stattdessen erschien die Sanduhr und es ging nichts mehr. Der Taskmanager ließ sich nicht öffnen Alt+Ctrl+Del ging nicht nicht, Win+D auch nicht. Also habe ich den Computer mithilfe des Ein/Aus-Schalter "heruntergefahren", nach dem Neustart noch einmla probiert Sophos zu öffnen, wieder dasselbe. Was mich außerdem stutzig macht, ist der Fund des Malwarebytes-Scan. Es handelt sich hierbei um den LAME-Encoder, den ich schon x-fach verwendet habe (also genau diese Datei). Malwarebytes erkennt ihn nun als Spyware... Ich hoffe ich habe alles richtig gemacht. Jetzt wollte ich gerade hier das Malwarebytes-Log posten, probiere meinen Desktop aufzurufen um festzustellen, dass dieser eingefroren ist... Die Verknüpfungen im Startmenü, welches ich aufrufen kann, funktionieren auch nicht bzw. zeigen keine Reaktion. Ich werde dann wohl wieder meinen gewaltsamen shutdown machen um an das log zu kommen und es hier posten zu können. Ich hoffe ihr könnt mir weiterhelfen. Gruß, loliver EDIT: Habe es gerade geschafft den Taskmanager zu starten. Keine Auffälligkeiten, keine besondere Auslastung oder unbekannte Prozesse/Dienste. Dennoch ist der Desktop noch immer eingefroren. |
03.04.2012, 17:30 | #8 |
/// Malware-holic | gema.exe Infektion Win7 64bit starte halt mal neu und gucke obs noch mal passiert
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.04.2012, 17:33 | #9 |
| gema.exe Infektion Win7 64bit Whoa, das ging ja mehr als schnell. Hier erstmal das MBAM-Log, bevor ich probiere Sophos zu öffnen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: *** [Administrator] Schutz: Aktiviert 03.04.2012 14:50:25 mbam-log-2012-04-03 (14-50-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 633138 Laufzeit: 2 Stunde(n), 5 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\lame_enc.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Auch habe ich in Sophos nun den Threat bereinigt, der während des MBAM Scan gefunden wurde. Es handelte sich um folgendes: Typ: Adware/PUA Name: NirCmd Bereinigung problemlos. Soll ich nun MBAM erstmal aus dem Autostart herausnehmen? Geändert von loliver (03.04.2012 um 17:48 Uhr) |
03.04.2012, 18:06 | #10 |
/// Malware-holic | gema.exe Infektion Win7 64bit gehe mal auf start ausführen msconfig enter systemstart. und schalte dort Malwarebytes aus. dann ok klicken und normal neustarten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.04.2012, 18:14 | #11 |
| gema.exe Infektion Win7 64bit Habe ich gemacht (zusätzlich den Dienst zu MBAM ausgeschaltet). Meine Beobachtung hat sich bestätigt, d.h. ohne MBAM läuft alles super, Sophos lässt sich öffnen etc.. |
04.04.2012, 13:57 | #12 |
/// Malware-holic | gema.exe Infektion Win7 64bit ok, aber als freeware lösung kannst du ja mbam behalten und von zeit zu zeit nutzen. lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.04.2012, 14:15 | #13 |
| gema.exe Infektion Win7 64bit So, hier die Liste der installierten Programme: Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 04.05.2011 4,53MB 9.20.00.0 notwendig Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 13.01.2012 2.493MB 10.1.2 notwendig Adobe AIR Adobe Systems Incorporated 05.03.2012 3.1.0.4880 notwendig Adobe Community Help Adobe Systems Incorporated. 05.05.2011 3.4.980 notwendig Adobe Content Viewer Adobe Systems Incorporated 07.03.2012 1.4.0 notwendig Adobe Download Assistant Adobe Systems Incorporated 20.08.2011 1.0.3 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.08.2011 2,72MB 10.2.153.1 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 11.2.202.228 notwendig Adobe Flash Professional CS5.5 Adobe Systems Incorporated 11.5 notwendig Adobe Illustrator CS5.1 Adobe Systems Incorporated 15.1 notwendig Adobe InDesign CS5.5 Adobe Systems Incorporated 7.5 notwendig Adobe Photoshop CS5.1 Adobe Systems Incorporated 12.1 notwendig Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 12.01.2012 195,7MB 10.1.2 notwendig Amazon MP3-Downloader 1.0.9 unnötig Apple Application Support Apple Inc. 14.03.2012 52,8MB 1.4.1 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 04.05.2011 22,3MB 3.0.782.0 unbekannt ATI Uninstaller ATI Technologies, Inc. 8.752.4-101022a-107489C-Lenovo unbekannt AuthenTec TrueSuite AuthenTec, Inc. 15.05.2011 6,64MB 2.0.0.57 notwendig AutoCAD Architecture 2012 - Deutsch Autodesk 01.01.1970 6.7.49.0 notwendig Autodesk Content Service Autodesk 13.07.2011 95,9MB 2.0.90 notwendig Autodesk Design Review 2012 Autodesk, Inc. 13.07.2011 12.0.0.93 notwendig Autodesk Inventor Fusion 2012 Autodesk, Inc. 13.07.2011 1.0.0.79 notwendig Autodesk Material Library 2012 Autodesk 13.07.2011 97,9MB 2.5.0.8 notwendig Autodesk Material Library Base Resolution Image Library 2012 Autodesk 13.07.2011 71,4MB 2.5.0.8 notwendig Avira UnErase Personal unnötig Bome's Mouse Keyboard 2.00 Bome Software 13.03.2012 notwendig Brother MFL-Pro Suite MFC-5890CN Brother Industries, Ltd. 24.08.2011 1.0.1.0 notwendig CCleaner Piriform 3.17 unnötig CINEMA 4D 13.051 MAXON Computer GmbH 12.01.2012 13.051 notwendig Conexant 20561 SmartAudio HD Conexant 4.92.10.0 notwendig Connectify Connectify 3.3.0.23104 notwendig DAEMON Tools Lite DT Soft Ltd 4.41.3.0173 notwendig DivX-Setup DivX, LLC 2.6.1.8 unnötig Dropbox Dropbox, Inc. 1.3.27 notwendig DVD Decrypter (Remove Only) notwendig ElsterFormular Landesfinanzdirektion Thüringen 13.1.1.8531p notwendig FileZilla Client 3.5.3 FileZilla Project 3.5.3 notwendig FLAC 1.2.1b (remove only) Xiph.org 1.2.1b notwendig foobar2000 v1.1.6 Peter Pawlowski 1.1.6 notwendig FreeCommander 2009.02b Marek Jasinski 28.01.2012 2009.02 notwendig Google SketchUp Pro 8 Google, Inc. 29.11.2011 135,7MB 3.0.3117 notwendig GPL Ghostscript Artifex Software Inc. 9.05 notwendig GSview 5.0 Ghostgum Software Pty Ltd 5.0 notwendig HandBrake 0.9.6 0.9.6 notwendig ImgBurn LIGHTNING UK! 10.03.2012 2.5.6.0 notwendig InfraRecorder Christian Kindahl notwendig Intel(R) Network Connections Drivers notwendig Java(TM) 6 Update 22 Oracle 04.05.2011 97,1MB 6.0.220 notwendig K-Meleon 1.5.4 de-DE (nur entfernen) K-Meleon Team 1.5.4 notwendig League of Legends Riot Games 19.03.2012 1.02.0000 unnötig Lenovo Auto Scroll Utility 1.00 notwendig Lenovo System Interface Driver 1.05 notwendig LoopBe1 - Internal MIDI Port notwendig Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 03.04.2012 1.60.1.1000 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.03.2012 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 14.07.2011 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 11.03.2012 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 13.07.2011 4.0.30319 notwendig Microsoft Report Viewer Redistributable 2008 SP1 Microsoft Corporation 04.05.2011 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 04.05.2011 0,34MB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12.01.2012 0,69MB 8.0.56336 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 04.05.2011 0,77MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.05.2011 0,58MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.05.2011 0,57MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 13.07.2011 11,0MB 10.0.30319 notwendig MiKTeX 2.9 MiKTeX.org 2.9 notwendig Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 11.0.1 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.05.2011 1,28MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.05.2011 1,33MB 4.20.9876.0 notwendig Nemetschek Allplan 2011 Nemetschek Allplan GmbH 2011.0 notwendig Nemetschek SoftLock 2006 1.26.49 notwendig Nokia Connectivity Cable Driver Nokia 08.11.2011 4,21MB 7.1.48.0 unnötig Nokia Suite Nokia 08.11.2011 3.2.100.0 notwendig Notepad++ 5.9.8 notwendig OpenOffice.org 3.3 OpenOffice.org 04.05.2011 409MB 3.3.9567 notwendig Opera 11.61 Opera Software ASA 11.61.1250 notwendig Panasonic ByteFM 1.1 Panasonic ByteFM Player 1.1 notwendig Pando Media Booster Pando Networks Inc. 2.6.0.6 unnötig PC Connectivity Solution Nokia 08.11.2011 20,8MB 11.5.13.0 unnötig PDFCreator Frank Heindörfer, Philip Chinery 13.09.2011 1.2.3 notwendig QuickTime Apple Inc. 14.03.2012 73,7MB 7.69.80.9 notwendig Reason 5.0 Propellerhead Software AB 13.03.2012 5.0 notwendig Renamer 1.1 Mediachance.com 23.08.2011 notwendig Rhinoceros 4.0 McNeel & Associates 16.05.2011 172,2MB 4.0.20118 notwendig Skype™ 5.5 Skype Technologies S.A. 26.01.2012 17,0MB 5.5.124 notwendig Sophos Anti-Virus Sophos Limited 08.03.2012 26,8MB 9.7.7 notwendig Sophos AutoUpdate Sophos Limited 04.09.2011 9,85MB 2.5.10 notwendig Texmaker notwendig ThinkPad Energie-Manager 3.61 notwendig ThinkPad FullScreen Magnifier 2.24 notwendig ThinkPad Power Management Driver 1.62.00.00 notwendig ThinkPad UltraNav Driver 15.2.20.0 notwendig ThinkVantage Access Connections Lenovo 23.05.2011 76,2MB 5.83 notwendig ThinkVantage Communications Utility Lenovo 23.05.2011 1.43 notwendig V-Ray for SketchUp ASGVIS 1.48.89 notwendig Vectorworks 2011 Hilfe UNKNOWN 04.05.2011 1.1 notwendig Vectorworks 2012 Hilfe UNKNOWN 14.03.2012 1.0 notwendig VLC media player 1.1.11 VideoLAN 1.1.11 notwendig Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) Broadcom 04/08/2010 6.3.5.430 notwendig Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 07/28/2009 6.2.0.9800 notwendig Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 08/22/2008 7.0.0.0 unnötig µTorrent 2.2.1 notwendig |
04.04.2012, 18:03 | #14 |
/// Malware-holic | gema.exe Infektion Win7 64bit deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon Avira UnErase DivX Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: League öffne CCleaner analysieren, ccleanr starten, pc neustarten testen wie das system läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu gema.exe Infektion Win7 64bit |
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, adobe flash player, bho, browser, computer, ebanking, error, explorer, firefox, flash player, format, helper, home, igdpmd64.sys, lenovo, lightning, logfile, mozilla thunderbird, neu aufsetzen, nvidia, nvstor.sys, ordner, plug-in, port, problem, programme, prozess, pwmtr64v.dll, registry, rundll, scan, searchscopes, software, win7 64bit, winlogon.exe, wrapper |