Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gema Trojaner auf Win 7 32-Bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.03.2012, 21:13   #1
Stoin
 
Gema Trojaner auf Win 7 32-Bit - Standard

Gema Trojaner auf Win 7 32-Bit



Hallo,
auch ich bin von dem so bekannten Gema Trojaner/Virus betroffen. Ich konnte durch ein kleines bisschen Geduld jedoch komischer weise ohne Boot CD den OTL Scan durchführen. Nachdem ich die gema.exe mit dem Tastmgr. geschlossen habe hat meit Antivir diese und eine 2. datei mit dem Namen mor.exe als Virus erkannt diese habe ich in die Quarantäne verschoben im Anhang die OTL Scan Log.

Code:
ATTFilter
OTL logfile created on: 21.03.2012 17:03:16 - Run 2
OTL by OldTimer - Version 3.2.38.0     Folder = C:\Users\Stein\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,48% Memory free
3,61 Gb Paging File | 2,18 Gb Available in Paging File | 60,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 2,70 Gb Free Space | 1,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC-STEIN | User Name: Stein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.16 08:32:04 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Stein\Downloads\OTL.exe
PRC - [2012.02.25 17:08:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.10 04:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.10 04:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.15 15:31:00 | 000,693,760 | ---- | M] (Totem Entertainment) -- C:\Users\Stein\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
PRC - [2011.12.14 16:28:18 | 001,423,872 | ---- | M] (Totem Entertainment) -- C:\Users\Stein\AppData\Local\vghd\bin\vghd.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.10 10:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009.12.10 10:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009.12.10 10:01:12 | 000,477,704 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2009.12.10 10:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009.12.10 10:00:32 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009.12.10 10:00:22 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2009.12.10 10:00:12 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.14 02:14:48 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPSideShowGadget.exe
PRC - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.12.03 11:09:42 | 000,911,184 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.12.03 11:06:38 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.12.03 11:06:08 | 002,622,104 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.15 19:44:32 | 000,177,560 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\10017\components\AcroFF017.dll
MOD - [2012.02.25 17:08:40 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 20:05:16 | 000,360,768 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.12.15 15:30:58 | 000,073,216 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\System.dll
MOD - [2011.11.16 14:33:10 | 000,029,184 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\imageformats\qico4.dll
MOD - [2011.11.16 14:33:08 | 000,287,232 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\imageformats\qtiff4.dll
MOD - [2011.11.16 14:32:56 | 000,222,720 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\imageformats\qmng4.dll
MOD - [2011.11.16 14:32:50 | 000,026,624 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\imageformats\qgif4.dll
MOD - [2011.11.16 14:32:46 | 000,200,704 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\imageformats\qjpeg4.dll
MOD - [2011.11.16 14:20:20 | 011,159,552 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\QtWebKit4.dll
MOD - [2011.11.16 13:18:30 | 000,270,336 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\phonon4.dll
MOD - [2011.11.16 13:12:28 | 008,451,072 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\QtGui4.dll
MOD - [2011.11.16 13:04:24 | 000,860,160 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\QtNetwork4.dll
MOD - [2011.11.16 13:03:36 | 000,358,400 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\QtXml4.dll
MOD - [2011.11.16 13:03:28 | 002,349,056 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\QtCore4.dll
MOD - [2011.10.27 16:49:34 | 000,184,832 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\dxmodules.dll
MOD - [2011.06.01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\Windows.dll
MOD - [2011.06.01 14:27:48 | 000,818,176 | ---- | M] () -- C:\Users\Stein\AppData\Local\vghd\bin\vhd.dll
MOD - [2010.09.16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2007.12.03 10:58:28 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a4cp67v3)
DRV - [2012.02.17 13:29:24 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.02.10 05:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.02 23:05:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.12.02 23:05:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.06 15:37:01 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.01.12 17:32:48 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.01.12 17:32:48 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.01.12 17:32:47 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.01.12 17:32:45 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007.06.28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.06.28 11:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 85 70 4D AB 93 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{558615EA-6DC0-43AD-B910-B811407D32B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stein\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stein\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Stein\AppData\Roaming\10017 [2012.03.15 19:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.25 17:08:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 22:59:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Stein\AppData\Roaming\10017 [2012.03.15 19:44:32 | 000,000,000 | ---D | M]
 
[2010.01.31 23:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.31 23:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.04 20:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fsrkfnqp.default\extensions
[2012.03.04 20:00:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Stein\AppData\Roaming\mozilla\Firefox\Profiles\fsrkfnqp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.01.26 19:07:34 | 000,000,881 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\Mozilla\Firefox\Profiles\fsrkfnqp.default\searchplugins\conduit.xml
[2010.02.06 15:38:55 | 000,002,055 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\Mozilla\Firefox\Profiles\fsrkfnqp.default\searchplugins\daemon-search.xml
[2012.03.15 18:49:47 | 000,001,056 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\Mozilla\Firefox\Profiles\fsrkfnqp.default\searchplugins\icqplugin.xml
[2011.12.03 11:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.15 19:44:32 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\10017
[2012.02.25 17:08:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.01.18 20:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.18 20:10:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.18 20:10:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.18 20:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.18 20:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.18 20:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stein\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stein\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stein\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stein\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Black Hole Sun = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjflaldchiphekckakjglcfjiomhjobc\1_0\
CHR - Extension: Castle Age = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjgjgmolalkjmififnbhebieijgkiic\0.0.0.1_0\
CHR - Extension: High Speed \u200B\u200BChase 2 = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbmmcbfdhimcjolpagcdmgdbhmofion\1.1.0_0\
CHR - Extension: Little Alchemy = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\
CHR - Extension: Plants vs Zombies = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: BILD.de aktuell = C:\Users\Stein\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbhljbfcnnkedjdogkhnikeaeanifkg\1.7_0\
 
O1 HOSTS File: ([2011.08.19 22:15:57 | 000,000,895 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 google-analytics.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gema] C:\Windows\system32\gema.exe File not found
O4 - HKLM..\Run: [gema.] C:\ProgramData\gema\gema.exe File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Users\Stein\AppData\Roaming\Uvar\ihov.exe File not found
O4 - HKCU..\Run: [{02439E86-2584-688D-4D65-D5E6A04470B4}] C:\Users\Stein\AppData\Roaming\Uvar\ihov.exe File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [gema] C:\Users\Stein\AppData\Roaming\gema\gema.exe File not found
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Stein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Stein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Stein\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stein\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B526ED8E-C141-440D-B5F7-F4519F3AD713}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Stein\AppData\Roaming\gema\gema.exe) -  File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Stein\AppData\Roaming\gema
[2012.03.19 22:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.18 11:25:35 | 000,000,000 | ---D | C] -- C:\Users\Stein\Desktop\Logs
[2012.03.16 10:10:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.16 10:10:18 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.16 08:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.15 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\Stein\AppData\Roaming\10017
[2012.03.15 19:26:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.15 19:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.15 19:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.15 18:53:18 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.15 18:53:15 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.15 18:50:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.15 18:50:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.15 18:50:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.15 18:50:14 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.05 16:58:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10011
[2012.03.04 19:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10010
[2012.02.29 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Kofeu
[2012.02.29 16:02:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10009
[2012.02.27 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10008
[2012.02.26 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2012.02.25 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10007
[2012.02.25 15:42:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uvar
[2012.02.25 15:42:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Bily
[2012.02.25 15:19:20 | 000,000,000 | ---D | C] -- C:\Users\***\Svs
[2012.02.25 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\WTF
[2012.02.25 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Data
[2012.02.25 10:56:10 | 010,467,920 | ---- | C] (Blizzard Entertainment) -- C:\Users\***\Desktop\Wow.exe
[2012.02.25 10:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.02.25 10:26:10 | 019,443,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.02.25 10:26:10 | 010,816,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.02.25 10:26:10 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.02.25 10:26:10 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012.02.25 10:26:10 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012.02.25 10:26:10 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.02.25 10:26:09 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Stein\AppData\Roaming\*.tmp files -> C:\Users\Stein\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 17:07:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3042394521-1696269923-3786186883-1001UA.job
[2012.03.21 17:04:45 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 17:04:45 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 16:55:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 16:55:07 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 22:42:19 | 000,001,059 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.07474841818614197.exe.lnk
[2012.03.18 11:23:47 | 000,000,174 | ---- | M] () -- C:\Users\***\Desktop\WoW.mfil
[2012.03.16 10:18:55 | 002,230,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.16 10:10:29 | 000,002,401 | ---- | M] () -- C:\Users\Stein\Desktop\Google Chrome.lnk
[2012.03.15 19:26:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 18:03:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 18:03:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 18:03:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 18:03:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.26 10:33:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.25 10:41:12 | 000,000,000 | ---- | M] () -- C:\Users\Stein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.02.25 07:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3042394521-1696269923-3786186883-1001Core.job
[2012.02.24 19:39:54 | 010,467,920 | ---- | M] (Blizzard Entertainment) -- C:\Users\***\Desktop\Wow.exe
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 22:42:19 | 000,001,059 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.07474841818614197.exe.lnk
[2012.03.15 19:26:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.25 10:56:13 | 000,000,174 | ---- | C] () -- C:\Users\***\Desktop\WoW.mfil
[2012.02.25 10:41:12 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.02.09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.12.02 23:05:36 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.12.02 23:05:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.10 19:20:24 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.10 19:20:24 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.10 14:07:15 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011.06.10 14:07:15 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011.04.24 15:33:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

< End of report >
         
Ich hoffe das dies alle Logs sind die benötigt werden und Ihr mir weiter helfen könnt.

Gruß Stoin

Alt 24.03.2012, 18:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner auf Win 7 32-Bit - Standard

Gema Trojaner auf Win 7 32-Bit



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Gema Trojaner auf Win 7 32-Bit
adobe, antivir, avg, avira, bho, black, converter, defender, desktop, explorer, firefox, format, gema trojaner, helper, langs, logfile, mor.exe, mozilla, mp3, nvidia, nvidia update, object, opera, programme, registry, scan, searchscopes, senden, software, trojaner, trojaner/virus, windows



Ähnliche Themen: Gema Trojaner auf Win 7 32-Bit


  1. Gema-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (30)
  2. GEMA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (5)
  3. gema Trojaner
    Log-Analyse und Auswertung - 13.06.2012 (1)
  4. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  5. GEMA-Trojaner..
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (43)
  6. Gema trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (4)
  7. BKA Trojaner und GEMA Trojaner haben mein System infiziert!
    Log-Analyse und Auswertung - 23.03.2012 (4)
  8. Gema-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (13)
  9. Gema Trojaner
    Log-Analyse und Auswertung - 20.03.2012 (3)
  10. Gema Trojaner
    Mülltonne - 20.03.2012 (2)
  11. GEMA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (8)
  12. Gema.exe Trojaner
    Log-Analyse und Auswertung - 09.03.2012 (22)
  13. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  14. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (20)
  15. Gema-Trojaner bzw. Gema Meldung mit blockiertem Rechner
    Log-Analyse und Auswertung - 09.01.2012 (13)
  16. Gema-Trojaner bzw. Gema Meldung mit blockiertem Rechner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (9)
  17. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (4)

Zum Thema Gema Trojaner auf Win 7 32-Bit - Hallo, auch ich bin von dem so bekannten Gema Trojaner/Virus betroffen. Ich konnte durch ein kleines bisschen Geduld jedoch komischer weise ohne Boot CD den OTL Scan durchführen. Nachdem ich - Gema Trojaner auf Win 7 32-Bit...
Archiv
Du betrachtest: Gema Trojaner auf Win 7 32-Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.