| |
| |||||||
Log-Analyse und Auswertung: Trojan.Agent/Gen-KryptikWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.08.2012, 17:31
| #1 |
 |  Trojan.Agent/Gen-Kryptik Hallo zusammen, ich bin total unwissen, was Computer angeht, hatte vor einigen Jahren aber bereits mal einen Trojaner auf dem Laptop und hier wurde mir total super geholfen! Nun ist es leider wieder soweit, ich habe wieder einen Trojaner mit dem Namen "Trojan.Agent/Gen-Kryptik" auf dem PC. Ich habe heute bereits einmal SUPERAntiSpyware durchlaufen lassen und es wurden 352 Datein gefunden und natürlich auch gelöscht. Seitdem funktionieren einige Programme nicht mehr richtig. Ich habe den Trojaner-Name bereits gegoggelt und auch hier gesucht, aber nichts gefunden, vielleicht kann mir jemand von euch helfen!? Muss ich den Laptop nun erneut aufsetzen? Oder gibt es eine Alternative? Danke im Voraus, Friedi |
|
27.08.2012, 17:53
| #2 |
| | Trojan.Agent/Gen-Kryptik OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 27.08.2012 18:37:01 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 56,86% Memory free 7,81 Gb Paging File | 6,03 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 47,21 Gb Free Space | 39,60% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 84,15 Gb Free Space | 54,69% Space Free | Partition Type: NTFS Computer Name: FRIEDI | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.27 18:33:02 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.08.09 10:27:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.01 09:42:44 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011.10.04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.09.08 23:48:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.09.08 23:48:30 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe PRC - [2011.07.22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2012.06.20 18:12:04 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012.01.06 17:32:34 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2011.09.27 16:04:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.03.04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.08.15 19:15:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.19 22:36:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.09.08 23:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 17:32:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.14 23:16:51 | 000,325,376 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2012.01.06 17:32:12 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2011.10.19 04:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.19 04:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.04 08:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.09.27 16:56:52 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.27 15:25:08 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.09 02:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.02 01:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 01:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011.07.20 18:47:56 | 000,143,144 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 12:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{D09183A7-49A5-4DD6-B0CB-7ABD887A321E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4ed313c9-9552-4345-8f7c-921905686324&apn_sauid=B4CE62CB-51FF-4BEE-BBDB-D9EA36A283A0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "about:home|https://www.mozilla.org/de/plugincheck/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.06.14 18:33:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.10.19 06:36:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.06.14 15:43:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 22:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.27 17:06:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.24 17:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.14 14:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pid0gfu5.default\extensions [2012.05.28 16:56:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pid0gfu5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.28 23:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.24 17:57:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.19 22:36:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.16 18:22:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.16 18:22:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.16 18:22:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.16 18:22:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.16 18:22:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.16 18:22:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.06.21 16:06:51 | 000,002,296 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O1 - Hosts: 127.0.0.1 activate.adobe.de O1 - Hosts: 24 more lines... O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3EDF04F-088F-4B9F-8F54-31A0480AB1B9}: DhcpNameServer = 80.69.100.230 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c8f8ff0e-eb5e-11e1-9da1-c860004f336f}\Shell - "" = AutoRun O33 - MountPoints2\{c8f8ff0e-eb5e-11e1-9da1-c860004f336f}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.26 21:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.26 16:33:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bachelor-Modell [2012.08.26 16:32:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Abschiedsparty [2012.08.25 00:33:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Party [2012.08.23 02:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\BTSS_12_***_*** [2012.08.21 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\21Aug2012 [2012.08.21 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rendering [2012.08.21 17:32:39 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.08.21 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2012.08.21 17:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012.08.21 17:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012.08.21 17:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.08.21 09:09:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bachelor [2012.08.14 00:27:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\tex [2012.08.13 19:39:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\illum [2012.08.09 10:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ========== Files - Modified Within 30 Days ========== [2012.08.27 18:33:02 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.27 18:26:49 | 000,000,178 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.27 18:25:21 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.27 18:16:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.27 18:07:15 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.27 18:06:10 | 000,000,670 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2011.job [2012.08.27 17:38:53 | 001,643,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.27 17:38:53 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.27 17:38:53 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.27 17:38:53 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.27 17:38:53 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.27 17:05:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 17:05:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 16:57:29 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.27 16:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.27 16:57:21 | 3145,764,864 | -HS- | M] () -- C:\hiberfil.sys [2012.08.27 00:54:04 | 049,721,419 | ---- | M] () -- C:\Users\***\Desktop\Abgabe 24.08.2012_Plan 4_Innenhof_12_.pdf [2012.08.27 00:48:32 | 049,721,418 | ---- | M] () -- C:\Users\***\Desktop\Abgabe 24.08.2012_Plan 4_Innenhof_12.pdf [2012.08.27 00:35:21 | 009,160,509 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt2.jpg [2012.08.27 00:10:49 | 003,807,620 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-1.jpg [2012.08.27 00:06:29 | 005,549,883 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen_Mauer.jpg [2012.08.27 00:04:04 | 022,182,283 | ---- | M] () -- C:\Users\***\Desktop\Renderung_Hof_1.jpg [2012.08.26 23:42:52 | 001,556,445 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen4_2.jpg [2012.08.26 23:42:12 | 001,568,968 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen4_.jpg [2012.08.26 23:37:46 | 216,454,235 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen4.psd [2012.08.26 23:03:11 | 008,910,145 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt.jpg [2012.08.26 23:02:28 | 332,779,024 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt.psd [2012.08.26 16:45:40 | 000,856,627 | ---- | M] () -- C:\Users\***\Desktop\DSCF0995.jpg [2012.08.25 00:06:46 | 004,018,581 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen4.jpg [2012.08.25 00:04:19 | 004,028,360 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_innen3.jpg [2012.08.24 09:58:32 | 000,104,977 | ---- | M] () -- C:\Users\***\Desktop\Version 2.pdf [2012.08.24 01:10:45 | 006,692,095 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis_Hof.jpg [2012.08.23 21:48:36 | 000,015,574 | ---- | M] () -- C:\Users\***\Desktop\Innenverkleidung.c4d [2012.08.23 02:38:20 | 000,035,171 | ---- | M] () -- C:\Users\***\Desktop\Modellschilder.pdf [2012.08.23 01:59:20 | 005,061,722 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-3.pdf [2012.08.23 01:50:03 | 016,308,738 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-3.jpg [2012.08.23 01:45:18 | 000,042,304 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-2.pdf [2012.08.23 01:17:20 | 005,061,764 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-1.pdf [2012.08.23 01:13:05 | 037,166,648 | ---- | M] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu2.jpg [2012.08.23 00:52:11 | 085,555,958 | ---- | M] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu.psd [2012.08.23 00:38:52 | 004,224,827 | ---- | M] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu.jpg [2012.08.23 00:37:26 | 085,584,271 | ---- | M] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeitet.psd [2012.08.22 08:24:07 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011-1.job [2012.08.22 01:08:14 | 015,036,565 | ---- | M] () -- C:\Users\***\Desktop\Innenraumperspektive.jpg [2012.08.22 01:05:19 | 027,817,920 | ---- | M] () -- C:\Users\***\Desktop\Bachelorthesis.c4d [2012.08.22 00:46:40 | 013,494,831 | ---- | M] () -- C:\Users\***\Desktop\Außenperspektive_Plan.jpg [2012.08.22 00:42:47 | 005,415,313 | ---- | M] () -- C:\Users\***\Desktop\thesis-bearbeitet.jpg [2012.08.22 00:42:12 | 138,943,011 | ---- | M] () -- C:\Users\***\Desktop\thesis.psd [2012.08.22 00:42:02 | 006,175,472 | ---- | M] () -- C:\Users\***\Desktop\thesis_1.jpg [2012.08.22 00:19:10 | 000,848,841 | ---- | M] () -- C:\Users\***\Desktop\wiese_meadow003.jpg [2012.08.21 23:33:44 | 001,817,470 | ---- | M] () -- C:\Users\***\Desktop\Außenperspektive_bearbeitet.jpg [2012.08.21 23:32:19 | 002,369,236 | ---- | M] () -- C:\Users\***\Desktop\Außenperspektive..jpg [2012.08.21 22:44:26 | 003,519,096 | ---- | M] () -- C:\Users\***\Desktop\thesis.jpg [2012.08.21 22:43:40 | 003,519,096 | ---- | M] () -- C:\Users\***\Desktop\123.jpg [2012.08.21 22:22:31 | 003,516,380 | ---- | M] () -- C:\Users\***\Desktop\123 [2012.08.21 20:12:28 | 002,337,334 | ---- | M] () -- C:\Users\***\Desktop\Rendering_Bachelorthesis_außen.jpg [2012.08.21 19:33:31 | 000,014,793 | ---- | M] () -- C:\Users\***\Desktop\Tisch.c4d [2012.08.21 18:58:55 | 000,002,254 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.08.21 17:32:39 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.08.21 16:54:39 | 000,311,721 | ---- | M] () -- C:\Users\***\Desktop\Innenwände OG.c4d [2012.08.21 15:14:05 | 005,157,761 | ---- | M] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeitet.jpg [2012.08.16 09:21:17 | 004,923,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.14 21:17:44 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.08.08 18:36:37 | 000,100,972 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture_schmal5.jpg [2012.08.08 18:35:36 | 000,103,187 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture_schmal4.jpg [2012.08.08 18:34:24 | 000,107,007 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture_schmal3.jpg [2012.08.08 18:33:00 | 000,104,522 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture_schmal2.jpg [2012.08.08 18:25:53 | 000,123,421 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture_schmal.jpg [2012.08.08 17:45:19 | 002,412,785 | ---- | M] () -- C:\Users\***\Desktop\D51dtexture.jpg ========== Files Created - No Company Name ========== [2012.08.27 18:26:49 | 000,000,178 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.27 18:25:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.27 00:53:49 | 049,721,419 | ---- | C] () -- C:\Users\***\Desktop\Abgabe 24.08.2012_Plan 4_Innenhof_12_.pdf [2012.08.27 00:48:32 | 049,721,418 | ---- | C] () -- C:\Users\***\Desktop\Abgabe 24.08.2012_Plan 4_Innenhof_12.pdf [2012.08.27 00:35:18 | 009,160,509 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt2.jpg [2012.08.27 00:10:42 | 003,807,620 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-1.jpg [2012.08.27 00:06:28 | 005,549,883 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen_Mauer.jpg [2012.08.27 00:03:43 | 022,182,283 | ---- | C] () -- C:\Users\***\Desktop\Renderung_Hof_1.jpg [2012.08.26 23:42:48 | 001,556,445 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen4_2.jpg [2012.08.26 23:42:07 | 001,568,968 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen4_.jpg [2012.08.26 23:31:12 | 216,454,235 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen4.psd [2012.08.26 23:03:06 | 008,910,145 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt.jpg [2012.08.26 22:54:36 | 332,779,024 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_Hof-Wiederhergestellt.psd [2012.08.26 16:45:32 | 000,856,627 | ---- | C] () -- C:\Users\***\Desktop\DSCF0995.jpg [2012.08.25 00:06:46 | 004,018,581 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen4.jpg [2012.08.25 00:04:08 | 004,028,360 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_innen3.jpg [2012.08.24 09:58:32 | 000,104,977 | ---- | C] () -- C:\Users\***\Desktop\Version 2.pdf [2012.08.24 01:10:45 | 006,692,095 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis_Hof.jpg [2012.08.23 21:36:15 | 000,015,574 | ---- | C] () -- C:\Users\***\Desktop\Innenverkleidung.c4d [2012.08.23 02:38:18 | 000,035,171 | ---- | C] () -- C:\Users\***\Desktop\Modellschilder.pdf [2012.08.23 01:58:29 | 005,061,722 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-3.pdf [2012.08.23 01:49:57 | 016,308,738 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-3.jpg [2012.08.23 01:45:16 | 000,042,304 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-2.pdf [2012.08.23 01:12:32 | 005,061,764 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-1.pdf [2012.08.23 00:53:22 | 037,166,648 | ---- | C] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu2.jpg [2012.08.23 00:52:09 | 085,555,958 | ---- | C] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu.psd [2012.08.23 00:38:50 | 004,224,827 | ---- | C] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeit_neu.jpg [2012.08.23 00:31:10 | 085,584,271 | ---- | C] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeitet.psd [2012.08.22 01:08:09 | 015,036,565 | ---- | C] () -- C:\Users\***\Desktop\Innenraumperspektive.jpg [2012.08.22 00:46:30 | 013,494,831 | ---- | C] () -- C:\Users\***\Desktop\Außenperspektive_Plan.jpg [2012.08.22 00:42:44 | 005,415,313 | ---- | C] () -- C:\Users\***\Desktop\thesis-bearbeitet.jpg [2012.08.22 00:42:05 | 138,943,011 | ---- | C] () -- C:\Users\***\Desktop\thesis.psd [2012.08.22 00:36:53 | 006,175,472 | ---- | C] () -- C:\Users\***\Desktop\thesis_1.jpg [2012.08.22 00:19:02 | 000,848,841 | ---- | C] () -- C:\Users\***\Desktop\wiese_meadow003.jpg [2012.08.21 23:33:42 | 001,817,470 | ---- | C] () -- C:\Users\***\Desktop\Außenperspektive_bearbeitet.jpg [2012.08.21 23:32:17 | 002,369,236 | ---- | C] () -- C:\Users\***\Desktop\Außenperspektive..jpg [2012.08.21 22:44:26 | 003,519,096 | ---- | C] () -- C:\Users\***\Desktop\thesis.jpg [2012.08.21 22:43:39 | 003,519,096 | ---- | C] () -- C:\Users\***\Desktop\123.jpg [2012.08.21 22:22:30 | 003,516,380 | ---- | C] () -- C:\Users\***\Desktop\123 [2012.08.21 20:12:26 | 002,337,334 | ---- | C] () -- C:\Users\***\Desktop\Rendering_Bachelorthesis_außen.jpg [2012.08.21 19:33:29 | 000,014,793 | ---- | C] () -- C:\Users\***\Desktop\Tisch.c4d [2012.08.21 16:54:38 | 000,311,721 | ---- | C] () -- C:\Users\***\Desktop\Innenwände OG.c4d [2012.08.21 15:14:02 | 005,157,761 | ---- | C] () -- C:\Users\***\Desktop\Foto_Außenperspektive_bearbeitet.jpg [2012.08.13 15:56:49 | 027,817,920 | ---- | C] () -- C:\Users\***\Desktop\Bachelorthesis.c4d [2012.08.08 18:36:36 | 000,100,972 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture_schmal5.jpg [2012.08.08 18:35:35 | 000,103,187 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture_schmal4.jpg [2012.08.08 18:34:24 | 000,107,007 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture_schmal3.jpg [2012.08.08 18:32:58 | 000,104,522 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture_schmal2.jpg [2012.08.08 18:25:52 | 000,123,421 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture_schmal.jpg [2012.08.08 17:45:17 | 002,412,785 | ---- | C] () -- C:\Users\***\Desktop\D51dtexture.jpg [2012.07.14 23:17:59 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\AF15IRTBL.bin [2012.06.23 23:05:41 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.05.24 23:49:30 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll [2012.04.01 09:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.01 09:36:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.04.01 09:34:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.04.01 09:34:56 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.04.01 09:34:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.04.01 09:34:55 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.04.01 09:34:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.04.01 09:34:55 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.01 09:34:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.10.19 06:11:04 | 009,130,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.05.24 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2012.05.25 21:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2012.08.24 01:42:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2012.06.01 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.05.28 16:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.21 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2012.06.24 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2012.05.24 17:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.05.28 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.06.21 16:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.05.24 18:19:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.05.24 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.05.24 17:50:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon [2012.08.22 08:24:07 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job [2012.08.27 00:21:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.27 18:06:10 | 000,000,670 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5D458568 < End of report > |
|
27.08.2012, 18:11
| #3 |
| | Trojan.Agent/Gen-Kryptik Ich hoffe, ich hab alles richtig gemacht!
__________________ |
|
28.08.2012, 15:34
| #4 | |
| /// Helfer-Team  | Trojan.Agent/Gen-Kryptik http://www.trojaner-board.de/122865-...n-kryptik.html Zitat:
Wo ist Malwarebytes Log? |
|
13.10.2012, 00:14
| #5 |
| /// Helfer-Team | Trojan.Agent/Gen-Kryptik Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Trojan.Agent/Gen-Kryptik |
| alter, alternative, aufsetzen, computer, datei, datein, erneut, funktionieren, gesuch, gesucht, hallo zusammen, heute, jahre, laptop, namen, natürlich, nicht mehr, nichts, programme, super, superantispyware, total, troja, trojan.agent/gen-kryptik, trojaner, wissen, zusammen |
Linear-Darstellung
