| |
| |||||||
Log-Analyse und Auswertung: Trojana.Agent.PSWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.11.2012, 08:45
| #1 |
| |  Trojana.Agent.PS Hallo. Ich wurde von mehreren Plagegeister infisziert. Ein Trojaner ist dabei hartnäckiger als ich und kommt immer wieder. Die Symptome sind ein langsameres System und versuchen mich auf andere Webseiten umzuleiten. Habe schon einen OLT, Gmer und defogger wie in der Anleitung laufen lassen. Allerdings wurde die Datei Extras.txt nur beim ersten Durchlauf erstellt, welchen ich leider gelöscht habe, in der Annahme dass diese immer wieder neu erstellt wird. Beim GMER habe ich nur die Systemplatte gescannt, weil ich das in der Anleitung so interpretiert habe. (hat ewig gedauert) Außerdem habe ich auch einen Malwarebytes scan gemacht, welcher den Trojaner in gleich 4 Dateien gefunden hat. Bitte um Hilfe. Lg OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 10:48:59 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,72% Memory free 3,84 Gb Paging File | 3,14 Gb Available in Paging File | 81,82% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 9,45 Gb Free Space | 12,09% Space Free | Partition Type: NTFS Drive D: | 64,08 Gb Total Space | 2,37 Gb Free Space | 3,70% Space Free | Partition Type: NTFS Computer Name: BJOERN | User Name: Björn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 10:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe PRC - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe PRC - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe PRC - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipxism.exe PRC - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe PRC - [2009.09.14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE PRC - [2009.07.13 13:31:44 | 000,109,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2006.06.09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2006.01.20 11:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 20:36:48 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.06.13 20:36:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.13 20:36:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.06.13 20:36:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.05.09 20:31:19 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.11.01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.11.01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.11.01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.11.01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.11.01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.11.01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.11.01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.08 09:10:59 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.08 09:10:59 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.15 17:15:30 | 000,274,432 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\NISWCH.sdc MOD - [2009.06.06 01:32:40 | 000,009,728 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITSU.sdc MOD - [2009.06.06 01:32:40 | 000,007,680 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITNR.sdc MOD - [2009.06.06 01:32:38 | 000,021,504 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIHSD.sdc MOD - [2009.06.06 01:32:38 | 000,013,824 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISRC.sdc MOD - [2009.06.06 01:32:38 | 000,013,312 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISL.sdc MOD - [2009.06.06 01:32:38 | 000,012,288 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIDWG.sdc MOD - [2009.06.06 01:32:38 | 000,006,656 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISYNC.sdc MOD - [2009.06.06 01:32:38 | 000,006,144 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIPS.sdc MOD - [2009.06.06 01:32:38 | 000,005,632 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIRFSA.sdc MOD - [2009.06.06 01:32:38 | 000,005,120 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NI5690.sdc MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe MOD - [2006.06.09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Programme\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll MOD - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe MOD - [2006.01.20 11:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2006.01.20 11:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2006.01.20 11:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2006.01.20 11:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2006.01.20 11:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll MOD - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipxism.exe -- (nipxirmu) SRV - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2005.12.09 09:40:04 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxkl.sys -- (usb6xxxk) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.21 07:22:02 | 000,072,588 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsnoop.sys -- (usbsnoop) DRV - [2011.12.20 19:58:52 | 000,099,488 | ---- | M] (USBlyzer Team) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBlyzer.sys -- (USBlyzer) DRV - [2011.06.27 15:03:28 | 000,036,648 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hhdusbh32.sys -- (hhdusbh32) DRV - [2011.04.22 07:42:34 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.11.16 08:54:00 | 000,060,552 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.11.16 08:53:00 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.11.08 08:56:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.06.22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2010.01.10 03:53:04 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2010.01.10 03:52:36 | 000,597,592 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK) DRV - [2010.01.10 03:51:00 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2009.12.15 13:52:56 | 000,017,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock) DRV - [2009.11.13 15:15:48 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.20 13:52:48 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k) DRV - [2009.10.20 13:52:46 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2009.10.20 13:52:44 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k) DRV - [2009.10.13 15:14:52 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2009.09.30 13:08:36 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk) DRV - [2009.09.23 20:54:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2009.09.21 19:00:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk) DRV - [2009.09.21 18:59:34 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicsrkl.sys -- (nicsrk) DRV - [2009.09.21 18:58:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niraptrkl.sys -- (niraptrk) DRV - [2009.09.21 18:58:22 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkw.sys -- (niufurkw) DRV - [2009.09.21 18:58:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk) DRV - [2009.09.21 18:54:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkw.sys -- (nixsrkw) DRV - [2009.09.21 18:50:30 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkl.sys -- (niufurk) DRV - [2009.09.09 16:35:34 | 000,011,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc3rkl.sys -- (nistc3rk) DRV - [2009.09.03 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2009.09.01 09:53:28 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk) DRV - [2009.08.31 15:28:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark) DRV - [2009.08.31 14:24:02 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork) DRV - [2009.08.31 14:15:46 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk) DRV - [2009.08.24 15:08:34 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k) DRV - [2009.08.18 18:30:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk) DRV - [2009.07.15 16:04:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk) DRV - [2009.07.14 13:58:26 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk) DRV - [2009.07.14 13:58:14 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk) DRV - [2009.07.14 13:35:10 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk) DRV - [2009.07.14 10:00:38 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk) DRV - [2009.07.13 22:13:46 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk) DRV - [2009.07.13 20:44:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk) DRV - [2009.07.13 18:30:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk) DRV - [2009.07.07 17:34:44 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2009.07.07 16:50:20 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk) DRV - [2009.07.07 10:23:02 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2009.06.17 00:05:26 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk) DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk) DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.06.06 01:31:00 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2009.06.06 01:30:58 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2009.03.05 15:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK) DRV - [2009.01.05 10:19:28 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k) DRV - [2008.12.05 16:21:24 | 000,020,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk) DRV - [2008.07.03 18:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008.06.25 12:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.03.01 08:17:46 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.07.24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.03.23 08:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.03.23 08:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.03.15 07:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.01.20 11:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.06.14 13:22:42 | 000,026,880 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207BDA.sys -- (M9207) DRV - [2005.06.10 06:55:54 | 000,076,219 | R--- | M] (TVBox) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVBOX.sys -- (ULiM9205) DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{314AC616-1173-4D1C-AC1F-99B585426B39}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{48460A60-537A-4B29-8C70-9AF3A79CBCA4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{759842BB-4EB6-4E44-9A70-135AA22E6092}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{BBD1A716-0F3E-4390-B1CD-FC0731262E2A}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.09 18:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.09 18:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mozilla\Extensions [2012.10.09 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DTVRemote] C:\Programme\DTV\RemoteControl.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - HKCU..\Run: [1und1Dispatcher] "C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe" xp File not found O4 - HKCU..\Run: [Automatisch Epson Stylus SX420W(Netzwerk) auf FLORA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Epson Stylus SX420W(Netzwerk)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\nwprovau.dll File not found O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352808868515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\schmap-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.15 17:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 09:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\CyberLink PowerDVD 8 [2012.11.16 08:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2012.11.16 08:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0 [2012.11.16 08:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012.11.16 08:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.15 10:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:41:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.14 19:32:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Björn\IECompatCache [2012.11.14 17:42:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Outlook-Dateien [2012.11.14 17:13:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\bew [2012.11.11 11:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DVDVideoSoft [2012.11.09 16:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.11.05 16:41:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Programme\SDP Multimedia [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SDP Multimedia [2012.10.29 06:55:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.10.29 06:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.10.25 09:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2012.10.25 08:00:18 | 000,036,648 | ---- | C] (HHD Software Ltd.) -- C:\WINDOWS\System32\drivers\hhdusbh32.sys [2012.10.25 08:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Device Monitoring Studio [2012.10.25 07:53:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.10.25 07:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.25 07:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\My Documents [2012.10.25 07:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\device monitoring [2012.10.25 06:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DMS Log Files [2012.10.25 06:11:22 | 000,000,000 | ---D | C] -- C:\Programme\HHD Software [2012.10.24 17:39:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\USBlyzer [2012.10.24 17:39:08 | 000,000,000 | ---D | C] -- C:\Programme\USBlyzer [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.16 09:33:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.16 09:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.16 09:29:58 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 09:07:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.16 08:20:36 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 10:48:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.13 16:55:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\spider.sav [2012.11.13 10:18:48 | 000,087,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.12 20:14:47 | 000,520,360 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.12 20:14:47 | 000,491,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.12 20:14:47 | 000,110,040 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.12 20:14:47 | 000,090,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.12 16:11:29 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Microsoft Word 2010.lnk [2012.11.05 16:45:06 | 000,432,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Überweisung.pdf [2012.10.24 17:39:09 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.16 09:29:38 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.05 16:45:04 | 000,432,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Überweisung.pdf [2012.10.24 17:39:09 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [2012.09.21 07:22:02 | 000,072,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbsnoop.sys [2012.06.26 19:22:23 | 000,199,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.15 13:58:15 | 000,027,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.jmf-resource [2012.05.14 09:46:11 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll [2012.05.14 09:46:11 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012.05.14 09:46:11 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012.05.14 09:46:11 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012.05.14 09:46:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012.05.14 09:46:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012.05.14 09:46:11 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012.05.14 09:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012.05.14 09:46:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012.05.14 09:46:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012.05.14 09:46:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012.05.14 09:46:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012.05.14 09:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012.05.11 09:28:00 | 000,001,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.JMAppsCfg [2012.05.01 10:12:24 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\MSChtFR.dll [2012.04.30 15:15:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2012.04.30 15:15:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2012.04.30 15:15:29 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2012.04.30 15:15:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2012.04.30 15:15:28 | 010,305,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2012.04.30 15:15:27 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2012.04.30 15:15:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2012.02.15 08:43:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.09 15:37:30 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\gdbtk.ini [2011.06.17 20:32:53 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.06.07 06:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.06 12:22:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE [2011.04.20 17:02:47 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.20 11:53:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.01.20 12:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.12.10 08:42:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2010.12.10 08:42:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2010.08.16 07:04:37 | 000,087,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 17:19:36 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.08.15 17:19:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.06.24 13:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.04.12 15:08:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2010.11.08 08:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.01.15 19:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.10.09 08:17:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.12.16 09:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IVI Foundation [2010.12.16 09:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2011.10.28 17:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions [2011.06.17 20:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2012.04.27 14:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2012.04.27 14:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\1&1 Mail & Media GmbH [2012.08.31 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Audacity [2010.10.05 06:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CadSoft [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe Limited [2012.02.01 19:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CasaPortale.de [2011.06.06 09:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Clonk [2010.11.08 09:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DAEMON Tools Lite [2012.09.29 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2012.09.05 14:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.11.16 08:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2011.01.20 12:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Epson [2010.11.17 19:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GetRightToGo [2012.01.14 11:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC [2012.01.14 11:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.11.05 16:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2011.05.19 09:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Kalypso Media [2011.06.17 11:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Longbow Digital Arts [2012.09.04 17:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mobile Atlas Creator [2012.05.15 09:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Oracle [2012.05.01 07:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Processing [2010.10.26 12:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Schmap [2012.05.21 16:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Softland [2012.03.22 11:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony Online Entertainment [2012.03.08 11:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Unity [2012.10.24 17:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\USBlyzer ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB9701$] -> Error: Cannot create file handle -> Unknown point type < End of report > defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:29 on 16/11/2012 (Björn) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-16 20:22:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: t6qhly6h.exe; Driver: C:\DOKUME~1\BJRN~1\LOKALE~1\Temp\kxtdqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.qhma C:\WINDOWS\system32\DRIVERS\netbt.sys entry point in ".qhma" section [0xA553B3A9]
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) A5561000-A5579000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\RN6\v2.0
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\tÀ 0x90 0xE1 0x43 0xD2 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À 0xE4 0x0F 0xB7 0x65 ...
---- Files - GMER 1.0.15 ----
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getClass.m 236 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getDimensions.m 250 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getFullName.m 785 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getLocations.m 279 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getName.m 230 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getPath.m 230 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\isSame.m 647 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\schema.m 1222 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\STParameterID.m 1437 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\update.m 1294 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\copy.m 933 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\schema.m 986 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\setFormat.m 1839 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\setName.m 583 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\STParameterSpec.m 896 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\copy.m 650 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\schema.m 694 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\setName.m 583 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\STParameterValue.m 676 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findNewInputs.m 1735 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findNewStates.m 2720 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findStateStructElement.m 961 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getinputstruct.m 1526 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getNonAccelReferenceStateBlockNames.m 688 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getstatestruct.m 2268 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getxu.m 5395 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\schema.m 681 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\setxu.m 2913 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\sortstates.m 1325 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\update.m 894 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\display.m 974 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\schema.m 1218 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\update.m 892 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport\display.m 1302 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport\schema.m 1456 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\display.m 1189 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\schema.m 2005 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\update.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\copy.m 2986 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\display.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\loadobj.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\OperatingReport.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\schema.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\setxuydx.m 1698 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\copy.m 2711 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\CreateOpPoint.m 1656 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\CreateOpReport.m 2811 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\display.m 1334 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\findNewOutputs.m 2536 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\getOutputs.m 3330 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\getStateConstraints.m 1837 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\loadobj.m 2604 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\OperatingSpec.m 366 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\removeOutputSpec.m 689 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\schema.m 591 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\sync.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport\display.m 1338 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport\schema.m 1754 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\display.m 1176 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\schema.m 2132 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\update.m 1010 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\display.m 1261 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\schema.m 1712 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\StatePoint.m 507 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\update.m 1796 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePointSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePointSimMech\schema.m 1397 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport\display.m 1548 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport\schema.m 2341 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReportSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReportSimMech\schema.m 1950 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\display.m 1687 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\schema.m 2675 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\StateSpec.m 700 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\update.m 2109 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpecSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpecSimMech\schema.m 1848 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\computeSimMechBlockName.m 511 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\computeSimMechStateName.m 1064 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\copy.m 911 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\findStateStructElement.m 956 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\get.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getinputstruct.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getstatestruct.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getVersion.m 256 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getxu.m 1076 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\isAccelReferenceStateBlockPath.m 736 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\schema.m 191 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\set.m 2107 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\setxu.m 674 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\update.m 656 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset\dataset.m 385 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset\schema.m 944 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\addlisteners.m 255 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\disableListeners.m 151 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\enableListeners.m 149 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\feval.m 4167 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\schema.m 1843 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\addlisteners.m 256 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\disableListeners.m 151 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\enableListeners.m 149 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\feval.m 3766 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\schema.m 1513 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@interp 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@preprocess 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\schema.m 0 bytes
File C:\Programme\Microsoft\MigWiz 0 bytes
File C:\Programme\Microsoft\MigWiz\MIGUIImg.dll 0 bytes
File C:\Programme\Microsoft\MigWiz\autorun.inf 103 bytes
File C:\Programme\Microsoft\MigWiz\cable 0 bytes
File C:\Programme\Microsoft\MigWiz\cmi2migxml.dll 0 bytes
File C:\Programme\Microsoft\MigWiz\csiagent.dll 248832 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\input.dll.mui 26112 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE\migres.dll.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\migsetup.exe.mui 4096 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE\miguires.dll.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\migwiz.exe.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\spwizres.dll.mui 8192 bytes executable
File C:\Programme\Microsoft\MigWiz\dlmanifests 0 bytes
File C:\Programme\Microsoft\MigWiz\dlmanifests\microsoft-windows-iis-logginglibraries-deployment-dl.man 2063 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib 0 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib\X86 0 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\License 0 bytes
File C:\Programme\microsoft frontpage\version3.0 0 bytes
File C:\Programme\microsoft frontpage\version3.0\bin 0 bytes
---- EOF - GMER 1.0.15 ----
Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Björn :: BJOERN [Administrator] Schutz: Aktiviert 16.11.2012 20:32:40 mbam-log-2012-11-17 (08-26-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 694574 Laufzeit: 3 Stunde(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP544\A0126823.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP544\A0126838.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP547\A0127188.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP547\A0127215.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. (Ende) |
|
19.11.2012, 08:17
| #2 |
| /// the machine /// TB-Ausbilder    | Trojana.Agent.PS Hi,
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
19.11.2012, 15:50
| #3 |
| | Trojana.Agent.PS Hallo
__________________Danke für deine Antwort. aswMBR scan durchgeführt. Der Scan an sich war in ein paar sec. fertig. Lg Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 14:51:46
-----------------------------
14:51:46.906 OS Version: Windows 5.1.2600 Service Pack 3
14:51:46.906 Number of processors: 2 586 0xF06
14:51:46.906 ComputerName: BJOERN UserName: Björn
14:51:47.687 Initialize success
15:34:13.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:34:13.609 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:34:13.625 Disk 0 MBR read successfully
15:34:13.625 Disk 0 MBR scan
15:34:13.625 Disk 0 Windows XP default MBR code
15:34:13.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
15:34:13.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 65621 MB offset 163846935
15:34:13.640 Disk 0 scanning sectors +298240705
15:34:13.718 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:21.781 File: C:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
15:34:29.437 Disk 0 trace - called modules:
15:34:29.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88c21698]<<
15:34:29.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89dab8]
15:34:29.468 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x899de030]
15:34:29.468 \Driver\00001287[0x8996c880] -> IRP_MJ_CREATE -> 0x88c21698
15:34:29.468 Scan finished successfully
15:43:00.375 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat"
15:43:00.390 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR.txt"
|
|
19.11.2012, 16:26
| #4 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PSCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.11.2012, 18:13
| #5 |
| | Trojana.Agent.PS hallo! Combofix erfolgreich durchgeführt. Lg [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-16.02 - Björn 19.11.2012 17:22:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2038.1420 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Bj÷rn\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB9701$
c:\windows\$NtUninstallKB9701$\1682454427
c:\windows\$NtUninstallKB9701$\1746161137\@
c:\windows\$NtUninstallKB9701$\1746161137\Desktop.ini
c:\windows\$NtUninstallKB9701$\1746161137\L\00000004.@
c:\windows\$NtUninstallKB9701$\1746161137\L\201d3dde
c:\windows\$NtUninstallKB9701$\1746161137\L\wiqwopya
c:\windows\$NtUninstallKB9701$\1746161137\U\00000004.@
c:\windows\$NtUninstallKB9701$\1746161137\U\00000008.@
c:\windows\$NtUninstallKB9701$\1746161137\U\000000cb.@
c:\windows\$NtUninstallKB9701$\1746161137\U\80000000.@
c:\windows\$NtUninstallKB9701$\1746161137\U\80000032.@
c:\windows\EventSystem.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-19 bis 2012-11-19 ))))))))))))))))))))))))))))))
.
.
2012-11-19 16:10 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-11-19 16:10 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-11-16 07:40 . 2012-11-16 07:40 -------- d-----w- c:\dokumente und einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics
2012-11-15 09:49 . 2012-11-15 09:49 -------- d-----w- c:\dokumente und einstellungen\Björn\Anwendungsdaten\Malwarebytes
2012-11-15 09:49 . 2012-11-15 09:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-15 09:49 . 2012-11-15 09:49 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-11-15 09:49 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 18:32 . 2012-11-14 18:32 -------- d-sh--w- c:\dokumente und einstellungen\Björn\IECompatCache
2012-11-11 12:15 . 2012-11-11 12:15 -------- d-----w- c:\dokumente und einstellungen\DVDVideoSoft\VideoToDVD_Out_Temp
2012-11-11 12:15 . 2012-11-11 12:53 -------- d-----w- c:\dokumente und einstellungen\DVDVideoSoft\VideoToDVD_Temp
2012-11-09 15:49 . 2012-11-16 07:39 -------- d-----w- c:\programme\Ubisoft
2012-11-05 15:41 . 2012-11-05 15:41 -------- d-----w- c:\dokumente und einstellungen\Björn\Anwendungsdaten\Image Zone Express
2012-10-29 14:38 . 2012-10-29 14:38 -------- d-----w- c:\programme\SDP Multimedia
2012-10-29 06:54 . 2012-10-29 06:54 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2012-10-25 07:02 . 2012-10-25 07:02 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-10-25 07:00 . 2011-06-27 14:03 36648 ----a-w- c:\windows\system32\drivers\hhdusbh32.sys
2012-10-25 05:11 . 2012-10-25 05:11 -------- d-----w- c:\programme\HHD Software
2012-10-24 16:39 . 2012-10-24 16:39 -------- d-----w- c:\programme\USBlyzer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 06:22 . 2012-09-21 06:22 72588 ----a-w- c:\windows\system32\drivers\usbsnoop.sys
2012-08-28 15:05 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2004-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\programme\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\programme\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\programme\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 17:03 . 2007-07-24 17:03 118784 ----a-w- c:\programme\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 13:50 . 2008-12-10 13:50 118784 ----a-w- c:\programme\internet explorer\plugins\LV86ActiveXControl.dll
2010-01-08 21:09 . 2010-01-08 21:09 158720 ----a-w- c:\programme\internet explorer\plugins\LV90ActiveXControl.dll
2012-10-06 02:14 . 2012-10-09 17:06 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]
"DTVRemote"="c:\programme\DTV\RemoteControl.exe" [2005-06-10 40960]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RemoteControl8"="c:\programme\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programme\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"niDevMon"="c:\programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2009-07-13 109648]
"EEventManager"="c:\programme\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"HTC Sync Loader"="c:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-04-01 421888]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"AVFX Engine"="c:\programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [07.07.2009 10:23 15448]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [14.05.2009 17:07 759048]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [15.11.2012 10:49 399432]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [15.11.2012 10:49 676936]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [21.08.2008 22:51 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [21.08.2008 22:51 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [05.03.2009 15:17 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [01.12.2009 14:59 193648]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [13.10.2009 15:14 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [12.01.2010 19:47 11360]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [12.08.2011 17:13 87040]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.04.2011 07:42 218688]
R3 hhdusbh32;HHD Software USB Monitoring Filter Driver;c:\windows\system32\drivers\hhdusbh32.sys [25.10.2012 08:00 36648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.11.2012 10:49 22856]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [07.07.2009 16:50 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [24.08.2009 15:08 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [13.07.2009 18:30 11360]
S1 M9207;USB 2.0 DVB-T Hybrid TV BOX;c:\windows\system32\drivers\M9207BDA.sys [03.09.2010 19:46 26880]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [14.01.2012 11:19 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.06.2010 18:01 21248]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [10.01.2011 08:22 28672]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [05.12.2008 16:21 20104]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [20.10.2009 13:52 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [20.10.2009 13:52 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [20.10.2009 13:52 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [15.12.2009 13:52 17480]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [14.07.2009 10:00 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [21.09.2009 18:59 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [13.07.2009 20:44 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [31.08.2009 15:28 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [21.09.2009 18:58 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [14.07.2009 13:34 11336]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [13.07.2009 22:13 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [06.06.2009 01:30 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [06.06.2009 01:31 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [17.06.2009 00:05 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [18.08.2009 18:30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [10.01.2010 03:53 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [10.01.2010 03:51 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [25.06.2008 12:02 20568]
S3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [21.09.2009 18:58 11336]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [14.07.2009 13:58 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [30.09.2009 13:08 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [15.07.2009 16:04 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [14.07.2009 13:58 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [14.07.2009 13:35 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [05.01.2009 10:19 11312]
S3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [09.09.2009 16:35 11328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [31.08.2009 14:15 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [01.09.2009 09:53 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [31.08.2009 14:24 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [21.09.2009 18:50 11368]
S3 niufurkw;niufurkw;c:\windows\system32\drivers\niufurkw.sys [16.12.2010 10:00 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [05.03.2009 15:16 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [12.01.2010 19:47 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [14.07.2009 13:34 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [21.09.2009 19:00 11336]
S3 nixsrkw;nixsrkw;c:\windows\system32\drivers\nixsrkw.sys [21.09.2009 18:54 11336]
S3 ULiM9205;TVBOX service;c:\windows\system32\drivers\TVBOX.sys [03.09.2010 19:45 76219]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [21.09.2012 07:22 72588]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [09.12.2005 09:40 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.11.2010 08:56 691696]
S4 USBlyzer;USBlyzer Capture Driver;c:\windows\system32\drivers\USBlyzer.sys [20.12.2011 19:58 99488]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://hotmail.com/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\dokumente und einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Björn\Anwendungsdaten\Mozilla\Firefox\Profiles\olhgpd4m.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-1und1Dispatcher - c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
AddRemove-uTorrent - c:\programme\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-19 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1979792683-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,27,3e,05,88,90,91,f0,dd,00,f3,45,0e,13,77,67,08,ac,22,15,d1,
ec,42,46,08,94,5e,c3,a7,20,e8,ad,42,fe,47,ea,07,5b,27,da,9c,ff,94,76,bb,e0,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1164)
c:\progra~1\GEMEIN~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programme\National Instruments\MAX\nimxs.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programme\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\programme\National Instruments\Shared\Tagger\tagsrv.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\nipxism.exe
c:\windows\RTHDCPL.EXE
c:\windows\sm56hlpr.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-19 17:55:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-19 16:55
.
Vor Suchlauf: 9.557.348.352 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.474.267.136 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D7D8A54DE23F9E86F652AE3B7AA7E401
|
|
19.11.2012, 19:03
| #6 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PS Supi, poste mal bitte ein frisches OTL und ein frisches AswMbr-Logfile.
__________________ --> Trojana.Agent.PS |
|
19.11.2012, 20:22
| #7 |
| | Trojana.Agent.PS Hallo Hier die Logs. Lg OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2012 19:15:51 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,68% Memory free 3,84 Gb Paging File | 3,18 Gb Available in Paging File | 82,71% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 12,57 Gb Free Space | 16,09% Space Free | Partition Type: NTFS Drive D: | 64,08 Gb Total Space | 2,37 Gb Free Space | 3,70% Space Free | Partition Type: NTFS Computer Name: BJOERN | User Name: Björn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 10:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe PRC - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe PRC - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe PRC - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipxism.exe PRC - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe PRC - [2009.07.13 13:31:44 | 000,109,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe PRC - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2006.06.09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2006.01.20 11:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 20:36:48 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.06.13 20:36:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.13 20:36:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.06.13 20:36:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.05.09 20:31:19 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.11.01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.11.01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.11.01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.11.01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.11.01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.11.01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.11.01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.08 09:10:59 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.08 09:10:59 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.15 17:15:30 | 000,274,432 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\NISWCH.sdc MOD - [2009.06.06 01:32:40 | 000,009,728 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITSU.sdc MOD - [2009.06.06 01:32:40 | 000,007,680 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITNR.sdc MOD - [2009.06.06 01:32:38 | 000,021,504 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIHSD.sdc MOD - [2009.06.06 01:32:38 | 000,013,824 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISRC.sdc MOD - [2009.06.06 01:32:38 | 000,013,312 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISL.sdc MOD - [2009.06.06 01:32:38 | 000,012,288 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIDWG.sdc MOD - [2009.06.06 01:32:38 | 000,006,656 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISYNC.sdc MOD - [2009.06.06 01:32:38 | 000,006,144 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIPS.sdc MOD - [2009.06.06 01:32:38 | 000,005,632 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIRFSA.sdc MOD - [2009.06.06 01:32:38 | 000,005,120 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NI5690.sdc MOD - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe MOD - [2006.06.09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Programme\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll MOD - [2006.01.20 11:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2006.01.20 11:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2006.01.20 11:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2006.01.20 11:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2006.01.20 11:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipxism.exe -- (nipxirmu) SRV - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2005.12.09 09:40:04 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxkl.sys -- (usb6xxxk) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\BJRN~1\LOKALE~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.21 07:22:02 | 000,072,588 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsnoop.sys -- (usbsnoop) DRV - [2011.12.20 19:58:52 | 000,099,488 | ---- | M] (USBlyzer Team) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBlyzer.sys -- (USBlyzer) DRV - [2011.06.27 15:03:28 | 000,036,648 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hhdusbh32.sys -- (hhdusbh32) DRV - [2011.04.22 07:42:34 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.11.16 08:54:00 | 000,060,552 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.11.16 08:53:00 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.11.08 08:56:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.06.22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2010.01.10 03:53:04 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2010.01.10 03:52:36 | 000,597,592 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK) DRV - [2010.01.10 03:51:00 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2009.12.15 13:52:56 | 000,017,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock) DRV - [2009.11.13 15:15:48 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.20 13:52:48 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k) DRV - [2009.10.20 13:52:46 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2009.10.20 13:52:44 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k) DRV - [2009.10.13 15:14:52 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2009.09.30 13:08:36 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk) DRV - [2009.09.23 20:54:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2009.09.21 19:00:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk) DRV - [2009.09.21 18:59:34 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicsrkl.sys -- (nicsrk) DRV - [2009.09.21 18:58:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niraptrkl.sys -- (niraptrk) DRV - [2009.09.21 18:58:22 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkw.sys -- (niufurkw) DRV - [2009.09.21 18:58:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk) DRV - [2009.09.21 18:54:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkw.sys -- (nixsrkw) DRV - [2009.09.21 18:50:30 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkl.sys -- (niufurk) DRV - [2009.09.09 16:35:34 | 000,011,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc3rkl.sys -- (nistc3rk) DRV - [2009.09.03 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2009.09.01 09:53:28 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk) DRV - [2009.08.31 15:28:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark) DRV - [2009.08.31 14:24:02 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork) DRV - [2009.08.31 14:15:46 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk) DRV - [2009.08.24 15:08:34 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k) DRV - [2009.08.18 18:30:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk) DRV - [2009.07.15 16:04:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk) DRV - [2009.07.14 13:58:26 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk) DRV - [2009.07.14 13:58:14 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk) DRV - [2009.07.14 13:35:10 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk) DRV - [2009.07.14 10:00:38 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk) DRV - [2009.07.13 22:13:46 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk) DRV - [2009.07.13 20:44:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk) DRV - [2009.07.13 18:30:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk) DRV - [2009.07.07 17:34:44 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2009.07.07 16:50:20 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk) DRV - [2009.07.07 10:23:02 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2009.06.17 00:05:26 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk) DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk) DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.06.06 01:31:00 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2009.06.06 01:30:58 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2009.03.05 15:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK) DRV - [2009.01.05 10:19:28 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k) DRV - [2008.12.05 16:21:24 | 000,020,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk) DRV - [2008.07.03 18:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008.06.25 12:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.03.01 08:17:46 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.07.24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.03.23 08:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.03.23 08:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.03.15 07:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.01.20 11:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.06.14 13:22:42 | 000,026,880 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207BDA.sys -- (M9207) DRV - [2005.06.10 06:55:54 | 000,076,219 | R--- | M] (TVBox) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVBOX.sys -- (ULiM9205) DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{314AC616-1173-4D1C-AC1F-99B585426B39}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{48460A60-537A-4B29-8C70-9AF3A79CBCA4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{759842BB-4EB6-4E44-9A70-135AA22E6092}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{BBD1A716-0F3E-4390-B1CD-FC0731262E2A}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.09 18:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.09 18:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mozilla\Extensions [2012.10.09 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.19 17:48:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DTVRemote] C:\Programme\DTV\RemoteControl.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352808868515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91384EFC-BD91-452A-A8A3-81AA3168C8D5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\schmap-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.15 17:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.19 18:09:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.19 17:48:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\CyberLink PowerDVD 8 [2012.11.19 17:00:09 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.19 16:50:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.19 16:50:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.19 16:50:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.19 16:50:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.19 16:50:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.19 16:49:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\Verwaltung [2012.11.19 16:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.19 16:48:51 | 005,002,404 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Björn\Desktop\ComboFix.exe [2012.11.19 14:49:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR.exe [2012.11.16 08:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2012.11.16 08:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0 [2012.11.16 08:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012.11.16 08:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.15 10:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:41:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.14 19:32:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Björn\IECompatCache [2012.11.14 17:42:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Outlook-Dateien [2012.11.14 17:13:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\bew [2012.11.11 11:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DVDVideoSoft [2012.11.09 16:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.11.05 16:41:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Programme\SDP Multimedia [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SDP Multimedia [2012.10.29 06:55:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.10.29 06:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.10.25 09:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2012.10.25 08:00:18 | 000,036,648 | ---- | C] (HHD Software Ltd.) -- C:\WINDOWS\System32\drivers\hhdusbh32.sys [2012.10.25 08:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Device Monitoring Studio [2012.10.25 07:53:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.10.25 07:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.25 07:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\My Documents [2012.10.25 07:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\device monitoring [2012.10.25 06:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DMS Log Files [2012.10.25 06:11:22 | 000,000,000 | ---D | C] -- C:\Programme\HHD Software [2012.10.24 17:39:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\USBlyzer [2012.10.24 17:39:08 | 000,000,000 | ---D | C] -- C:\Programme\USBlyzer [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.19 17:53:18 | 000,520,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.19 17:53:18 | 000,492,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.19 17:53:18 | 000,110,456 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.19 17:53:18 | 000,090,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.19 17:50:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.19 17:48:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.19 17:47:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.19 17:00:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.19 16:48:51 | 005,002,404 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Björn\Desktop\ComboFix.exe [2012.11.19 16:22:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.19 15:43:00 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat [2012.11.19 14:49:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR.exe [2012.11.18 17:38:41 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Microsoft Word 2010.lnk [2012.11.16 09:29:58 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 10:48:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.13 16:55:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\spider.sav [2012.11.13 10:18:48 | 000,087,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.24 17:39:09 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 17:00:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.11.19 17:00:11 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.19 16:50:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.19 16:50:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.19 16:50:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.19 16:50:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.19 16:50:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.19 15:43:00 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat [2012.11.16 09:29:38 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.24 17:39:09 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [2012.09.21 07:22:02 | 000,072,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbsnoop.sys [2012.06.26 19:22:23 | 000,199,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.15 13:58:15 | 000,027,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.jmf-resource [2012.05.14 09:46:11 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll [2012.05.14 09:46:11 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012.05.14 09:46:11 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012.05.14 09:46:11 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012.05.14 09:46:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012.05.14 09:46:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012.05.14 09:46:11 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012.05.14 09:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012.05.14 09:46:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012.05.14 09:46:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012.05.14 09:46:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012.05.14 09:46:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012.05.14 09:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012.05.11 09:28:00 | 000,001,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.JMAppsCfg [2012.05.01 10:12:24 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\MSChtFR.dll [2012.04.30 15:15:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2012.04.30 15:15:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2012.04.30 15:15:29 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2012.04.30 15:15:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2012.04.30 15:15:28 | 010,305,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2012.04.30 15:15:27 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2012.04.30 15:15:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2012.02.15 08:43:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.09 15:37:30 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\gdbtk.ini [2011.06.17 20:32:53 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.06.07 06:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.06 12:22:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE [2011.04.20 17:02:47 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.20 11:53:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.01.20 12:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.12.10 08:42:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2010.12.10 08:42:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2010.08.16 07:04:37 | 000,087,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 17:19:36 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.08.15 17:19:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.06.24 13:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.04.12 15:08:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2010.11.08 08:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.01.15 19:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.10.09 08:17:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.12.16 09:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IVI Foundation [2010.12.16 09:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2011.10.28 17:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions [2011.06.17 20:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2012.04.27 14:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2012.04.27 14:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\1&1 Mail & Media GmbH [2012.08.31 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Audacity [2010.10.05 06:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CadSoft [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe Limited [2012.02.01 19:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CasaPortale.de [2011.06.06 09:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Clonk [2010.11.08 09:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DAEMON Tools Lite [2012.09.29 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2012.09.05 14:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.11.16 08:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2011.01.20 12:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Epson [2010.11.17 19:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GetRightToGo [2012.01.14 11:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC [2012.01.14 11:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.11.05 16:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2011.05.19 09:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Kalypso Media [2011.06.17 11:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Longbow Digital Arts [2012.09.04 17:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mobile Atlas Creator [2012.05.15 09:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Oracle [2012.05.01 07:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Processing [2010.10.26 12:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Schmap [2012.05.21 16:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Softland [2012.03.22 11:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony Online Entertainment [2012.03.08 11:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Unity [2012.10.24 17:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\USBlyzer ========== Purity Check ========== < End of report > Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 19:29:09
-----------------------------
19:29:09.328 OS Version: Windows 5.1.2600 Service Pack 3
19:29:09.328 Number of processors: 2 586 0xF06
19:29:09.328 ComputerName: BJOERN UserName: Björn
19:29:10.531 Initialize success
19:52:59.796 AVAST engine defs: 12111900
20:10:29.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:10:29.390 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
20:10:29.406 Disk 0 MBR read successfully
20:10:29.406 Disk 0 MBR scan
20:10:29.468 Disk 0 Windows XP default MBR code
20:10:29.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
20:10:29.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 65621 MB offset 163846935
20:10:29.515 Disk 0 scanning sectors +298240705
20:10:29.640 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:49.546 Service scanning
20:11:18.531 Modules scanning
20:11:39.796 Disk 0 trace - called modules:
20:11:39.812
20:11:40.796 AVAST engine scan C:\WINDOWS
20:11:57.671 AVAST engine scan C:\WINDOWS\system32
20:15:46.921 AVAST engine scan C:\WINDOWS\system32\drivers
20:16:14.171 AVAST engine scan C:\Dokumente und Einstellungen\Björn
20:20:07.843 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat"
20:20:07.859 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR2.txt"
|
|
20.11.2012, 07:09
| #8 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PS Downloade Dir bitte  AdwCleaner auf deinen Desktop.
ESET Online Scanner
Und ein frisches OTL log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.11.2012, 16:58
| #9 |
| | Trojana.Agent.PS Hallo Der ESET (Scan dauerte ~8h) hat noch vier Sachen gefunden, wobei eines auf einer angeschlossenen USB- Festplatte ist. Habe daher ESET noch nicht deinstalliert. Lg AdwCleaner log: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 20/11/2012 um 09:04:50 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Björn - BJOERN
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Björn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S2].txt - [807 octets] - [20/11/2012 09:04:50]
########## EOF - C:\AdwCleaner[S2].txt - [866 octets] ##########
ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a02f9edc0823a644b8d5345ef6776aac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-20 03:15:41
# local_time=2012-11-20 04:15:41 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 5013 5013 0 0
# scanned=422208
# found=4
# cleaned=0
# scan_time=23538
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I
E:\Sicherung_Mai_2011\c\Desktop\rld-swew\rld-swew.iso probably a variant of Win32/Adware.Agent.JFKRCQC application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/KillProc.A application 00000000000000000000000000000000 I
OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2012 16:40:02 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,41% Memory free 3,84 Gb Paging File | 3,11 Gb Available in Paging File | 80,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 12,08 Gb Free Space | 15,47% Space Free | Partition Type: NTFS Drive D: | 64,08 Gb Total Space | 2,37 Gb Free Space | 3,70% Space Free | Partition Type: NTFS Drive E: | 37,25 Gb Total Space | 4,73 Gb Free Space | 12,71% Space Free | Partition Type: NTFS Drive F: | 1,18 Gb Total Space | 0,53 Gb Free Space | 44,67% Space Free | Partition Type: FAT32 Computer Name: BJOERN | User Name: Björn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 10:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe PRC - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe PRC - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe PRC - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipxism.exe PRC - [2009.07.13 13:31:44 | 000,109,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2006.06.09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2006.01.20 11:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 20:36:48 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.06.13 20:36:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.13 20:36:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.06.13 20:36:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.05.09 20:31:19 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.11.01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.11.01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.11.01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.11.01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.11.01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.11.01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.11.01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.08 09:10:59 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.08 09:10:59 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.15 17:15:30 | 000,274,432 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\NISWCH.sdc MOD - [2009.06.06 01:32:40 | 000,009,728 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITSU.sdc MOD - [2009.06.06 01:32:40 | 000,007,680 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITNR.sdc MOD - [2009.06.06 01:32:38 | 000,021,504 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIHSD.sdc MOD - [2009.06.06 01:32:38 | 000,013,824 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISRC.sdc MOD - [2009.06.06 01:32:38 | 000,013,312 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISL.sdc MOD - [2009.06.06 01:32:38 | 000,012,288 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIDWG.sdc MOD - [2009.06.06 01:32:38 | 000,006,656 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISYNC.sdc MOD - [2009.06.06 01:32:38 | 000,006,144 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIPS.sdc MOD - [2009.06.06 01:32:38 | 000,005,632 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIRFSA.sdc MOD - [2009.06.06 01:32:38 | 000,005,120 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NI5690.sdc MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe MOD - [2006.06.09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Programme\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll MOD - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe MOD - [2006.01.20 11:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2006.01.20 11:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2006.01.20 11:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2006.01.20 11:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2006.01.20 11:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll MOD - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipxism.exe -- (nipxirmu) SRV - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2005.12.09 09:40:04 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxkl.sys -- (usb6xxxk) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.21 07:22:02 | 000,072,588 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsnoop.sys -- (usbsnoop) DRV - [2011.12.20 19:58:52 | 000,099,488 | ---- | M] (USBlyzer Team) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBlyzer.sys -- (USBlyzer) DRV - [2011.06.27 15:03:28 | 000,036,648 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hhdusbh32.sys -- (hhdusbh32) DRV - [2011.04.22 07:42:34 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.11.16 08:54:00 | 000,060,552 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.11.16 08:53:00 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.11.08 08:56:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.06.22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2010.01.10 03:53:04 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2010.01.10 03:52:36 | 000,597,592 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK) DRV - [2010.01.10 03:51:00 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2009.12.15 13:52:56 | 000,017,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock) DRV - [2009.11.13 15:15:48 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.20 13:52:48 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k) DRV - [2009.10.20 13:52:46 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2009.10.20 13:52:44 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k) DRV - [2009.10.13 15:14:52 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2009.09.30 13:08:36 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk) DRV - [2009.09.23 20:54:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2009.09.21 19:00:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk) DRV - [2009.09.21 18:59:34 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicsrkl.sys -- (nicsrk) DRV - [2009.09.21 18:58:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niraptrkl.sys -- (niraptrk) DRV - [2009.09.21 18:58:22 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkw.sys -- (niufurkw) DRV - [2009.09.21 18:58:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk) DRV - [2009.09.21 18:54:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkw.sys -- (nixsrkw) DRV - [2009.09.21 18:50:30 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkl.sys -- (niufurk) DRV - [2009.09.09 16:35:34 | 000,011,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc3rkl.sys -- (nistc3rk) DRV - [2009.09.03 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2009.09.01 09:53:28 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk) DRV - [2009.08.31 15:28:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark) DRV - [2009.08.31 14:24:02 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork) DRV - [2009.08.31 14:15:46 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk) DRV - [2009.08.24 15:08:34 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k) DRV - [2009.08.18 18:30:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk) DRV - [2009.07.15 16:04:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk) DRV - [2009.07.14 13:58:26 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk) DRV - [2009.07.14 13:58:14 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk) DRV - [2009.07.14 13:35:10 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk) DRV - [2009.07.14 10:00:38 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk) DRV - [2009.07.13 22:13:46 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk) DRV - [2009.07.13 20:44:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk) DRV - [2009.07.13 18:30:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk) DRV - [2009.07.07 17:34:44 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2009.07.07 16:50:20 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk) DRV - [2009.07.07 10:23:02 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2009.06.17 00:05:26 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk) DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk) DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.06.06 01:31:00 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2009.06.06 01:30:58 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2009.03.05 15:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK) DRV - [2009.01.05 10:19:28 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k) DRV - [2008.12.05 16:21:24 | 000,020,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk) DRV - [2008.07.03 18:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008.06.25 12:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.03.01 08:17:46 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.07.24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.03.23 08:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.03.23 08:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.03.15 07:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.01.20 11:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.06.14 13:22:42 | 000,026,880 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207BDA.sys -- (M9207) DRV - [2005.06.10 06:55:54 | 000,076,219 | R--- | M] (TVBox) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVBOX.sys -- (ULiM9205) DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{314AC616-1173-4D1C-AC1F-99B585426B39}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{48460A60-537A-4B29-8C70-9AF3A79CBCA4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{759842BB-4EB6-4E44-9A70-135AA22E6092}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{BBD1A716-0F3E-4390-B1CD-FC0731262E2A}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.09 18:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.09 18:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mozilla\Extensions [2012.10.09 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.19 17:48:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DTVRemote] C:\Programme\DTV\RemoteControl.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352808868515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91384EFC-BD91-452A-A8A3-81AA3168C8D5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\schmap-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.15 17:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.08.05 08:39:04 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 09:31:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.11.20 09:19:50 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.11.20 09:07:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\CyberLink PowerDVD 8 [2012.11.19 18:09:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.19 17:00:09 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.19 16:50:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.19 16:50:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.19 16:50:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.19 16:50:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.19 16:50:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.19 16:49:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\Verwaltung [2012.11.19 16:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.19 16:48:51 | 005,002,404 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Björn\Desktop\ComboFix.exe [2012.11.19 14:49:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR.exe [2012.11.16 08:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2012.11.16 08:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0 [2012.11.16 08:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012.11.16 08:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.15 10:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:41:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.14 19:32:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Björn\IECompatCache [2012.11.14 17:42:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Outlook-Dateien [2012.11.14 17:13:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\bew [2012.11.11 11:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DVDVideoSoft [2012.11.09 16:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.11.05 16:41:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Programme\SDP Multimedia [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SDP Multimedia [2012.10.29 06:55:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.10.29 06:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.10.25 09:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2012.10.25 08:00:18 | 000,036,648 | ---- | C] (HHD Software Ltd.) -- C:\WINDOWS\System32\drivers\hhdusbh32.sys [2012.10.25 08:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Device Monitoring Studio [2012.10.25 07:53:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.10.25 07:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.25 07:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\My Documents [2012.10.25 07:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\device monitoring [2012.10.25 06:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DMS Log Files [2012.10.25 06:11:22 | 000,000,000 | ---D | C] -- C:\Programme\HHD Software [2012.10.24 17:39:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\USBlyzer [2012.10.24 17:39:08 | 000,000,000 | ---D | C] -- C:\Programme\USBlyzer [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.20 09:08:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.20 09:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.20 09:03:09 | 000,543,531 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\adwcleaner.exe [2012.11.19 20:20:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat [2012.11.19 17:53:18 | 000,520,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.19 17:53:18 | 000,492,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.19 17:53:18 | 000,110,456 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.19 17:53:18 | 000,090,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.19 17:48:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.19 17:00:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.19 16:48:51 | 005,002,404 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Björn\Desktop\ComboFix.exe [2012.11.19 16:22:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.19 14:49:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Björn\Desktop\aswMBR.exe [2012.11.18 17:38:41 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Microsoft Word 2010.lnk [2012.11.16 09:29:58 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 10:48:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.13 16:55:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\spider.sav [2012.11.13 10:18:48 | 000,087,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.24 17:39:09 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 09:03:07 | 000,543,531 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\adwcleaner.exe [2012.11.19 17:00:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.11.19 17:00:11 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.19 16:50:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.19 16:50:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.19 16:50:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.19 16:50:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.19 16:50:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.19 15:43:00 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\MBR.dat [2012.11.16 09:29:38 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.24 17:39:09 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [2012.09.21 07:22:02 | 000,072,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbsnoop.sys [2012.06.26 19:22:23 | 000,199,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.15 13:58:15 | 000,027,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.jmf-resource [2012.05.14 09:46:11 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll [2012.05.14 09:46:11 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012.05.14 09:46:11 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012.05.14 09:46:11 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012.05.14 09:46:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012.05.14 09:46:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012.05.14 09:46:11 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012.05.14 09:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012.05.14 09:46:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012.05.14 09:46:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012.05.14 09:46:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012.05.14 09:46:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012.05.14 09:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012.05.11 09:28:00 | 000,001,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.JMAppsCfg [2012.05.01 10:12:24 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\MSChtFR.dll [2012.04.30 15:15:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2012.04.30 15:15:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2012.04.30 15:15:29 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2012.04.30 15:15:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2012.04.30 15:15:28 | 010,305,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2012.04.30 15:15:27 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2012.04.30 15:15:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2012.02.15 08:43:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.09 15:37:30 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\gdbtk.ini [2011.06.17 20:32:53 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.06.07 06:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.06 12:22:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE [2011.04.20 17:02:47 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.20 11:53:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.01.20 12:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.12.10 08:42:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2010.12.10 08:42:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2010.08.16 07:04:37 | 000,087,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 17:19:36 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.08.15 17:19:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.06.24 13:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.04.12 15:08:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2010.11.08 08:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.01.15 19:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.10.09 08:17:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.12.16 09:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IVI Foundation [2010.12.16 09:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2011.10.28 17:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions [2011.06.17 20:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2012.04.27 14:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2012.04.27 14:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\1&1 Mail & Media GmbH [2012.08.31 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Audacity [2010.10.05 06:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CadSoft [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe Limited [2012.02.01 19:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CasaPortale.de [2011.06.06 09:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Clonk [2010.11.08 09:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DAEMON Tools Lite [2012.09.29 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2012.09.05 14:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.11.16 08:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2011.01.20 12:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Epson [2010.11.17 19:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GetRightToGo [2012.01.14 11:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC [2012.01.14 11:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.11.05 16:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2011.05.19 09:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Kalypso Media [2011.06.17 11:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Longbow Digital Arts [2012.09.04 17:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mobile Atlas Creator [2012.05.15 09:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Oracle [2012.05.01 07:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Processing [2010.10.26 12:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Schmap [2012.05.21 16:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Softland [2012.03.22 11:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony Online Entertainment [2012.03.08 11:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Unity [2012.10.24 17:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\USBlyzer ========== Purity Check ========== < End of report > [/CODE] |
|
20.11.2012, 18:01
| #10 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PS Noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.11.2012, 18:13
| #11 |
| | Trojana.Agent.PS Hallo. Nein soweit ich sagen kann benimmt er sich wieder normal. Aber hat nicht der ESET noch infizierte Dateien gefunden? So für die Zukunft. Ich benutze immer den gratis AVIRA und scanne damit von Zeit zu Zeit meinen Rechner. Reicht das als Schutz oder soll ich etwas anderes bzw. paralell noch was anderes benutzen? Danke für deine Hilfe. Lg |
|
21.11.2012, 07:07
| #12 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PS Antivir als dauerhaftes AV Programm, Windows Firewall und Malwarebytes zum gelegentlichen Scannen sind ausreichend. AdwCleaner öffnen > Uninstall WIndows-Taste+R > Combofix /Uninstall > Enter drücken OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. __________________
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 17:46
| #13 |
| | Trojana.Agent.PS hallo Herzlichen dank für deine Hilfe. Ich habe mein System noch ein paar mal gescannt und bin Virusfrei. Lg |
|
27.11.2012, 19:26
| #14 |
| /// the machine /// TB-Ausbilder | Trojana.Agent.PS Gern Geschehen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojana.Agent.PS |
| andere, anleitung, cdburnerxp, datei, dateien, document, durchlauf, erstell, erstellt, finds, fontcache, gefunde, gelöscht, gescannt, gmer, hartnäckiger, langsameres, laufen, leitung, libusb0.sys, malwarebytes, mehreren, national, neu, origin, plagegeister, plug-in, required, system, troja, trojaner, versuche, visual studio, webseite, webseiten |
Linear-Darstellung
