| |
| |||||||
Log-Analyse und Auswertung: Trojana.Agent.PSWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.11.2012, 08:45
| #1 |
| |  Trojana.Agent.PS Hallo. Ich wurde von mehreren Plagegeister infisziert. Ein Trojaner ist dabei hartnäckiger als ich und kommt immer wieder. Die Symptome sind ein langsameres System und versuchen mich auf andere Webseiten umzuleiten. Habe schon einen OLT, Gmer und defogger wie in der Anleitung laufen lassen. Allerdings wurde die Datei Extras.txt nur beim ersten Durchlauf erstellt, welchen ich leider gelöscht habe, in der Annahme dass diese immer wieder neu erstellt wird. Beim GMER habe ich nur die Systemplatte gescannt, weil ich das in der Anleitung so interpretiert habe. (hat ewig gedauert) Außerdem habe ich auch einen Malwarebytes scan gemacht, welcher den Trojaner in gleich 4 Dateien gefunden hat. Bitte um Hilfe. Lg OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 10:48:59 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,72% Memory free 3,84 Gb Paging File | 3,14 Gb Available in Paging File | 81,82% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 9,45 Gb Free Space | 12,09% Space Free | Partition Type: NTFS Drive D: | 64,08 Gb Total Space | 2,37 Gb Free Space | 3,70% Space Free | Partition Type: NTFS Computer Name: BJOERN | User Name: Björn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 10:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe PRC - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe PRC - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe PRC - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipxism.exe PRC - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe PRC - [2009.09.14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE PRC - [2009.07.13 13:31:44 | 000,109,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2006.06.09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2006.01.20 11:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 20:36:48 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.06.13 20:36:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.13 20:36:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.06.13 20:36:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.05.09 20:31:19 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.11.01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.11.01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.11.01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.11.01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.11.01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.11.01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.11.01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.11.01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.08 09:10:59 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.08 09:10:59 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.15 17:15:30 | 000,274,432 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\NISWCH.sdc MOD - [2009.06.06 01:32:40 | 000,009,728 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITSU.sdc MOD - [2009.06.06 01:32:40 | 000,007,680 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NITNR.sdc MOD - [2009.06.06 01:32:38 | 000,021,504 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIHSD.sdc MOD - [2009.06.06 01:32:38 | 000,013,824 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISRC.sdc MOD - [2009.06.06 01:32:38 | 000,013,312 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISL.sdc MOD - [2009.06.06 01:32:38 | 000,012,288 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIDWG.sdc MOD - [2009.06.06 01:32:38 | 000,006,656 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NISYNC.sdc MOD - [2009.06.06 01:32:38 | 000,006,144 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIPS.sdc MOD - [2009.06.06 01:32:38 | 000,005,632 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NIRFSA.sdc MOD - [2009.06.06 01:32:38 | 000,005,120 | ---- | M] () -- C:\Programme\National Instruments\Shared\Caps\Compat\NI5690.sdc MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2006.06.19 12:37:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe MOD - [2006.06.09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Programme\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll MOD - [2006.06.01 10:26:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe MOD - [2006.01.20 11:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2006.01.20 11:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2006.01.20 11:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2006.01.20 11:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2006.01.20 11:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2006.01.20 11:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll MOD - [2005.06.10 13:30:26 | 000,040,960 | ---- | M] () -- C:\Programme\DTV\RemoteControl.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.01 14:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2009.11.23 16:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 13:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2009.11.23 13:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 13:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 13:10:56 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.10.20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2009.10.13 15:14:52 | 000,014,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipxism.exe -- (nipxirmu) SRV - [2009.09.29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2009.03.05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2008.08.21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2005.12.09 09:40:04 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxkl.sys -- (usb6xxxk) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.21 07:22:02 | 000,072,588 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsnoop.sys -- (usbsnoop) DRV - [2011.12.20 19:58:52 | 000,099,488 | ---- | M] (USBlyzer Team) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBlyzer.sys -- (USBlyzer) DRV - [2011.06.27 15:03:28 | 000,036,648 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hhdusbh32.sys -- (hhdusbh32) DRV - [2011.04.22 07:42:34 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.11.16 08:54:00 | 000,060,552 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.11.16 08:53:00 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.11.08 08:56:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.06.22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2010.01.12 19:47:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2010.01.10 03:53:04 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2010.01.10 03:52:36 | 000,597,592 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK) DRV - [2010.01.10 03:51:00 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2009.12.15 13:52:56 | 000,017,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock) DRV - [2009.11.13 15:15:48 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.20 13:52:48 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k) DRV - [2009.10.20 13:52:46 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2009.10.20 13:52:44 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k) DRV - [2009.10.13 15:14:52 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2009.09.30 13:08:36 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk) DRV - [2009.09.23 20:54:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2009.09.21 19:00:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk) DRV - [2009.09.21 18:59:34 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicsrkl.sys -- (nicsrk) DRV - [2009.09.21 18:58:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niraptrkl.sys -- (niraptrk) DRV - [2009.09.21 18:58:22 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkw.sys -- (niufurkw) DRV - [2009.09.21 18:58:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk) DRV - [2009.09.21 18:54:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkw.sys -- (nixsrkw) DRV - [2009.09.21 18:50:30 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niufurkl.sys -- (niufurk) DRV - [2009.09.09 16:35:34 | 000,011,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc3rkl.sys -- (nistc3rk) DRV - [2009.09.03 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2009.09.01 09:53:28 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk) DRV - [2009.08.31 15:28:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark) DRV - [2009.08.31 14:24:02 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork) DRV - [2009.08.31 14:15:46 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk) DRV - [2009.08.24 15:08:34 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k) DRV - [2009.08.18 18:30:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk) DRV - [2009.07.15 16:04:32 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk) DRV - [2009.07.14 13:58:26 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk) DRV - [2009.07.14 13:58:14 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk) DRV - [2009.07.14 13:35:10 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk) DRV - [2009.07.14 13:34:58 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk) DRV - [2009.07.14 10:00:38 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk) DRV - [2009.07.13 22:13:46 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk) DRV - [2009.07.13 20:44:16 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk) DRV - [2009.07.13 18:30:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk) DRV - [2009.07.07 17:34:44 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2009.07.07 16:50:20 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk) DRV - [2009.07.07 10:23:02 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2009.06.17 00:05:26 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk) DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk) DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.06.06 01:31:00 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2009.06.06 01:30:58 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2009.03.05 15:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK) DRV - [2009.01.05 10:19:28 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k) DRV - [2008.12.05 16:21:24 | 000,020,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk) DRV - [2008.07.03 18:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008.06.25 12:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.03.01 08:17:46 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.07.24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.03.23 08:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.03.23 08:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.03.15 07:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.01.20 11:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.06.14 13:22:42 | 000,026,880 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207BDA.sys -- (M9207) DRV - [2005.06.10 06:55:54 | 000,076,219 | R--- | M] (TVBox) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVBOX.sys -- (ULiM9205) DRV - [2004.08.04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{314AC616-1173-4D1C-AC1F-99B585426B39}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{48460A60-537A-4B29-8C70-9AF3A79CBCA4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{759842BB-4EB6-4E44-9A70-135AA22E6092}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{BBD1A716-0F3E-4390-B1CD-FC0731262E2A}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.09 18:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.09 18:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mozilla\Extensions [2012.10.09 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DTVRemote] C:\Programme\DTV\RemoteControl.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - HKCU..\Run: [1und1Dispatcher] "C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe" xp File not found O4 - HKCU..\Run: [Automatisch Epson Stylus SX420W(Netzwerk) auf FLORA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Epson Stylus SX420W(Netzwerk)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\nwprovau.dll File not found O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352808868515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\schmap-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.15 17:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0d81f590-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0d81f592-a8fc-11df-8b5b-0018de96b8f6}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{561b4da7-e371-11df-8bb0-0018de96b8f6}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6b26c0ff-6ca7-11e0-8c97-0018de96b8f6}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{966f6be8-dfad-11df-8ba8-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a6d6a502-c732-11df-8b7a-0018de96b8f6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell - "" = AutoRun O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{aad9a11a-72f2-11e0-8ca2-0018de96b8f6}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 09:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\CyberLink PowerDVD 8 [2012.11.16 08:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2012.11.16 08:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0 [2012.11.16 08:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012.11.16 08:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.15 10:49:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.15 10:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.15 10:41:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.14 19:32:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Björn\IECompatCache [2012.11.14 17:42:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Outlook-Dateien [2012.11.14 17:13:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\bew [2012.11.11 11:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DVDVideoSoft [2012.11.09 16:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.11.05 16:41:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Programme\SDP Multimedia [2012.10.29 15:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SDP Multimedia [2012.10.29 06:55:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.10.29 06:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.10.25 09:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2012.10.25 08:00:18 | 000,036,648 | ---- | C] (HHD Software Ltd.) -- C:\WINDOWS\System32\drivers\hhdusbh32.sys [2012.10.25 08:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Device Monitoring Studio [2012.10.25 07:53:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2012.10.25 07:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.25 07:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\My Documents [2012.10.25 07:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Desktop\device monitoring [2012.10.25 06:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\DMS Log Files [2012.10.25 06:11:22 | 000,000,000 | ---D | C] -- C:\Programme\HHD Software [2012.10.24 17:39:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\USBlyzer [2012.10.24 17:39:08 | 000,000,000 | ---D | C] -- C:\Programme\USBlyzer [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.16 09:33:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.16 09:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.16 09:29:58 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 09:07:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.16 08:20:36 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.16 08:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 10:48:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Björn\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.13 16:55:02 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Eigene Dateien\spider.sav [2012.11.13 10:18:48 | 000,087,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.12 20:14:47 | 000,520,360 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.12 20:14:47 | 000,491,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.12 20:14:47 | 000,110,040 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.12 20:14:47 | 000,090,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.12 16:11:29 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Microsoft Word 2010.lnk [2012.11.05 16:45:06 | 000,432,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Überweisung.pdf [2012.10.24 17:39:09 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.16 09:29:38 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2012.11.16 09:27:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\t6qhly6h.exe [2012.11.16 08:20:36 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2012.11.15 10:49:37 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.05 16:45:04 | 000,432,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Überweisung.pdf [2012.10.24 17:39:09 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\USBlyzer.lnk [2012.09.21 07:22:02 | 000,072,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbsnoop.sys [2012.06.26 19:22:23 | 000,199,128 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.15 13:58:15 | 000,027,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.jmf-resource [2012.05.14 09:46:11 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll [2012.05.14 09:46:11 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012.05.14 09:46:11 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012.05.14 09:46:11 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012.05.14 09:46:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012.05.14 09:46:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012.05.14 09:46:11 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012.05.14 09:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012.05.14 09:46:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012.05.14 09:46:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012.05.14 09:46:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012.05.14 09:46:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012.05.14 09:46:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012.05.14 09:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012.05.14 09:46:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012.05.14 09:46:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012.05.14 09:46:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012.05.11 09:28:00 | 000,001,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\.JMAppsCfg [2012.05.01 10:12:24 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\MSChtFR.dll [2012.04.30 15:15:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2012.04.30 15:15:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2012.04.30 15:15:29 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2012.04.30 15:15:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2012.04.30 15:15:28 | 010,305,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2012.04.30 15:15:27 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2012.04.30 15:15:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2012.02.15 08:43:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.09 15:37:30 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\gdbtk.ini [2011.06.17 20:32:53 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.06.07 06:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.06 12:22:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE [2011.04.20 17:02:47 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.20 11:53:08 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.01.20 12:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.12.10 08:42:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2010.12.10 08:42:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2010.08.16 07:04:37 | 000,087,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 17:19:36 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.08.15 17:19:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.06.24 13:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.04.12 15:08:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2010.11.08 08:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.01.15 19:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.10.09 08:17:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.12.16 09:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IVI Foundation [2010.12.16 09:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments [2011.10.28 17:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions [2011.06.17 20:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2012.04.27 14:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2012.04.27 14:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\1&1 Mail & Media GmbH [2012.08.31 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Audacity [2010.10.05 06:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CadSoft [2011.04.20 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe Limited [2012.02.01 19:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\CasaPortale.de [2011.06.06 09:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Clonk [2010.11.08 09:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DAEMON Tools Lite [2012.09.29 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2012.09.05 14:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.11.16 08:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\ElevatedDiagnostics [2011.01.20 12:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Epson [2010.11.17 19:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GetRightToGo [2012.01.14 11:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC [2012.01.14 11:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.11.05 16:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Image Zone Express [2011.05.19 09:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Kalypso Media [2011.06.17 11:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Longbow Digital Arts [2012.09.04 17:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mobile Atlas Creator [2012.05.15 09:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Oracle [2012.05.01 07:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Processing [2010.10.26 12:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Schmap [2012.05.21 16:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Softland [2012.03.22 11:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony Online Entertainment [2012.03.08 11:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Unity [2012.10.24 17:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\USBlyzer ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB9701$] -> Error: Cannot create file handle -> Unknown point type < End of report > defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:29 on 16/11/2012 (Björn) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-16 20:22:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: t6qhly6h.exe; Driver: C:\DOKUME~1\BJRN~1\LOKALE~1\Temp\kxtdqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.qhma C:\WINDOWS\system32\DRIVERS\netbt.sys entry point in ".qhma" section [0xA553B3A9]
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) A5561000-A5579000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0xEF 0xB4 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x70 0x63 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x75 0x69 0x55 ...
Reg HKLM\SYSTEM\RN6\v2.0
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\tĀ 0x90 0xE1 0x43 0xD2 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0x8A 0xAD 0xB4 0x65 ...
Reg HKLM\SYSTEM\RN6\v2.0\
Reg HKLM\SYSTEM\RN6\v2.0\@ū˙\0\0˙˙\20Ā 0xE4 0x0F 0xB7 0x65 ...
---- Files - GMER 1.0.15 ----
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getClass.m 236 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getDimensions.m 250 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getFullName.m 785 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getLocations.m 279 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getName.m 230 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\getPath.m 230 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\isSame.m 647 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\schema.m 1222 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\STParameterID.m 1437 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterID\update.m 1294 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\copy.m 933 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\schema.m 986 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\setFormat.m 1839 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\setName.m 583 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterSpec\STParameterSpec.m 896 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\copy.m 650 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\schema.m 694 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\setName.m 583 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@modelpack\@STParameterValue\STParameterValue.m 676 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findNewInputs.m 1735 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findNewStates.m 2720 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\findStateStructElement.m 961 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getinputstruct.m 1526 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getNonAccelReferenceStateBlockNames.m 688 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getstatestruct.m 2268 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\getxu.m 5395 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\schema.m 681 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\setxu.m 2913 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\sortstates.m 1325 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@AbstractOperatingPoint\update.m 894 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\display.m 974 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\schema.m 1218 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputPoint\update.m 892 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport\display.m 1302 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputReport\schema.m 1456 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\display.m 1189 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\schema.m 2005 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@InputSpec\update.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingPoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\copy.m 2986 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\display.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\loadobj.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\OperatingReport.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\schema.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingReport\setxuydx.m 1698 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\copy.m 2711 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\CreateOpPoint.m 1656 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\CreateOpReport.m 2811 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\display.m 1334 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\findNewOutputs.m 2536 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\getOutputs.m 3330 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\getStateConstraints.m 1837 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\loadobj.m 2604 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\OperatingSpec.m 366 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\removeOutputSpec.m 689 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\schema.m 591 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OperatingSpec\sync.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport\display.m 1338 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputReport\schema.m 1754 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\display.m 1176 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\schema.m 2132 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@OutputSpec\update.m 1010 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\display.m 1261 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\schema.m 1712 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\StatePoint.m 507 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePoint\update.m 1796 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePointSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StatePointSimMech\schema.m 1397 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport\display.m 1548 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReport\schema.m 2341 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReportSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateReportSimMech\schema.m 1950 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\display.m 1687 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\schema.m 2675 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\StateSpec.m 700 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpec\update.m 2109 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpecSimMech 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\@StateSpecSimMech\schema.m 1848 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\computeSimMechBlockName.m 511 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\computeSimMechStateName.m 1064 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\copy.m 911 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\findStateStructElement.m 956 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\get.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getinputstruct.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getstatestruct.m 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getVersion.m 256 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\getxu.m 1076 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\isAccelReferenceStateBlockPath.m 736 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\schema.m 191 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\set.m 2107 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\setxu.m 674 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@opcond\update.m 656 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset\dataset.m 385 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@dataset\schema.m 944 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\addlisteners.m 255 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\disableListeners.m 151 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\enableListeners.m 149 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\feval.m 4167 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@exclusion\schema.m 1843 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\addlisteners.m 256 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\disableListeners.m 151 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\enableListeners.m 149 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\feval.m 3766 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@filtering\schema.m 1513 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@interp 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\@preprocess 0 bytes
File C:\Programme\MATLAB\R2010b\toolbox\shared\slcontrollib\@preprocessgui\schema.m 0 bytes
File C:\Programme\Microsoft\MigWiz 0 bytes
File C:\Programme\Microsoft\MigWiz\MIGUIImg.dll 0 bytes
File C:\Programme\Microsoft\MigWiz\autorun.inf 103 bytes
File C:\Programme\Microsoft\MigWiz\cable 0 bytes
File C:\Programme\Microsoft\MigWiz\cmi2migxml.dll 0 bytes
File C:\Programme\Microsoft\MigWiz\csiagent.dll 248832 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\input.dll.mui 26112 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE\migres.dll.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\migsetup.exe.mui 4096 bytes executable
File C:\Programme\Microsoft\MigWiz\de-DE\miguires.dll.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\migwiz.exe.mui 0 bytes
File C:\Programme\Microsoft\MigWiz\de-DE\spwizres.dll.mui 8192 bytes executable
File C:\Programme\Microsoft\MigWiz\dlmanifests 0 bytes
File C:\Programme\Microsoft\MigWiz\dlmanifests\microsoft-windows-iis-logginglibraries-deployment-dl.man 2063 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib 0 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib\X86 0 bytes
File C:\Programme\Microsoft CAPICOM 2.1.0.2\License 0 bytes
File C:\Programme\microsoft frontpage\version3.0 0 bytes
File C:\Programme\microsoft frontpage\version3.0\bin 0 bytes
---- EOF - GMER 1.0.15 ----
Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Björn :: BJOERN [Administrator] Schutz: Aktiviert 16.11.2012 20:32:40 mbam-log-2012-11-17 (08-26-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 694574 Laufzeit: 3 Stunde(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP544\A0126823.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP544\A0126838.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP547\A0127188.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{681682CF-DE81-45DA-A6EE-B336600C48F1}\RP547\A0127215.sys (Trojan.Agent.PS) -> Keine Aktion durchgeführt. (Ende) |
| Themen zu Trojana.Agent.PS |
| andere, anleitung, cdburnerxp, datei, dateien, document, durchlauf, erstell, erstellt, finds, fontcache, gefunde, gelöscht, gescannt, gmer, hartnäckiger, langsameres, laufen, leitung, libusb0.sys, malwarebytes, mehreren, national, neu, origin, plagegeister, plug-in, required, system, troja, trojaner, versuche, visual studio, webseite, webseiten |
Baum-Darstellung