| |
| |||||||
Log-Analyse und Auswertung: Infektion mit Gen:Variant.Symmi.4661Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.11.2012, 21:55
| #1 |
 |  Infektion mit Gen:Variant.Symmi.4661 Hallo zusammen, ich bitte euch um Hilfe bei dem nachfolgendem Problem. Ich hoffe ihr könnt mir helfen. Vielen Dank schon mal fürs Lesen!!  Mein Zugang zum Onlinebanking wurde von meiner Bank wg. Phishing-Verdachts gesperrt. Aus diesem Anlass habe ich mir meinen Rechner genauer angesehen und habe folgendes festgestellt: 1. Mein Mcaffe Virenscanner meint folgendes gefunden zu haben: 15.11.2012 23:24:22 Gelöscht *** ODS c:\Documents and Settings\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1cebbbd3-12f03934\p.class JV/Exploit-Blacole.f (Trojanisches Pferd) angeblich wurde die gefundene Datei gelöscht. 2. Der Onlinescanner von Bitdefender findet danach noch Folgendes: Ihr System ist infiziert mit Gen:Variant.Symmi.4661 3. Der Internetexplorer leitet bestimmte Seiten um. Alle "normalen" Seiten werden normal dargestellt. Versuche ich jedoch Seiten mit Antivierenprogrammen zu öffenen, so werde ich auf eine angebliche Google-Seite umgeleitet mit der Nachricht, dass die Seite nicht gefunden werden kann. 4. Ich habe mir daraufhin die Add-Ons angesehen. Dort waren unter anderem folgende Module aktivert: Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper Nach Deaktivierung dieser Addons wird der IE scheinbar nicht mehr umgeleitet. In den weiteren Informationen zu diesen Addons werden folgende Informationen angezeigt: ---------------------------------------------------------------- Name: Java(tm) Plug-In SSV Helper Herausgeber: Oracle America, Inc. Typ: Browserhilfsobjekt Version: 7.0.90.5 Dateidatum: Letzter Zugriff am: Heute, 18. November 2012, Vor 27 Minuten Klassenkennung: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Verwendung (Anzahl): 490 Blockierungen (Anzahl): 906 Datei: ssv.dll Ordner: C:\Program Files (x86)\Java\jre7\bin ----------------------------------------------------- Name: Java(tm) Plug-In 2 SSV Helper Herausgeber: Oracle America, Inc. Typ: Browserhilfsobjekt Version: 7.0.90.5 Dateidatum: Letzter Zugriff am: Heute, 18. November 2012, Vor 26 Minuten Klassenkennung: {DBC80044-A445-435B-BC74-9C25C1C588A9} Verwendung (Anzahl): 490 Blockierungen (Anzahl): 2110 Datei: jp2ssv.dll Ordner: C:\Program Files (x86)\Java\jre7\bin -------------------------------------------------------- 5. Im Windows Task Manager läuft eine izni.exe als Prozess, mit dem ich nichts anfangen kann. Zur Zeit wird dieser Prozess komischer weise nicht angezeigt, sonst aber ständig. Mehr fällt mir erstmal nicht ein, außer, dass ich meine, dass sich mein IE vor einigen Tagen tatsächlich beim Versuch meine Bankseite zu erreichen eigenartig verhalten hatte. Hier folgen die Protokolle: OTL Extras logfile created on: 18.11.2012 20:54:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free 23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2AEE561C-EEAF-480B-A146-79D0AF6AE5A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3713E3C4-ADD7-480C-A78B-599CFD0A5D4C}" = rport=138 | protocol=17 | dir=out | app=system | "{494079AD-3323-4B78-A90D-7BC187792CFB}" = rport=445 | protocol=6 | dir=out | app=system | "{5E432694-EFA6-48B6-B50D-AD7E671F7E75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67D1AAE3-FF62-4542-90F3-CC7850C30257}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{88AC3F79-DE6B-4243-9270-D8201699E80B}" = lport=445 | protocol=6 | dir=in | app=system | "{A75CAFCE-91B6-4FF7-836B-B3486A38D374}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8AC2DDF-C3DB-486E-AE43-8E666A977825}" = rport=139 | protocol=6 | dir=out | app=system | "{BFF805F7-3D14-4348-A0E4-B9E2D7DF9378}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C91F922E-613E-4F90-84AE-664BB26B34B8}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | "{CFE75CD1-BA54-409F-8973-0BD08249607B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DF9D3BC6-3FE3-4475-93C8-8D1E4FC8AE61}" = lport=138 | protocol=17 | dir=in | app=system | "{EB70CAE5-CF35-4D8F-8AA8-D81190C52A5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F80235E4-26C8-434D-A9D3-74E58243D1E6}" = lport=139 | protocol=6 | dir=in | app=system | "{F87BA630-1174-48F8-822B-CF991AC7BB24}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C65ACB-1CB5-4A8F-9841-AB81B376A5A6}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00284CD6-3DF2-494E-B6C5-9B6D6CA77CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{072683FD-CB18-4CFF-906E-60D7238AAFB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{12A8288C-65E1-4CF6-9A21-040297EC7556}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{17891933-3306-4037-882F-06EA032A11B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CF7BBAC-2D58-44C0-87EC-1A43BEED0F60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F944876-6E6E-4B03-8784-0177A2578D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{35C423D9-0DF3-40A0-A997-CF47A80EA238}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{3B5769BA-6B87-4235-BF7C-BDBFAA366018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{43A6740C-AE00-48D4-86C5-0F750667D5B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{43BBD64D-0312-43DC-B63F-D0957CAAE407}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4A64E911-DBD6-4EFA-A0A3-FD06C490B4C9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5BA2CC1F-F0CB-4F46-A85C-1C6E32973A08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{6DF9592A-9ED4-40D3-B864-511C180B1FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6FA52E63-54AF-4745-A300-7D194B0F25A7}" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "{703D605F-B2A6-4704-8F39-EB1E424874BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{78F2204A-A38A-4F9B-9F2E-3ACFFA4FB7B1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "{8260E757-B3C7-48D7-B77B-FABD59ACD28A}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{829A488D-2D81-4809-B83B-096B9E591C82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{8A6A18FE-49F7-46F1-872B-8DF127643345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{921C0327-97A3-467F-9D2D-E301E8DD0007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9DDA3F79-AEBC-44B8-800B-C9DA97BD21DA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{A66EFD75-FA79-41D6-842A-A067AF7ED949}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{A7B68475-C0E3-485E-8C14-F66E01074906}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{B0FB754A-6B3D-485D-858F-D2662BF6E5B2}" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "{B2B7A2DF-4B37-41DB-A000-9057D6C4DE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{B54E8839-C822-4CA6-A943-B5D1E2CE87F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B6FD209E-0E7F-41FA-BC65-6C8B7D1E0A45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA94CB1B-FC7F-487E-9DDD-768FBC0D7D9C}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "{D115D6D8-6719-4D65-9272-7A996079914E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DF0E4816-6DF4-4665-B313-8955CFC863D5}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{E5079EAB-2CDD-44DF-8ADF-79335EF9F7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{ED5B3E97-FEC3-4C3A-88DD-0D7529D2A9A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F418244A-A5CA-4152-8B2A-1806B5AD0806}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FCC83410-8DDC-4783-B960-ED300CAC78E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{3F86233D-D1E0-4CFD-BB5C-E8D0553488A4}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "TCP Query User{602C6A06-0727-465E-B24F-5AA83968D2BD}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe | "TCP Query User{696014B3-60BE-4D2D-B09B-BC5147B202CC}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "TCP Query User{D0968201-E341-423B-9088-C89A6776227C}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe | "TCP Query User{EF3A49CB-A7E8-40DE-8F90-0A5F533F79DA}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "TCP Query User{F12F776E-E285-42F7-81AB-42F306D05CC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{73E526B4-975B-41EA-BA7F-2578981D6C2C}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe | "UDP Query User{7E1FFD9C-115E-477F-ABEE-A994865892F7}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe | "UDP Query User{A60479F1-D642-419C-B20E-96EEEAE3EA0E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{A8444D51-D1B0-493D-9108-49563CE2128C}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "UDP Query User{C86C44FC-F4C1-4E82-A9D7-F34A4BDF7D9D}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "UDP Query User{F3415213-F784-4748-A6B4-9F10391DDA6C}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7DA36D55-AD81-4E28-8FCF-9A92C7148487}" = Microsoft SQL Server Native Client "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.77 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.77 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "{F04FF238-4E59-4443-8E37-5988C4C101C0}" = SQLXML4 "SMBus" = Intel(R) SMBus "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201 "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avidemux 2.5" = Avidemux 2.5 (32-bit) "bwin Poker JPC_is1" = bwin Poker JPC 1.0.0 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "DarkSpace" = DarkSpace 1.670 "DATEVB00000482.0" = DATEV Installation V.2.8 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "HCEDemo_is1" = Harpoon - Commander's Edition Demo "InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020 "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Office14.STANDARD" = Microsoft Office Standard 2010 "Securepoint SSL VPN" = Securepoint SSL VPN "SpeedFan" = SpeedFan (remove only) "Steam App 220" = Half-Life 2 "Steam App 50130" = Mafia II "Steam App 570" = Dota 2 "Steam App 57690" = Tropico 4 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 00:55:43 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1bb248d0 ID des fehlerhaften Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 64e0afcd-1f29-11e2-86f2-0090f5b5de29 Error - 26.10.2012 00:55:45 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1bb248d0 ID des fehlerhaften Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 66773441-1f29-11e2-86f2-0090f5b5de29 Error - 26.10.2012 13:16:29 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 17:30:57 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1cd048d0 ID des fehlerhaften Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ec6b7b73-220f-11e2-87ee-0090f5b5de29 Error - 29.10.2012 17:30:59 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1cd048d0 ID des fehlerhaften Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: edfd6bf6-220f-11e2-87ee-0090f5b5de29 Error - 29.10.2012 18:04:50 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1d5048d0 ID des fehlerhaften Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a87850c9-2214-11e2-87ee-0090f5b5de29 Error - 29.10.2012 18:04:52 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1d5048d0 ID des fehlerhaften Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a9d28eab-2214-11e2-87ee-0090f5b5de29 Error - 30.10.2012 07:09:16 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 01.11.2012 15:14:56 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 06.11.2012 14:54:21 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 11.11.2012 04:29:58 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: LEGOStarWarsSaga.exe, Version: 1.0.0.0, Zeitstempel: 0x4a92fd8c Name des fehlerhaften Moduls: LEGOStarWarsSaga.exe, Version: 1.0.0.0, Zeitstempel: 0x4a92fd8c Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e2eab ID des fehlerhaften Prozesses: 0x1728 Startzeit der fehlerhaften Anwendung: 0x01cdbfe689c4ed98 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe Berichtskennung: f9a75f8a-2bd9-11e2-b78d-0090f5b5de29 [ System Events ] Error - 07.05.2012 15:23:52 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?06.?05.?2012 um 18:25:39 unerwartet heruntergefahren. Error - 07.05.2012 15:23:46 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 07.05.2012 15:23:56 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 08.05.2012 13:42:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 08.05.2012 13:42:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 10.05.2012 14:35:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 10.05.2012 14:35:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 17.05.2012 11:08:19 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?05.?2012 um 20:59:12 unerwartet heruntergefahren. Error - 17.05.2012 11:08:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 17.05.2012 11:08:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > OTL logfile created on: 18.11.2012 20:54:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free 23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe PRC - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe PRC - [2010.12.21 08:24:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe PRC - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe PRC - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe PRC - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.01.22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 22:08:45 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\b8e00112524df483c819ef6558bd1799\VMC.WindowsService.Core.ni.dll MOD - [2012.11.14 22:08:45 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\0d9671961582768cd2362fb01e4b219a\VMC.WindowsService.Messaging.ni.dll MOD - [2012.11.14 22:08:44 | 001,352,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e4771f839d57040086227940f4dec0d9\VMC.ConnectionServices.ni.dll MOD - [2012.11.14 22:08:44 | 000,691,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\e208daf17bcc47c9061751fb916df377\VMC.WwanWrapper.ni.dll MOD - [2012.11.14 22:08:44 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\8d855608ea66a426ce9c415cc5351e25\VMC.CsUtil.ni.dll MOD - [2012.11.14 22:08:44 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\4f40f159ebcc21e2e4cd39de56111724\Interop.Shell32.ni.dll MOD - [2012.11.14 22:08:44 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\307ea73ad7db5c22313c37d14410e7ec\VMC.ConnectionServices.TrafficOptimiser.ni.dll MOD - [2012.11.14 22:08:42 | 000,652,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a8502cde54c5a93c78d3e77982fe275e\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2012.11.14 22:08:42 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a5bc79bdf6aba422aa74cb2eb325389c\VMC.BaseServices.DataAccessor.ni.dll MOD - [2012.11.14 22:08:42 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\031984b90b19108e6964e6f223521e04\Interop.FNCClient11Lib.ni.dll MOD - [2012.11.14 22:08:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\3be2b2b68d06b1c2f8e5e61fd6f29c7f\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2012.11.14 22:08:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.14 22:08:40 | 000,852,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\028c62a33aa81f49486bd1763c5ac711\VMC.BaseServices.Platform.ni.dll MOD - [2012.11.14 22:08:40 | 000,483,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\b5e9e675c38a5ab1a8f9f2e7e9c25efe\VMC.ConnectionServicesInterface.ni.dll MOD - [2012.11.14 22:08:39 | 003,971,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileConnect\210547cea48e193dce5c814dc53dc65e\MobileConnect.ni.exe MOD - [2012.11.14 22:08:39 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\52ca5e8b3aec02d6243e56d5b8b7064a\VMC.UI.CommonDialogs.ni.dll MOD - [2012.11.14 21:24:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll MOD - [2012.11.14 21:24:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.14 21:24:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.14 21:24:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012.11.14 21:24:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012.11.14 21:24:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.14 21:24:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.14 21:24:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll MOD - [2012.11.14 21:24:04 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll MOD - [2012.11.14 21:24:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.14 21:23:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.14 21:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.14 21:23:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.06.09 10:01:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll MOD - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll MOD - [2009.05.01 17:58:06 | 000,514,352 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll MOD - [2009.05.01 17:58:04 | 001,057,512 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll MOD - [2009.05.01 17:58:04 | 000,627,944 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll MOD - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe MOD - [2006.12.11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.24 22:10:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.08 19:49:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.07 21:52:40 | 000,467,456 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service) SRV - [2011.02.21 01:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService) SRV - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN) SRV - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.07 21:53:04 | 002,740,328 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64) DRV:64bit: - [2011.11.07 21:53:04 | 000,069,224 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2011.10.01 07:52:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.10.01 07:52:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 12:09:20 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.03 13:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2010.08.25 01:11:52 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.08.11 20:33:26 | 000,127,984 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010.04.01 11:06:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.01.22 05:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 05:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.20 10:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.29 01:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CE2DD93-197F-4206-92DB-87E0F9AEA84B} IE:64bit: - HKLM\..\SearchScopes\{2CE2DD93-197F-4206-92DB-87E0F9AEA84B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {178EE1B6-E06E-483D-B00F-45F4245BDAA1} IE - HKLM\..\SearchScopes\{178EE1B6-E06E-483D-B00F-45F4245BDAA1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {1B4F177B-44ED-46C1-B715-DC0C9FC50A54} IE - HKCU\..\SearchScopes\{1B4F177B-44ED-46C1-B715-DC0C9FC50A54}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [IExplorer Util] C:\Users\***\AppData\Roaming\ie_util.exe (Oxygen Software) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Ydxagaroy] C:\Users\***\AppData\Roaming\Qypye\izni.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: starstable.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C88A1A-2DB3-4A91-9E0E-3D6F8E8B7FE3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.05 11:56:44 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 20:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2012.11.15 23:24:22 | 000,000,000 | ---D | C] -- C:\Quarantäne [2012.11.15 22:39:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rytouf [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qypye [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muexw [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 20:51:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 20:31:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.18 20:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.18 19:40:25 | 000,001,457 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.18 19:31:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:23:23 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 19:23:23 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 19:23:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 19:23:23 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 19:23:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 19:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 19:16:00 | 1066,844,158 | -HS- | M] () -- C:\hiberfil.sys [2012.11.16 20:13:44 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.14 21:23:29 | 000,415,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2012.11.04 19:58:22 | 000,266,766 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.18 20:51:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 19:40:25 | 000,001,457 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.04 21:41:12 | 000,266,766 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf [2012.04.17 23:11:26 | 000,013,291 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp [2012.02.12 01:02:52 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin [2012.02.12 01:02:38 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin [2011.09.05 21:22:35 | 000,007,629 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.06.15 19:41:54 | 000,011,419 | ---- | C] () -- C:\Users\***\AppData\Local\backup041820120010.vtp [2011.06.09 09:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2011.06.09 09:53:05 | 000,000,129 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2011.06.09 09:50:05 | 000,000,130 | ---- | C] () -- C:\Windows\Startup.INI [2011.06.08 12:36:40 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini [2011.06.08 12:36:40 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.03 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2012.09.29 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.06.09 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DATEV [2012.10.10 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2012.10.11 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.05.18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.04.26 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.11.18 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muexw [2012.02.22 05:42:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2011.06.15 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2012.11.18 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qypye [2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rytouf [2011.06.29 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Securepoint SSL VPN [2012.03.14 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software [2012.05.20 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.07.21 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > |
|
19.11.2012, 01:06
| #2 |
| /// Malwareteam   | Infektion mit Gen:Variant.Symmi.4661 Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Ydxagaroy] C:\Users\***\AppData\Roaming\Qypye\izni.exe ()
O4 - HKCU..\Run: [IExplorer Util] C:\Users\***\AppData\Roaming\ie_util.exe (Oxygen Software)
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rytouf
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muexw
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rytouf
:Commands
[purity]
[emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes
|
|
19.11.2012, 06:41
| #3 |
| | Infektion mit Gen:Variant.Symmi.4661 Danke für die schnelle Antwort zu dieser späten Stunde
__________________ Es folgen die Logs. Ich bin der Meinung im OTL Script die *** durch meinen Usernamen ersetzt zu haben. Dennoch scheint das laut nachfolgendem Log nicht vollständig so zu sein. Ob ich eine Zeile vergessen habe? Damit du das erkennen kannst habe ich dieses mal den Namen nicht durch *** ersetzt, sondern durch *user*. Trotzdem findet sich im Log auch *** , sieht nach einem Fehler meinserseits aus. Malwarebytes hat keine infizierten Objekte gefunden. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ydxagaroy deleted successfully.
File C:\Users\***\AppData\Roaming\Qypye\izni.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IExplorer Util deleted successfully.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
C:\Users\*user*\AppData\Roaming\Rytouf folder moved successfully.
C:\Users\*user*\AppData\Roaming\Qypye folder moved successfully.
C:\Users\*user*\AppData\Roaming\Muexw folder moved successfully.
Folder C:\Users\*user*\AppData\Roaming\Qypye\ not found.
Folder C:\Users\*user*\AppData\Roaming\Rytouf\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: *user*
->Temp folder emptied: 353864707 bytes
->Temporary Internet Files folder emptied: 103057712 bytes
->Java cache emptied: 6338191 bytes
->Flash cache emptied: 3479 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18718435 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 4861448417 bytes
Total Files Cleaned = 5.096,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11192012_061723
Files\Folders moved on Reboot...
File\Folder C:\Users\*user*\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8T0DG41U\1;b8=2;c0=3;c1=3;c2=3;d7=3;e8=0;f6=3;g1=3;g4=0;g5=3;ct_s=1;z1=1;z2=1;ct_y=1;x9=0;x1=1;x5=0;x3=0;x7=0;k6=1;x8=0;k8=0;x4=0;x6=0;x2=0;u1=0;u2=8;ord=8314570515314810[1].js not found!
File\Folder C:\Users\*user*\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\51WZOFGA\1;b8=2;c0=3;c1=3;c2=3;d7=3;e8=0;f6=3;g1=3;g4=0;g5=3;ct_s=1;z1=1;z2=1;ct_y=1;x9=0;x1=1;x5=0;x3=0;x7=0;k6=1;x8=0;k8=0;x4=0;x6=0;x2=0;u1=0;u2=8;ord=8314570515314810[1].js not found!
C:\Users\*user*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 christian.bernhard :: LAPTOP_BERNHARD [Administrator] 19.11.2012 06:28:17 mbam-log-2012-11-19 (06-28-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220192 Laufzeit: 1 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.11.2012, 17:29
| #4 |
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
19.11.2012, 21:36
| #5 |
| | Infektion mit Gen:Variant.Symmi.4661 Es hat sich nach diesem Scan nur die OTL.txt geöffnet. WO IST DIE EXTRA.TXT ? Code:
ATTFilter OTL logfile created on: 19.11.2012 21:15:07 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,04 Gb Available Physical Memory | 83,72% Memory free 23,98 Gb Paging File | 21,73 Gb Available in Paging File | 90,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,78 Gb Total Space | 114,45 Gb Free Space | 52,31% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive E: | 457,85 Gb Total Space | 423,17 Gb Free Space | 92,43% Space Free | Partition Type: NTFS Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe PRC - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe PRC - [2010.12.21 08:24:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe PRC - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe PRC - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe PRC - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.01.22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 22:08:45 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\b8e00112524df483c819ef6558bd1799\VMC.WindowsService.Core.ni.dll MOD - [2012.11.14 22:08:45 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\0d9671961582768cd2362fb01e4b219a\VMC.WindowsService.Messaging.ni.dll MOD - [2012.11.14 22:08:44 | 001,352,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e4771f839d57040086227940f4dec0d9\VMC.ConnectionServices.ni.dll MOD - [2012.11.14 22:08:44 | 000,691,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\e208daf17bcc47c9061751fb916df377\VMC.WwanWrapper.ni.dll MOD - [2012.11.14 22:08:44 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\8d855608ea66a426ce9c415cc5351e25\VMC.CsUtil.ni.dll MOD - [2012.11.14 22:08:44 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\4f40f159ebcc21e2e4cd39de56111724\Interop.Shell32.ni.dll MOD - [2012.11.14 22:08:44 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\307ea73ad7db5c22313c37d14410e7ec\VMC.ConnectionServices.TrafficOptimiser.ni.dll MOD - [2012.11.14 22:08:42 | 000,652,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a8502cde54c5a93c78d3e77982fe275e\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2012.11.14 22:08:42 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a5bc79bdf6aba422aa74cb2eb325389c\VMC.BaseServices.DataAccessor.ni.dll MOD - [2012.11.14 22:08:42 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\031984b90b19108e6964e6f223521e04\Interop.FNCClient11Lib.ni.dll MOD - [2012.11.14 22:08:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\3be2b2b68d06b1c2f8e5e61fd6f29c7f\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2012.11.14 22:08:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.14 22:08:40 | 000,852,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\028c62a33aa81f49486bd1763c5ac711\VMC.BaseServices.Platform.ni.dll MOD - [2012.11.14 22:08:40 | 000,483,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\b5e9e675c38a5ab1a8f9f2e7e9c25efe\VMC.ConnectionServicesInterface.ni.dll MOD - [2012.11.14 22:08:39 | 003,971,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileConnect\210547cea48e193dce5c814dc53dc65e\MobileConnect.ni.exe MOD - [2012.11.14 22:08:39 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\52ca5e8b3aec02d6243e56d5b8b7064a\VMC.UI.CommonDialogs.ni.dll MOD - [2012.11.14 21:24:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll MOD - [2012.11.14 21:24:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.14 21:24:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.14 21:24:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012.11.14 21:24:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012.11.14 21:24:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.14 21:24:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.14 21:24:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll MOD - [2012.11.14 21:24:04 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll MOD - [2012.11.14 21:24:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.14 21:23:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.14 21:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.14 21:23:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.06.09 10:01:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll MOD - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll MOD - [2009.05.01 17:58:06 | 000,514,352 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll MOD - [2009.05.01 17:58:04 | 001,057,512 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll MOD - [2009.05.01 17:58:04 | 000,627,944 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll MOD - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe MOD - [2006.12.11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.24 22:10:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.08 19:49:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.07 21:52:40 | 000,467,456 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service) SRV - [2011.02.21 01:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService) SRV - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN) SRV - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.07 21:53:04 | 002,740,328 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64) DRV:64bit: - [2011.11.07 21:53:04 | 000,069,224 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2011.10.01 07:52:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.10.01 07:52:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 12:09:20 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.03 13:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2010.08.25 01:11:52 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.08.11 20:33:26 | 000,127,984 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010.04.01 11:06:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.01.22 05:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 05:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.20 10:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.29 01:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CE2DD93-197F-4206-92DB-87E0F9AEA84B} IE:64bit: - HKLM\..\SearchScopes\{2CE2DD93-197F-4206-92DB-87E0F9AEA84B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {178EE1B6-E06E-483D-B00F-45F4245BDAA1} IE - HKLM\..\SearchScopes\{178EE1B6-E06E-483D-B00F-45F4245BDAA1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {1B4F177B-44ED-46C1-B715-DC0C9FC50A54} IE - HKCU\..\SearchScopes\{1B4F177B-44ED-46C1-B715-DC0C9FC50A54}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: starstable.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C88A1A-2DB3-4A91-9E0E-3D6F8E8B7FE3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.05 11:56:44 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.19 06:26:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.11.19 06:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.19 06:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.19 06:25:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.19 06:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.19 06:17:23 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.18 20:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2012.11.15 23:24:22 | 000,000,000 | ---D | C] -- C:\Quarantäne [2012.11.15 22:39:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.19 21:15:57 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.19 21:09:53 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.19 21:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.19 21:09:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.19 06:26:20 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 06:26:20 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 06:26:20 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 06:26:20 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 06:26:20 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 06:26:16 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 06:26:16 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 06:25:59 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.19 06:18:56 | 1066,844,158 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 20:51:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 19:40:25 | 000,001,457 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.16 20:13:44 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.14 21:23:29 | 000,415,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2012.11.04 19:58:22 | 000,266,766 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 06:25:59 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.18 20:51:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 19:40:25 | 000,001,457 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.04 21:41:12 | 000,266,766 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf [2012.04.17 23:11:26 | 000,013,291 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp [2012.02.12 01:02:52 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin [2012.02.12 01:02:38 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin [2011.09.05 21:22:35 | 000,007,629 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.06.15 19:41:54 | 000,011,419 | ---- | C] () -- C:\Users\***\AppData\Local\backup041820120010.vtp [2011.06.09 09:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2011.06.09 09:53:05 | 000,000,129 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2011.06.09 09:50:05 | 000,000,130 | ---- | C] () -- C:\Windows\Startup.INI [2011.06.08 12:36:40 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini [2011.06.08 12:36:40 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.03 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2012.09.29 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.06.09 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DATEV [2012.10.10 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2012.10.11 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.05.18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.04.26 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.02.22 05:42:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2011.06.15 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2012.11.18 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.06.29 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Securepoint SSL VPN [2012.03.14 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software [2012.05.20 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.07.21 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.08 14:18:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.13 23:37:31 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC [2012.11.16 19:03:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.05.07 20:26:35 | 000,000,000 | ---D | M] -- C:\darkspace [2011.06.09 09:55:38 | 000,000,000 | ---D | M] -- C:\DATEV [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.07 21:43:35 | 000,000,000 | ---D | M] -- C:\Intel [2012.01.29 00:46:57 | 000,000,000 | ---D | M] -- C:\Matrix Games [2011.06.09 10:51:54 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.30 21:26:43 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.19 06:25:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.19 06:25:57 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.30 01:31:43 | 000,000,000 | ---D | M] -- C:\Programs [2012.11.15 23:24:22 | 000,000,000 | ---D | M] -- C:\Quarantäne [2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.19 21:16:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.26 12:33:54 | 000,000,000 | ---D | M] -- C:\temp [2011.06.09 09:24:48 | 000,000,000 | R--D | M] -- C:\Users [2012.11.19 06:19:14 | 000,000,000 | ---D | M] -- C:\Windows [2012.11.19 06:17:23 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.11.05 18:13:37 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.11.05 18:13:38 | 000,001,134 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.08.08 20:01:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > |
|
19.11.2012, 23:34
| #6 |
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661 Schritt 1
Code:
ATTFilter :OTL
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
:Commands
[purity]
[emptytemp]
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
19.11.2012, 23:46
| #7 |
| | Infektion mit Gen:Variant.Symmi.4661 Und weiter gehts, hier kommen die Files.. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\ie_util.exe moved successfully.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ***
->Temp folder emptied: 20754 bytes
->Temporary Internet Files folder emptied: 10667748 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 10,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11192012_233812
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v2.008 - Datei am 19/11/2012 um 23:42:56 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : *** - LAPTOP_BERNHARD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [593 octets] - [19/11/2012 23:42:56]
########## EOF - C:\AdwCleaner[R1].txt - [652 octets] ##########
|
|
22.11.2012, 18:03
| #8 |
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661ESET Online Scanner
|
|
22.11.2012, 23:05
| #9 |
| | Infektion mit Gen:Variant.Symmi.4661 Tja, da hat er noch einiges gefunden: Aber bitte, wie kommt es, dass mein mehrmals täglich aktualisierter Mcafee das alles nicht gefunden hat? *seufz* Code:
ATTFilter C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe probably a variant of Win32/Spy.Agent.MEJZNIK trojan
E:\Downloads\UnlockRoot_downloader_by_UnlockRoot.exe a variant of Win32/Somoto.A application
G:\LAPTOP_BERNHARD\Backup Set 2012-10-07 154519\Backup Files 2012-10-07 154519\Backup files 39.zip Java/Exploit.Agent.NBC trojan
|
|
27.11.2012, 01:20
| #10 |
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661 Hast Du noch Probleme? Es gibt immer wieder Fälle in denen ein AV nichts findet. |
|
27.11.2012, 22:39
| #11 |
| | Infektion mit Gen:Variant.Symmi.4661 Hallo Swiss, ich kann zur Zeit keine Probleme erkennen. Nachdem ich bei Feststellung der Probleme die folgenden Add-Ons deaktiviert hatte Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper, wurden auch schon vor deiner Hilfe "scheinbar" keine Seiten mehr umgeleitet. Ich habe nun diese Add-Ons wieder aktiviert und es gibt offensichtlich keine Probleme.  Wofür sind diese Ad-Ons eigentlich gut? Kann ich die auch problemlos deinstallieren? Was mache ich denn jetzt mit den nachfolgenden Dateien? Code:
ATTFilter C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe probably a variant of Win32/Spy.Agent.MEJZNIK trojan
E:\Downloads\UnlockRoot_downloader_by_UnlockRoot.exe a variant of Win32/Somoto.A application
G:\LAPTOP_BERNHARD\Backup Set 2012-10-07 154519\Backup Files 2012-10-07 154519\Backup files 39.zip Java/Exploit.Agent.NBC trojan
Ich möchte gern einen anderen Vierenscanner auf einem anderen Rechner testen. Kann ich zu diesem Zweck problemlos die infizierte UnlockRoot_downloader_by_UnlockRoot.exe per eMail an den anderen Rechner senden, um den Scanner zu testen. Solange niemand diese Datei ausführt, sollte dies doch kein Problem/keine Gefahr sein, oder? Gruß, Chr.Bernhard |
|
29.11.2012, 01:50
| #12 | |||
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661Zitat:
Zitat:
Du kannst Du Datei auch einfach bei Virustotal.de hochladen und schauen welche Scanner die Datei finden: Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. |
|
30.11.2012, 23:10
| #13 |
| | Infektion mit Gen:Variant.Symmi.4661 Ich habe zwar den von dir angesprochenen "Current status" nirgends gefunden, aber ich denke mal, es war "finished". Hier kommt der Link https://www.virustotal.com/file/ca61ad293a58e1aa2f9a66ad197c5f45eeaf34b2a23eba3d505f92b2db68bcdc/analysis/1354312293/ Faszinierend, dass nur 6 von 46 Scannern etwas finden. Das ist nicht wirklich vertrauenserweckend.  Kannst du mir noch etwas zu diesen Add-Ons sagen? (Hintergrund siehe mein 1. und mein letzter Beitrag). Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper Löschen oder nicht? Aktivieren oder nicht aktivieren? Ich danke dir! Noch eine Frage: Bei einigen Add-Ons ist unter "weitere Informationen" der Button "Entfernen" grau und kann nicht betätigt werden. Woran liegt das? Zum Bsp: Name: An OneNote senden Herausgeber: Nicht verfügbar Typ: Browsererweiterung Version: Nicht verfügbar Dateidatum: Letzter Zugriff am: Dienstag, 13. November 2012, 23:48 Klassenkennung: {2670000A-7350-4F3C-8081-5663EE0C6C49} Verwendung (Anzahl): 22 Blockierungen (Anzahl): 0 Datei: Nicht verfügbar Ordner: Nicht verfügbar oder Name: Verknüpfte OneNote-Notizen Herausgeber: Nicht verfügbar Typ: Browsererweiterung Version: Nicht verfügbar Dateidatum: Letzter Zugriff am: Dienstag, 13. November 2012, 23:48 Klassenkennung: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Verwendung (Anzahl): 22 Blockierungen (Anzahl): 0 Datei: Nicht verfügbar Ordner: Nicht verfügbar Viele Grüße, Chr.Bernhard |
|
01.12.2012, 15:40
| #14 |
| /// Malwareteam | Infektion mit Gen:Variant.Symmi.4661 Also es ist auch nur Adware und nicht weiter schlimmes. Sondern eher ein ungewolltes Programm welches evtl. Werbung anzeigt aber nicht direkt aufs System zugreift. Mach einmal ein Screenshot dieser Addons. |
|
02.12.2012, 19:51
| #15 |
| | Infektion mit Gen:Variant.Symmi.4661 Hier kommt ein Screenshot eines beispielhaften Addons, das ich nicht entfernen kann. |
|
| Themen zu Infektion mit Gen:Variant.Symmi.4661 |
| akamai, autorun, bestimmte seiten, bho, canon, ebanking, eigenartig, error, excel, firefox, flash player, iexplore.exe, install.exe, installation, logfile, msiexec.exe, nvidia update, oracle america, plug-in, prozess, registry, rundll, scan, security, senden, server, software, svchost.exe, system, tcp, trojanisches pferd, usb, usb 3.0, windows, wrapper |
Textbox.
Linear-Darstellung
