|
Infektion mit Gen:Variant.Symmi.4661 Hallo zusammen, ich bitte euch um Hilfe bei dem nachfolgendem Problem. Ich hoffe ihr könnt mir helfen. Vielen Dank schon mal fürs Lesen!! :dankeschoen: Mein Zugang zum Onlinebanking wurde von meiner Bank wg. Phishing-Verdachts gesperrt. Aus diesem Anlass habe ich mir meinen Rechner genauer angesehen und habe folgendes festgestellt: 1. Mein Mcaffe Virenscanner meint folgendes gefunden zu haben: 15.11.2012 23:24:22 Gelöscht *** ODS c:\Documents and Settings\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1cebbbd3-12f03934\p.class JV/Exploit-Blacole.f (Trojanisches Pferd) angeblich wurde die gefundene Datei gelöscht. 2. Der Onlinescanner von Bitdefender findet danach noch Folgendes: Ihr System ist infiziert mit Gen:Variant.Symmi.4661 3. Der Internetexplorer leitet bestimmte Seiten um. Alle "normalen" Seiten werden normal dargestellt. Versuche ich jedoch Seiten mit Antivierenprogrammen zu öffenen, so werde ich auf eine angebliche Google-Seite umgeleitet mit der Nachricht, dass die Seite nicht gefunden werden kann. 4. Ich habe mir daraufhin die Add-Ons angesehen. Dort waren unter anderem folgende Module aktivert: Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper Nach Deaktivierung dieser Addons wird der IE scheinbar nicht mehr umgeleitet. In den weiteren Informationen zu diesen Addons werden folgende Informationen angezeigt: ---------------------------------------------------------------- Name: Java(tm) Plug-In SSV Helper Herausgeber: Oracle America, Inc. Typ: Browserhilfsobjekt Version: 7.0.90.5 Dateidatum: Letzter Zugriff am: Heute, 18. November 2012, Vor 27 Minuten Klassenkennung: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Verwendung (Anzahl): 490 Blockierungen (Anzahl): 906 Datei: ssv.dll Ordner: C:\Program Files (x86)\Java\jre7\bin ----------------------------------------------------- Name: Java(tm) Plug-In 2 SSV Helper Herausgeber: Oracle America, Inc. Typ: Browserhilfsobjekt Version: 7.0.90.5 Dateidatum: Letzter Zugriff am: Heute, 18. November 2012, Vor 26 Minuten Klassenkennung: {DBC80044-A445-435B-BC74-9C25C1C588A9} Verwendung (Anzahl): 490 Blockierungen (Anzahl): 2110 Datei: jp2ssv.dll Ordner: C:\Program Files (x86)\Java\jre7\bin -------------------------------------------------------- 5. Im Windows Task Manager läuft eine izni.exe als Prozess, mit dem ich nichts anfangen kann. Zur Zeit wird dieser Prozess komischer weise nicht angezeigt, sonst aber ständig. Mehr fällt mir erstmal nicht ein, außer, dass ich meine, dass sich mein IE vor einigen Tagen tatsächlich beim Versuch meine Bankseite zu erreichen eigenartig verhalten hatte. Hier folgen die Protokolle: OTL Extras logfile created on: 18.11.2012 20:54:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free 23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2AEE561C-EEAF-480B-A146-79D0AF6AE5A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3713E3C4-ADD7-480C-A78B-599CFD0A5D4C}" = rport=138 | protocol=17 | dir=out | app=system | "{494079AD-3323-4B78-A90D-7BC187792CFB}" = rport=445 | protocol=6 | dir=out | app=system | "{5E432694-EFA6-48B6-B50D-AD7E671F7E75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67D1AAE3-FF62-4542-90F3-CC7850C30257}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{88AC3F79-DE6B-4243-9270-D8201699E80B}" = lport=445 | protocol=6 | dir=in | app=system | "{A75CAFCE-91B6-4FF7-836B-B3486A38D374}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8AC2DDF-C3DB-486E-AE43-8E666A977825}" = rport=139 | protocol=6 | dir=out | app=system | "{BFF805F7-3D14-4348-A0E4-B9E2D7DF9378}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C91F922E-613E-4F90-84AE-664BB26B34B8}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | "{CFE75CD1-BA54-409F-8973-0BD08249607B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DF9D3BC6-3FE3-4475-93C8-8D1E4FC8AE61}" = lport=138 | protocol=17 | dir=in | app=system | "{EB70CAE5-CF35-4D8F-8AA8-D81190C52A5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F80235E4-26C8-434D-A9D3-74E58243D1E6}" = lport=139 | protocol=6 | dir=in | app=system | "{F87BA630-1174-48F8-822B-CF991AC7BB24}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C65ACB-1CB5-4A8F-9841-AB81B376A5A6}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00284CD6-3DF2-494E-B6C5-9B6D6CA77CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{072683FD-CB18-4CFF-906E-60D7238AAFB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{12A8288C-65E1-4CF6-9A21-040297EC7556}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{17891933-3306-4037-882F-06EA032A11B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CF7BBAC-2D58-44C0-87EC-1A43BEED0F60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F944876-6E6E-4B03-8784-0177A2578D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{35C423D9-0DF3-40A0-A997-CF47A80EA238}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{3B5769BA-6B87-4235-BF7C-BDBFAA366018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{43A6740C-AE00-48D4-86C5-0F750667D5B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{43BBD64D-0312-43DC-B63F-D0957CAAE407}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4A64E911-DBD6-4EFA-A0A3-FD06C490B4C9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5BA2CC1F-F0CB-4F46-A85C-1C6E32973A08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{6DF9592A-9ED4-40D3-B864-511C180B1FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6FA52E63-54AF-4745-A300-7D194B0F25A7}" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "{703D605F-B2A6-4704-8F39-EB1E424874BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{78F2204A-A38A-4F9B-9F2E-3ACFFA4FB7B1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "{8260E757-B3C7-48D7-B77B-FABD59ACD28A}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{829A488D-2D81-4809-B83B-096B9E591C82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{8A6A18FE-49F7-46F1-872B-8DF127643345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{921C0327-97A3-467F-9D2D-E301E8DD0007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9DDA3F79-AEBC-44B8-800B-C9DA97BD21DA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{A66EFD75-FA79-41D6-842A-A067AF7ED949}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{A7B68475-C0E3-485E-8C14-F66E01074906}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{B0FB754A-6B3D-485D-858F-D2662BF6E5B2}" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "{B2B7A2DF-4B37-41DB-A000-9057D6C4DE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{B54E8839-C822-4CA6-A943-B5D1E2CE87F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B6FD209E-0E7F-41FA-BC65-6C8B7D1E0A45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA94CB1B-FC7F-487E-9DDD-768FBC0D7D9C}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "{D115D6D8-6719-4D65-9272-7A996079914E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DF0E4816-6DF4-4665-B313-8955CFC863D5}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{E5079EAB-2CDD-44DF-8ADF-79335EF9F7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{ED5B3E97-FEC3-4C3A-88DD-0D7529D2A9A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F418244A-A5CA-4152-8B2A-1806B5AD0806}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FCC83410-8DDC-4783-B960-ED300CAC78E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{3F86233D-D1E0-4CFD-BB5C-E8D0553488A4}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "TCP Query User{602C6A06-0727-465E-B24F-5AA83968D2BD}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe | "TCP Query User{696014B3-60BE-4D2D-B09B-BC5147B202CC}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "TCP Query User{D0968201-E341-423B-9088-C89A6776227C}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe | "TCP Query User{EF3A49CB-A7E8-40DE-8F90-0A5F533F79DA}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "TCP Query User{F12F776E-E285-42F7-81AB-42F306D05CC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{73E526B4-975B-41EA-BA7F-2578981D6C2C}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe | "UDP Query User{7E1FFD9C-115E-477F-ABEE-A994865892F7}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe | "UDP Query User{A60479F1-D642-419C-B20E-96EEEAE3EA0E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{A8444D51-D1B0-493D-9108-49563CE2128C}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe | "UDP Query User{C86C44FC-F4C1-4E82-A9D7-F34A4BDF7D9D}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | "UDP Query User{F3415213-F784-4748-A6B4-9F10391DDA6C}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7DA36D55-AD81-4E28-8FCF-9A92C7148487}" = Microsoft SQL Server Native Client "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.77 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.77 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "{F04FF238-4E59-4443-8E37-5988C4C101C0}" = SQLXML4 "SMBus" = Intel(R) SMBus "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201 "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avidemux 2.5" = Avidemux 2.5 (32-bit) "bwin Poker JPC_is1" = bwin Poker JPC 1.0.0 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "DarkSpace" = DarkSpace 1.670 "DATEVB00000482.0" = DATEV Installation V.2.8 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "HCEDemo_is1" = Harpoon - Commander's Edition Demo "InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020 "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Office14.STANDARD" = Microsoft Office Standard 2010 "Securepoint SSL VPN" = Securepoint SSL VPN "SpeedFan" = SpeedFan (remove only) "Steam App 220" = Half-Life 2 "Steam App 50130" = Mafia II "Steam App 570" = Dota 2 "Steam App 57690" = Tropico 4 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 00:55:43 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1bb248d0 ID des fehlerhaften Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 64e0afcd-1f29-11e2-86f2-0090f5b5de29 Error - 26.10.2012 00:55:45 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1bb248d0 ID des fehlerhaften Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 66773441-1f29-11e2-86f2-0090f5b5de29 Error - 26.10.2012 13:16:29 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 29.10.2012 17:30:57 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1cd048d0 ID des fehlerhaften Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ec6b7b73-220f-11e2-87ee-0090f5b5de29 Error - 29.10.2012 17:30:59 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1cd048d0 ID des fehlerhaften Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: edfd6bf6-220f-11e2-87ee-0090f5b5de29 Error - 29.10.2012 18:04:50 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1d5048d0 ID des fehlerhaften Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a87850c9-2214-11e2-87ee-0090f5b5de29 Error - 29.10.2012 18:04:52 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1d5048d0 ID des fehlerhaften Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a9d28eab-2214-11e2-87ee-0090f5b5de29 Error - 30.10.2012 07:09:16 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 01.11.2012 15:14:56 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 06.11.2012 14:54:21 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10 Description = Error - 11.11.2012 04:29:58 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: LEGOStarWarsSaga.exe, Version: 1.0.0.0, Zeitstempel: 0x4a92fd8c Name des fehlerhaften Moduls: LEGOStarWarsSaga.exe, Version: 1.0.0.0, Zeitstempel: 0x4a92fd8c Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e2eab ID des fehlerhaften Prozesses: 0x1728 Startzeit der fehlerhaften Anwendung: 0x01cdbfe689c4ed98 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe Berichtskennung: f9a75f8a-2bd9-11e2-b78d-0090f5b5de29 [ System Events ] Error - 07.05.2012 15:23:52 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?06.?05.?2012 um 18:25:39 unerwartet heruntergefahren. Error - 07.05.2012 15:23:46 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 07.05.2012 15:23:56 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 08.05.2012 13:42:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 08.05.2012 13:42:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 10.05.2012 14:35:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 10.05.2012 14:35:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 17.05.2012 11:08:19 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?05.?2012 um 20:59:12 unerwartet heruntergefahren. Error - 17.05.2012 11:08:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281 Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 17.05.2012 11:08:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > OTL logfile created on: 18.11.2012 20:54:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free 23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe PRC - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe PRC - [2010.12.21 08:24:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe PRC - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe PRC - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe PRC - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.01.22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 22:08:45 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\b8e00112524df483c819ef6558bd1799\VMC.WindowsService.Core.ni.dll MOD - [2012.11.14 22:08:45 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\0d9671961582768cd2362fb01e4b219a\VMC.WindowsService.Messaging.ni.dll MOD - [2012.11.14 22:08:44 | 001,352,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e4771f839d57040086227940f4dec0d9\VMC.ConnectionServices.ni.dll MOD - [2012.11.14 22:08:44 | 000,691,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\e208daf17bcc47c9061751fb916df377\VMC.WwanWrapper.ni.dll MOD - [2012.11.14 22:08:44 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\8d855608ea66a426ce9c415cc5351e25\VMC.CsUtil.ni.dll MOD - [2012.11.14 22:08:44 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\4f40f159ebcc21e2e4cd39de56111724\Interop.Shell32.ni.dll MOD - [2012.11.14 22:08:44 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\307ea73ad7db5c22313c37d14410e7ec\VMC.ConnectionServices.TrafficOptimiser.ni.dll MOD - [2012.11.14 22:08:42 | 000,652,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a8502cde54c5a93c78d3e77982fe275e\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2012.11.14 22:08:42 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a5bc79bdf6aba422aa74cb2eb325389c\VMC.BaseServices.DataAccessor.ni.dll MOD - [2012.11.14 22:08:42 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\031984b90b19108e6964e6f223521e04\Interop.FNCClient11Lib.ni.dll MOD - [2012.11.14 22:08:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\3be2b2b68d06b1c2f8e5e61fd6f29c7f\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2012.11.14 22:08:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.14 22:08:40 | 000,852,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\028c62a33aa81f49486bd1763c5ac711\VMC.BaseServices.Platform.ni.dll MOD - [2012.11.14 22:08:40 | 000,483,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\b5e9e675c38a5ab1a8f9f2e7e9c25efe\VMC.ConnectionServicesInterface.ni.dll MOD - [2012.11.14 22:08:39 | 003,971,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileConnect\210547cea48e193dce5c814dc53dc65e\MobileConnect.ni.exe MOD - [2012.11.14 22:08:39 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\52ca5e8b3aec02d6243e56d5b8b7064a\VMC.UI.CommonDialogs.ni.dll MOD - [2012.11.14 21:24:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll MOD - [2012.11.14 21:24:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.14 21:24:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.14 21:24:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012.11.14 21:24:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012.11.14 21:24:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.14 21:24:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.14 21:24:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll MOD - [2012.11.14 21:24:04 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll MOD - [2012.11.14 21:24:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.14 21:23:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.14 21:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.14 21:23:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.06.09 10:01:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll MOD - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll MOD - [2009.05.01 17:58:06 | 000,514,352 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll MOD - [2009.05.01 17:58:04 | 001,057,512 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll MOD - [2009.05.01 17:58:04 | 000,627,944 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll MOD - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe MOD - [2006.12.11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.24 22:10:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.08 19:49:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.07 21:52:40 | 000,467,456 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service) SRV - [2011.02.21 01:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService) SRV - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN) SRV - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.07 21:53:04 | 002,740,328 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64) DRV:64bit: - [2011.11.07 21:53:04 | 000,069,224 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2011.10.01 07:52:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.10.01 07:52:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 12:09:20 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.03 13:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2010.08.25 01:11:52 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.08.11 20:33:26 | 000,127,984 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010.04.01 11:06:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.01.22 05:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 05:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.20 10:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.29 01:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CE2DD93-197F-4206-92DB-87E0F9AEA84B} IE:64bit: - HKLM\..\SearchScopes\{2CE2DD93-197F-4206-92DB-87E0F9AEA84B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {178EE1B6-E06E-483D-B00F-45F4245BDAA1} IE - HKLM\..\SearchScopes\{178EE1B6-E06E-483D-B00F-45F4245BDAA1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {1B4F177B-44ED-46C1-B715-DC0C9FC50A54} IE - HKCU\..\SearchScopes\{1B4F177B-44ED-46C1-B715-DC0C9FC50A54}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [IExplorer Util] C:\Users\***\AppData\Roaming\ie_util.exe (Oxygen Software) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Ydxagaroy] C:\Users\***\AppData\Roaming\Qypye\izni.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: starstable.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C88A1A-2DB3-4A91-9E0E-3D6F8E8B7FE3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.05 11:56:44 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 20:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2012.11.15 23:24:22 | 000,000,000 | ---D | C] -- C:\Quarantäne [2012.11.15 22:39:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rytouf [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qypye [2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muexw [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.18 20:51:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 20:31:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.18 20:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.18 19:40:25 | 000,001,457 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.18 19:31:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:23:23 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 19:23:23 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 19:23:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 19:23:23 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 19:23:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 19:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 19:16:00 | 1066,844,158 | -HS- | M] () -- C:\hiberfil.sys [2012.11.16 20:13:44 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.14 21:23:29 | 000,415,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe [2012.11.04 19:58:22 | 000,266,766 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.18 20:51:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.18 20:50:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.18 19:40:25 | 000,001,457 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk [2012.11.04 21:41:12 | 000,266,766 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf [2012.04.17 23:11:26 | 000,013,291 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp [2012.02.12 01:02:52 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin [2012.02.12 01:02:38 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin [2011.09.05 21:22:35 | 000,007,629 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.06.15 19:41:54 | 000,011,419 | ---- | C] () -- C:\Users\***\AppData\Local\backup041820120010.vtp [2011.06.09 09:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2011.06.09 09:53:05 | 000,000,129 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2011.06.09 09:50:05 | 000,000,130 | ---- | C] () -- C:\Windows\Startup.INI [2011.06.08 12:36:40 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini [2011.06.08 12:36:40 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.03 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2012.09.29 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.06.09 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DATEV [2012.10.10 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2012.10.11 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.05.18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.04.26 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.11.18 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muexw [2012.02.22 05:42:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2011.06.15 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2012.11.18 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qypye [2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rytouf [2011.06.29 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Securepoint SSL VPN [2012.03.14 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software [2012.05.20 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.07.21 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > |
:hallo: Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1
Code: :OTL
Schritt 2 Downloade Dir bitte Malwarebytes
|
Danke für die schnelle Antwort zu dieser späten Stunde :daumenhoc Es folgen die Logs. Ich bin der Meinung im OTL Script die *** durch meinen Usernamen ersetzt zu haben. Dennoch scheint das laut nachfolgendem Log nicht vollständig so zu sein. Ob ich eine Zeile vergessen habe? Damit du das erkennen kannst habe ich dieses mal den Namen nicht durch *** ersetzt, sondern durch *user*. Trotzdem findet sich im Log auch *** , sieht nach einem Fehler meinserseits aus. Malwarebytes hat keine infizierten Objekte gefunden. Code: All processes killedCode: Malwarebytes Anti-Malware 1.65.1.1000 |
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: activex
|
Es hat sich nach diesem Scan nur die OTL.txt geöffnet. WO IST DIE EXTRA.TXT ? Code: OTL logfile created on: 19.11.2012 21:15:07 - Run 2 |
Schritt 1
Code: :OTL
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
Und weiter gehts, hier kommen die Files.. Code: All processes killedCode: # AdwCleaner v2.008 - Datei am 19/11/2012 um 23:42:56 erstellt |
ESET Online Scanner
|
Tja, da hat er noch einiges gefunden: Aber bitte, wie kommt es, dass mein mehrmals täglich aktualisierter Mcafee das alles nicht gefunden hat? *seufz* Code: C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe probably a variant of Win32/Spy.Agent.MEJZNIK trojan |
Hast Du noch Probleme? Es gibt immer wieder Fälle in denen ein AV nichts findet. |
Hallo Swiss, ich kann zur Zeit keine Probleme erkennen. Nachdem ich bei Feststellung der Probleme die folgenden Add-Ons deaktiviert hatte Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper, wurden auch schon vor deiner Hilfe "scheinbar" keine Seiten mehr umgeleitet. Ich habe nun diese Add-Ons wieder aktiviert und es gibt offensichtlich keine Probleme. :applaus: Wofür sind diese Ad-Ons eigentlich gut? Kann ich die auch problemlos deinstallieren? Was mache ich denn jetzt mit den nachfolgenden Dateien? Code: C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe probably a variant of Win32/Spy.Agent.MEJZNIK trojanIch möchte gern einen anderen Vierenscanner auf einem anderen Rechner testen. Kann ich zu diesem Zweck problemlos die infizierte UnlockRoot_downloader_by_UnlockRoot.exe per eMail an den anderen Rechner senden, um den Scanner zu testen. Solange niemand diese Datei ausführt, sollte dies doch kein Problem/keine Gefahr sein, oder? Gruß, Chr.Bernhard |
Zitat:
Zitat:
Du kannst Du Datei auch einfach bei Virustotal.de hochladen und schauen welche Scanner die Datei finden: Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. |
Ich habe zwar den von dir angesprochenen "Current status" nirgends gefunden, aber ich denke mal, es war "finished". Hier kommt der Link https://www.virustotal.com/file/ca61ad293a58e1aa2f9a66ad197c5f45eeaf34b2a23eba3d505f92b2db68bcdc/analysis/1354312293/ Faszinierend, dass nur 6 von 46 Scannern etwas finden. Das ist nicht wirklich vertrauenserweckend. :wtf: Kannst du mir noch etwas zu diesen Add-Ons sagen? (Hintergrund siehe mein 1. und mein letzter Beitrag). Add-Ons Java(tm) Plug-In SSV Helper Add-Ons Java(tm) Plug-In 2 SSV Helper Löschen oder nicht? Aktivieren oder nicht aktivieren? Ich danke dir! Noch eine Frage: Bei einigen Add-Ons ist unter "weitere Informationen" der Button "Entfernen" grau und kann nicht betätigt werden. Woran liegt das? Zum Bsp: Name: An OneNote senden Herausgeber: Nicht verfügbar Typ: Browsererweiterung Version: Nicht verfügbar Dateidatum: Letzter Zugriff am: Dienstag, 13. November 2012, 23:48 Klassenkennung: {2670000A-7350-4F3C-8081-5663EE0C6C49} Verwendung (Anzahl): 22 Blockierungen (Anzahl): 0 Datei: Nicht verfügbar Ordner: Nicht verfügbar oder Name: Verknüpfte OneNote-Notizen Herausgeber: Nicht verfügbar Typ: Browsererweiterung Version: Nicht verfügbar Dateidatum: Letzter Zugriff am: Dienstag, 13. November 2012, 23:48 Klassenkennung: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Verwendung (Anzahl): 22 Blockierungen (Anzahl): 0 Datei: Nicht verfügbar Ordner: Nicht verfügbar Viele Grüße, Chr.Bernhard |
Also es ist auch nur Adware und nicht weiter schlimmes. Sondern eher ein ungewolltes Programm welches evtl. Werbung anzeigt aber nicht direkt aufs System zugreift. Mach einmal ein Screenshot dieser Addons. |
Liste der Anhänge anzeigen (Anzahl: 2) Hier kommt ein Screenshot eines beispielhaften Addons, das ich nicht entfernen kann. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:28 Uhr. |
Copyright ©2000-2025, Trojaner-Board
