Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infektion mit Gen:Variant.Symmi.4661

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.11.2012, 21:55   #1
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Hallo zusammen,

ich bitte euch um Hilfe bei dem nachfolgendem Problem. Ich hoffe ihr könnt mir helfen. Vielen Dank schon mal fürs Lesen!!

Mein Zugang zum Onlinebanking wurde von meiner Bank wg. Phishing-Verdachts gesperrt. Aus diesem Anlass habe ich mir meinen Rechner genauer angesehen und habe folgendes festgestellt:

1. Mein Mcaffe Virenscanner meint folgendes gefunden zu haben:

15.11.2012 23:24:22 Gelöscht *** ODS c:\Documents and Settings\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1cebbbd3-12f03934\p.class JV/Exploit-Blacole.f (Trojanisches Pferd)

angeblich wurde die gefundene Datei gelöscht.

2. Der Onlinescanner von Bitdefender findet danach noch Folgendes:

Ihr System ist infiziert mit Gen:Variant.Symmi.4661

3. Der Internetexplorer leitet bestimmte Seiten um. Alle "normalen" Seiten werden normal dargestellt. Versuche ich jedoch Seiten mit Antivierenprogrammen zu öffenen, so werde ich auf eine angebliche Google-Seite umgeleitet mit der Nachricht, dass die Seite nicht gefunden werden kann.

4. Ich habe mir daraufhin die Add-Ons angesehen. Dort waren unter anderem folgende Module aktivert:

Add-Ons Java(tm) Plug-In SSV Helper
Add-Ons Java(tm) Plug-In 2 SSV Helper

Nach Deaktivierung dieser Addons wird der IE scheinbar nicht mehr umgeleitet.

In den weiteren Informationen zu diesen Addons werden folgende Informationen angezeigt:

----------------------------------------------------------------
Name: Java(tm) Plug-In SSV Helper
Herausgeber: Oracle America, Inc.
Typ: Browserhilfsobjekt
Version: 7.0.90.5
Dateidatum:
Letzter Zugriff am: ‎Heute, ‎18. ‎November ‎2012, ‏‎Vor 27 Minuten
Klassenkennung: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Verwendung (Anzahl): 490
Blockierungen (Anzahl): 906
Datei: ssv.dll
Ordner: C:\Program Files (x86)\Java\jre7\bin
-----------------------------------------------------
Name: Java(tm) Plug-In 2 SSV Helper
Herausgeber: Oracle America, Inc.
Typ: Browserhilfsobjekt
Version: 7.0.90.5
Dateidatum:
Letzter Zugriff am: ‎Heute, ‎18. ‎November ‎2012, ‏‎Vor 26 Minuten
Klassenkennung: {DBC80044-A445-435B-BC74-9C25C1C588A9}
Verwendung (Anzahl): 490
Blockierungen (Anzahl): 2110
Datei: jp2ssv.dll
Ordner: C:\Program Files (x86)\Java\jre7\bin
--------------------------------------------------------

5. Im Windows Task Manager läuft eine izni.exe als Prozess, mit dem ich nichts anfangen kann. Zur Zeit wird dieser Prozess komischer weise nicht angezeigt, sonst aber ständig.

Mehr fällt mir erstmal nicht ein, außer, dass ich meine, dass sich mein IE vor einigen Tagen tatsächlich beim Versuch meine Bankseite zu erreichen eigenartig verhalten hatte.

Hier folgen die Protokolle:

OTL Extras logfile created on: 18.11.2012 20:54:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free
23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AEE561C-EEAF-480B-A146-79D0AF6AE5A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3713E3C4-ADD7-480C-A78B-599CFD0A5D4C}" = rport=138 | protocol=17 | dir=out | app=system |
"{494079AD-3323-4B78-A90D-7BC187792CFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E432694-EFA6-48B6-B50D-AD7E671F7E75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67D1AAE3-FF62-4542-90F3-CC7850C30257}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{88AC3F79-DE6B-4243-9270-D8201699E80B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A75CAFCE-91B6-4FF7-836B-B3486A38D374}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8AC2DDF-C3DB-486E-AE43-8E666A977825}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFF805F7-3D14-4348-A0E4-B9E2D7DF9378}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C91F922E-613E-4F90-84AE-664BB26B34B8}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{CFE75CD1-BA54-409F-8973-0BD08249607B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF9D3BC6-3FE3-4475-93C8-8D1E4FC8AE61}" = lport=138 | protocol=17 | dir=in | app=system |
"{EB70CAE5-CF35-4D8F-8AA8-D81190C52A5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F80235E4-26C8-434D-A9D3-74E58243D1E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F87BA630-1174-48F8-822B-CF991AC7BB24}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C65ACB-1CB5-4A8F-9841-AB81B376A5A6}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00284CD6-3DF2-494E-B6C5-9B6D6CA77CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{072683FD-CB18-4CFF-906E-60D7238AAFB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12A8288C-65E1-4CF6-9A21-040297EC7556}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{17891933-3306-4037-882F-06EA032A11B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CF7BBAC-2D58-44C0-87EC-1A43BEED0F60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F944876-6E6E-4B03-8784-0177A2578D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{35C423D9-0DF3-40A0-A997-CF47A80EA238}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{3B5769BA-6B87-4235-BF7C-BDBFAA366018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{43A6740C-AE00-48D4-86C5-0F750667D5B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{43BBD64D-0312-43DC-B63F-D0957CAAE407}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4A64E911-DBD6-4EFA-A0A3-FD06C490B4C9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BA2CC1F-F0CB-4F46-A85C-1C6E32973A08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{6DF9592A-9ED4-40D3-B864-511C180B1FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6FA52E63-54AF-4745-A300-7D194B0F25A7}" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe |
"{703D605F-B2A6-4704-8F39-EB1E424874BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78F2204A-A38A-4F9B-9F2E-3ACFFA4FB7B1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{8260E757-B3C7-48D7-B77B-FABD59ACD28A}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{829A488D-2D81-4809-B83B-096B9E591C82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{8A6A18FE-49F7-46F1-872B-8DF127643345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{921C0327-97A3-467F-9D2D-E301E8DD0007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9DDA3F79-AEBC-44B8-800B-C9DA97BD21DA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A66EFD75-FA79-41D6-842A-A067AF7ED949}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A7B68475-C0E3-485E-8C14-F66E01074906}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B0FB754A-6B3D-485D-858F-D2662BF6E5B2}" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe |
"{B2B7A2DF-4B37-41DB-A000-9057D6C4DE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{B54E8839-C822-4CA6-A943-B5D1E2CE87F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6FD209E-0E7F-41FA-BC65-6C8B7D1E0A45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA94CB1B-FC7F-487E-9DDD-768FBC0D7D9C}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{D115D6D8-6719-4D65-9272-7A996079914E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DF0E4816-6DF4-4665-B313-8955CFC863D5}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{E5079EAB-2CDD-44DF-8ADF-79335EF9F7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{ED5B3E97-FEC3-4C3A-88DD-0D7529D2A9A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F418244A-A5CA-4152-8B2A-1806B5AD0806}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FCC83410-8DDC-4783-B960-ED300CAC78E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{3F86233D-D1E0-4CFD-BB5C-E8D0553488A4}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe |
"TCP Query User{602C6A06-0727-465E-B24F-5AA83968D2BD}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe |
"TCP Query User{696014B3-60BE-4D2D-B09B-BC5147B202CC}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=6 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe |
"TCP Query User{D0968201-E341-423B-9088-C89A6776227C}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe |
"TCP Query User{EF3A49CB-A7E8-40DE-8F90-0A5F533F79DA}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe |
"TCP Query User{F12F776E-E285-42F7-81AB-42F306D05CC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{73E526B4-975B-41EA-BA7F-2578981D6C2C}C:\darkspace\.cache\darkspace\darkspaceclient.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\darkspaceclient.exe |
"UDP Query User{7E1FFD9C-115E-477F-ABEE-A994865892F7}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\7blynygf\maestia-downloader[1].exe |
"UDP Query User{A60479F1-D642-419C-B20E-96EEEAE3EA0E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{A8444D51-D1B0-493D-9108-49563CE2128C}C:\darkspace\.cache\darkspace\bugreport.exe" = protocol=17 | dir=in | app=c:\darkspace\.cache\darkspace\bugreport.exe |
"UDP Query User{C86C44FC-F4C1-4E82-A9D7-F34A4BDF7D9D}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe |
"UDP Query User{F3415213-F784-4748-A6B4-9F10391DDA6C}C:\users\***\appdata\roaming\qypye\izni.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\qypye\izni.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DA36D55-AD81-4E28-8FCF-9A92C7148487}" = Microsoft SQL Server Native Client
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{F04FF238-4E59-4443-8E37-5988C4C101C0}" = SQLXML4
"SMBus" = Intel(R) SMBus
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"DarkSpace" = DarkSpace 1.670
"DATEVB00000482.0" = DATEV Installation V.2.8
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"HCEDemo_is1" = Harpoon - Commander's Edition Demo
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"Securepoint SSL VPN" = Securepoint SSL VPN
"SpeedFan" = SpeedFan (remove only)
"Steam App 220" = Half-Life 2
"Steam App 50130" = Mafia II
"Steam App 570" = Dota 2
"Steam App 57690" = Tropico 4
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.10.2012 00:55:43 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1bb248d0 ID des fehlerhaften
Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 64e0afcd-1f29-11e2-86f2-0090f5b5de29

Error - 26.10.2012 00:55:45 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1bb248d0 ID des fehlerhaften
Prozesses: 0x1a68 Startzeit der fehlerhaften Anwendung: 0x01cdb334d89608d8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 66773441-1f29-11e2-86f2-0090f5b5de29

Error - 26.10.2012 13:16:29 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10
Description =

Error - 29.10.2012 17:30:57 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1cd048d0 ID des fehlerhaften
Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ec6b7b73-220f-11e2-87ee-0090f5b5de29

Error - 29.10.2012 17:30:59 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1cd048d0 ID des fehlerhaften
Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01cdb5224106291f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: edfd6bf6-220f-11e2-87ee-0090f5b5de29

Error - 29.10.2012 18:04:50 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1d5048d0 ID des fehlerhaften
Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a87850c9-2214-11e2-87ee-0090f5b5de29

Error - 29.10.2012 18:04:52 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x1d5048d0 ID des fehlerhaften
Prozesses: 0x2518 Startzeit der fehlerhaften Anwendung: 0x01cdb61ed30b5cf9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a9d28eab-2214-11e2-87ee-0090f5b5de29

Error - 30.10.2012 07:09:16 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10
Description =

Error - 01.11.2012 15:14:56 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10
Description =

Error - 06.11.2012 14:54:21 | Computer Name = Laptop_Bernhard | Source = WinMgmt | ID = 10
Description =

Error - 11.11.2012 04:29:58 | Computer Name = Laptop_Bernhard | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LEGOStarWarsSaga.exe, Version: 1.0.0.0,
Zeitstempel: 0x4a92fd8c Name des fehlerhaften Moduls: LEGOStarWarsSaga.exe, Version:
1.0.0.0, Zeitstempel: 0x4a92fd8c Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e2eab
ID
des fehlerhaften Prozesses: 0x1728 Startzeit der fehlerhaften Anwendung: 0x01cdbfe689c4ed98
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\LucasArts\LEGO Star Wars - The
Complete Saga\LEGOStarWarsSaga.exe Pfad des fehlerhaften Moduls: C:\Program Files
(x86)\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe Berichtskennung:
f9a75f8a-2bd9-11e2-b78d-0090f5b5de29

[ System Events ]
Error - 07.05.2012 15:23:52 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2012 um 18:25:39 unerwartet heruntergefahren.

Error - 07.05.2012 15:23:46 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281
Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}"
konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers
nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error - 07.05.2012 15:23:56 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 08.05.2012 13:42:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281
Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}"
konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers
nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error - 08.05.2012 13:42:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 10.05.2012 14:35:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281
Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}"
konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers
nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error - 10.05.2012 14:35:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 17.05.2012 11:08:19 | Computer Name = Laptop_Bernhard | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?05.?2012 um 20:59:12 unerwartet heruntergefahren.

Error - 17.05.2012 11:08:13 | Computer Name = Laptop_Bernhard | Source = Ntfs | ID = 262281
Description = Auf dem Volume "\\?\Volume{0555d8b7-54fe-11e1-9284-806e6f6e6963}"
konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers
nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error - 17.05.2012 11:08:22 | Computer Name = Laptop_Bernhard | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IOCBIOS" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


< End of report >


OTL logfile created on: 18.11.2012 20:54:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

11,99 Gb Total Physical Memory | 10,09 Gb Available Physical Memory | 84,15% Memory free
23,98 Gb Paging File | 21,74 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,78 Gb Total Space | 113,72 Gb Free Space | 51,98% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive E: | 457,85 Gb Total Space | 418,95 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010.12.21 08:24:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
PRC - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe
PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010.01.22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe
PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.14 22:08:45 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\b8e00112524df483c819ef6558bd1799\VMC.WindowsService.Core.ni.dll
MOD - [2012.11.14 22:08:45 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\0d9671961582768cd2362fb01e4b219a\VMC.WindowsService.Messaging.ni.dll
MOD - [2012.11.14 22:08:44 | 001,352,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e4771f839d57040086227940f4dec0d9\VMC.ConnectionServices.ni.dll
MOD - [2012.11.14 22:08:44 | 000,691,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\e208daf17bcc47c9061751fb916df377\VMC.WwanWrapper.ni.dll
MOD - [2012.11.14 22:08:44 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\8d855608ea66a426ce9c415cc5351e25\VMC.CsUtil.ni.dll
MOD - [2012.11.14 22:08:44 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\4f40f159ebcc21e2e4cd39de56111724\Interop.Shell32.ni.dll
MOD - [2012.11.14 22:08:44 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\307ea73ad7db5c22313c37d14410e7ec\VMC.ConnectionServices.TrafficOptimiser.ni.dll
MOD - [2012.11.14 22:08:42 | 000,652,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a8502cde54c5a93c78d3e77982fe275e\VMC.BaseServices.XmlSerializers.ni.dll
MOD - [2012.11.14 22:08:42 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a5bc79bdf6aba422aa74cb2eb325389c\VMC.BaseServices.DataAccessor.ni.dll
MOD - [2012.11.14 22:08:42 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\031984b90b19108e6964e6f223521e04\Interop.FNCClient11Lib.ni.dll
MOD - [2012.11.14 22:08:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\3be2b2b68d06b1c2f8e5e61fd6f29c7f\VMC.BaseServices.OutlookConnector.ni.dll
MOD - [2012.11.14 22:08:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012.11.14 22:08:40 | 000,852,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\028c62a33aa81f49486bd1763c5ac711\VMC.BaseServices.Platform.ni.dll
MOD - [2012.11.14 22:08:40 | 000,483,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\b5e9e675c38a5ab1a8f9f2e7e9c25efe\VMC.ConnectionServicesInterface.ni.dll
MOD - [2012.11.14 22:08:39 | 003,971,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileConnect\210547cea48e193dce5c814dc53dc65e\MobileConnect.ni.exe
MOD - [2012.11.14 22:08:39 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\52ca5e8b3aec02d6243e56d5b8b7064a\VMC.UI.CommonDialogs.ni.dll
MOD - [2012.11.14 21:24:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012.11.14 21:24:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.14 21:24:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 21:24:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012.11.14 21:24:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012.11.14 21:24:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 21:24:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 21:24:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.14 21:24:04 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012.11.14 21:24:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 21:23:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 21:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 21:23:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011.06.09 10:01:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2009.05.01 17:58:06 | 000,514,352 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
MOD - [2009.05.01 17:58:04 | 001,057,512 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
MOD - [2009.05.01 17:58:04 | 000,627,944 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
MOD - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
MOD - [2006.12.11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll
MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.24 22:10:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.08 19:49:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.07 21:52:40 | 000,467,456 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV - [2011.02.21 01:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN)
SRV - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.07 21:53:04 | 002,740,328 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2011.11.07 21:53:04 | 000,069,224 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2011.10.01 07:52:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.01 07:52:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 12:09:20 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.03 13:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.08.25 01:11:52 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.08.11 20:33:26 | 000,127,984 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.04.01 11:06:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.01.22 05:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 05:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.20 10:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.29 01:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CE2DD93-197F-4206-92DB-87E0F9AEA84B}
IE:64bit: - HKLM\..\SearchScopes\{2CE2DD93-197F-4206-92DB-87E0F9AEA84B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {178EE1B6-E06E-483D-B00F-45F4245BDAA1}
IE - HKLM\..\SearchScopes\{178EE1B6-E06E-483D-B00F-45F4245BDAA1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {1B4F177B-44ED-46C1-B715-DC0C9FC50A54}
IE - HKCU\..\SearchScopes\{1B4F177B-44ED-46C1-B715-DC0C9FC50A54}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [IExplorer Util] C:\Users\***\AppData\Roaming\ie_util.exe (Oxygen Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Ydxagaroy] C:\Users\***\AppData\Roaming\Qypye\izni.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starstable.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C88A1A-2DB3-4A91-9E0E-3D6F8E8B7FE3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.05 11:56:44 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.18 20:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.18 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2012.11.15 23:24:22 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.11.15 22:39:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rytouf
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muexw
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.18 20:51:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.18 20:50:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.18 20:31:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 20:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 19:40:25 | 000,001,457 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.11.18 19:31:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 19:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 19:23:23 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.18 19:23:23 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.18 19:23:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.18 19:23:23 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.18 19:23:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.18 19:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 19:16:00 | 1066,844,158 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.16 20:13:44 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.11.14 21:23:29 | 000,415,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.04 19:58:22 | 000,266,766 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.18 20:51:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.18 20:50:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.18 19:40:25 | 000,001,457 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.11.04 21:41:12 | 000,266,766 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2012.04.17 23:11:26 | 000,013,291 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp
[2012.02.12 01:02:52 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.02.12 01:02:38 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2011.09.05 21:22:35 | 000,007,629 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.06.15 19:41:54 | 000,011,419 | ---- | C] () -- C:\Users\***\AppData\Local\backup041820120010.vtp
[2011.06.09 09:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.06.09 09:53:05 | 000,000,129 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.06.09 09:50:05 | 000,000,130 | ---- | C] () -- C:\Windows\Startup.INI
[2011.06.08 12:36:40 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini
[2011.06.08 12:36:40 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.03.03 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.09.29 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.06.09 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DATEV
[2012.10.10 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.10.11 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.05.18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.04.26 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.11.18 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muexw
[2012.02.22 05:42:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2011.06.15 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2012.11.18 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rytouf
[2011.06.29 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Securepoint SSL VPN
[2012.03.14 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2012.05.20 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4
[2011.07.21 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone

========== Purity Check ==========



< End of report >

Alt 19.11.2012, 01:06   #2
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
WICHTIG!! Ersetze die ***** mit dem richtigen Pfadnamen!!
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Ydxagaroy] C:\Users\***\AppData\Roaming\Qypye\izni.exe ()
O4 - HKCU..\Run: [IExplorer Util] C:\Users\***\AppData\Roaming\ie_util.exe (Oxygen Software)
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rytouf
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muexw
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qypye
[2012.11.10 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rytouf
:Commands
[purity]
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________


Alt 19.11.2012, 06:41   #3
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Danke für die schnelle Antwort zu dieser späten Stunde

Es folgen die Logs. Ich bin der Meinung im OTL Script die *** durch meinen Usernamen ersetzt zu haben. Dennoch scheint das laut nachfolgendem Log nicht vollständig so zu sein. Ob ich eine Zeile vergessen habe? Damit du das erkennen kannst habe ich dieses mal den Namen nicht durch *** ersetzt, sondern durch *user*. Trotzdem findet sich im Log auch *** , sieht nach einem Fehler meinserseits aus.

Malwarebytes hat keine infizierten Objekte gefunden.


Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ydxagaroy deleted successfully.
File C:\Users\***\AppData\Roaming\Qypye\izni.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IExplorer Util deleted successfully.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
C:\Users\*user*\AppData\Roaming\Rytouf folder moved successfully.
C:\Users\*user*\AppData\Roaming\Qypye folder moved successfully.
C:\Users\*user*\AppData\Roaming\Muexw folder moved successfully.
Folder C:\Users\*user*\AppData\Roaming\Qypye\ not found.
Folder C:\Users\*user*\AppData\Roaming\Rytouf\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: *user*
->Temp folder emptied: 353864707 bytes
->Temporary Internet Files folder emptied: 103057712 bytes
->Java cache emptied: 6338191 bytes
->Flash cache emptied: 3479 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18718435 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 4861448417 bytes
 
Total Files Cleaned = 5.096,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11192012_061723

Files\Folders moved on Reboot...
File\Folder C:\Users\*user*\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8T0DG41U\1;b8=2;c0=3;c1=3;c2=3;d7=3;e8=0;f6=3;g1=3;g4=0;g5=3;ct_s=1;z1=1;z2=1;ct_y=1;x9=0;x1=1;x5=0;x3=0;x7=0;k6=1;x8=0;k8=0;x4=0;x6=0;x2=0;u1=0;u2=8;ord=8314570515314810[1].js not found!
File\Folder C:\Users\*user*\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\51WZOFGA\1;b8=2;c0=3;c1=3;c2=3;d7=3;e8=0;f6=3;g1=3;g4=0;g5=3;ct_s=1;z1=1;z2=1;ct_y=1;x9=0;x1=1;x5=0;x3=0;x7=0;k6=1;x8=0;k8=0;x4=0;x6=0;x2=0;u1=0;u2=8;ord=8314570515314810[1].js not found!
C:\Users\*user*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
christian.bernhard :: LAPTOP_BERNHARD [Administrator]

19.11.2012 06:28:17
mbam-log-2012-11-19 (06-28-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220192
Laufzeit: 1 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 19.11.2012, 17:29   #4
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Alt 19.11.2012, 21:36   #5
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Es hat sich nach diesem Scan nur die OTL.txt geöffnet.

WO IST DIE EXTRA.TXT ?

Code:
ATTFilter
OTL logfile created on: 19.11.2012 21:15:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,04 Gb Available Physical Memory | 83,72% Memory free
23,98 Gb Paging File | 21,73 Gb Available in Paging File | 90,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,78 Gb Total Space | 114,45 Gb Free Space | 52,31% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive E: | 457,85 Gb Total Space | 423,17 Gb Free Space | 92,43% Space Free | Partition Type: NTFS
Drive F: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 47,06 Mb Total Space | 17,30 Mb Free Space | 36,76% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP_BERNHARD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010.12.21 08:24:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
PRC - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe
PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010.01.22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe
PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 22:08:45 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\b8e00112524df483c819ef6558bd1799\VMC.WindowsService.Core.ni.dll
MOD - [2012.11.14 22:08:45 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\0d9671961582768cd2362fb01e4b219a\VMC.WindowsService.Messaging.ni.dll
MOD - [2012.11.14 22:08:44 | 001,352,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e4771f839d57040086227940f4dec0d9\VMC.ConnectionServices.ni.dll
MOD - [2012.11.14 22:08:44 | 000,691,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\e208daf17bcc47c9061751fb916df377\VMC.WwanWrapper.ni.dll
MOD - [2012.11.14 22:08:44 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\8d855608ea66a426ce9c415cc5351e25\VMC.CsUtil.ni.dll
MOD - [2012.11.14 22:08:44 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\4f40f159ebcc21e2e4cd39de56111724\Interop.Shell32.ni.dll
MOD - [2012.11.14 22:08:44 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\307ea73ad7db5c22313c37d14410e7ec\VMC.ConnectionServices.TrafficOptimiser.ni.dll
MOD - [2012.11.14 22:08:42 | 000,652,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a8502cde54c5a93c78d3e77982fe275e\VMC.BaseServices.XmlSerializers.ni.dll
MOD - [2012.11.14 22:08:42 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a5bc79bdf6aba422aa74cb2eb325389c\VMC.BaseServices.DataAccessor.ni.dll
MOD - [2012.11.14 22:08:42 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\031984b90b19108e6964e6f223521e04\Interop.FNCClient11Lib.ni.dll
MOD - [2012.11.14 22:08:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\3be2b2b68d06b1c2f8e5e61fd6f29c7f\VMC.BaseServices.OutlookConnector.ni.dll
MOD - [2012.11.14 22:08:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012.11.14 22:08:40 | 000,852,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\028c62a33aa81f49486bd1763c5ac711\VMC.BaseServices.Platform.ni.dll
MOD - [2012.11.14 22:08:40 | 000,483,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\b5e9e675c38a5ab1a8f9f2e7e9c25efe\VMC.ConnectionServicesInterface.ni.dll
MOD - [2012.11.14 22:08:39 | 003,971,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileConnect\210547cea48e193dce5c814dc53dc65e\MobileConnect.ni.exe
MOD - [2012.11.14 22:08:39 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\52ca5e8b3aec02d6243e56d5b8b7064a\VMC.UI.CommonDialogs.ni.dll
MOD - [2012.11.14 21:24:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012.11.14 21:24:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.14 21:24:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 21:24:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012.11.14 21:24:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012.11.14 21:24:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 21:24:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 21:24:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.14 21:24:04 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012.11.14 21:24:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 21:23:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 21:23:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 21:23:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011.06.09 10:01:15 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2011.01.17 16:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2009.05.01 17:58:06 | 000,514,352 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
MOD - [2009.05.01 17:58:04 | 001,057,512 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
MOD - [2009.05.01 17:58:04 | 000,627,944 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
MOD - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
MOD - [2006.12.11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll
MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.24 22:10:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.08 19:49:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.07 21:52:40 | 000,467,456 | ---- | M] () [Auto | Running] -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV - [2011.02.21 01:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.01.17 15:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010.12.21 08:21:56 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2010.11.22 13:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN)
SRV - [2010.11.17 09:24:00 | 002,005,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.07 21:53:04 | 002,740,328 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2011.11.07 21:53:04 | 000,069,224 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2011.10.01 07:52:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.01 07:52:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 12:09:20 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.03 13:35:44 | 000,063,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.08.25 01:11:52 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.08.11 20:33:26 | 000,127,984 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.04.01 11:06:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.01.22 05:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 05:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.20 10:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.29 01:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.28 01:59:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CE2DD93-197F-4206-92DB-87E0F9AEA84B}
IE:64bit: - HKLM\..\SearchScopes\{2CE2DD93-197F-4206-92DB-87E0F9AEA84B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {178EE1B6-E06E-483D-B00F-45F4245BDAA1}
IE - HKLM\..\SearchScopes\{178EE1B6-E06E-483D-B00F-45F4245BDAA1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {1B4F177B-44ED-46C1-B715-DC0C9FC50A54}
IE - HKCU\..\SearchScopes\{1B4F177B-44ED-46C1-B715-DC0C9FC50A54}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starstable.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C88A1A-2DB3-4A91-9E0E-3D6F8E8B7FE3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.05 11:56:44 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 06:26:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.11.19 06:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.19 06:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.19 06:25:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.19 06:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.19 06:17:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.18 20:53:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.18 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2012.11.15 23:24:22 | 000,000,000 | ---D | C] -- C:\Quarantäne
[2012.11.15 22:39:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 21:15:57 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.19 21:09:53 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.19 21:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 21:09:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.19 06:26:20 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 06:26:20 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 06:26:20 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 06:26:20 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 06:26:20 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 06:26:16 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 06:26:16 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 06:25:59 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.19 06:18:56 | 1066,844,158 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 20:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.18 20:51:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.18 20:50:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.18 19:40:25 | 000,001,457 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.11.16 20:13:44 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.11.14 21:23:29 | 000,415,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.04 19:58:22 | 000,266,766 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.19 06:25:59 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.18 20:51:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.18 20:50:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.18 19:40:25 | 000,001,457 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.11.04 21:41:12 | 000,266,766 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2012.04.17 23:11:26 | 000,013,291 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp
[2012.02.12 01:02:52 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.02.12 01:02:38 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2011.09.05 21:22:35 | 000,007,629 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.06.15 19:41:54 | 000,011,419 | ---- | C] () -- C:\Users\***\AppData\Local\backup041820120010.vtp
[2011.06.09 09:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.06.09 09:53:05 | 000,000,129 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.06.09 09:50:05 | 000,000,130 | ---- | C] () -- C:\Windows\Startup.INI
[2011.06.08 12:36:40 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini
[2011.06.08 12:36:40 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.03 00:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.09.29 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.06.09 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DATEV
[2012.10.10 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.10.11 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.05.18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.04.26 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.02.22 05:42:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2011.06.15 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2012.11.18 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.06.29 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Securepoint SSL VPN
[2012.03.14 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2012.05.20 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4
[2011.07.21 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.01.08 14:18:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.13 23:37:31 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC
[2012.11.16 19:03:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.05.07 20:26:35 | 000,000,000 | ---D | M] -- C:\darkspace
[2011.06.09 09:55:38 | 000,000,000 | ---D | M] -- C:\DATEV
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.07 21:43:35 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.29 00:46:57 | 000,000,000 | ---D | M] -- C:\Matrix Games
[2011.06.09 10:51:54 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.30 21:26:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.19 06:25:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.19 06:25:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.30 01:31:43 | 000,000,000 | ---D | M] -- C:\Programs
[2012.11.15 23:24:22 | 000,000,000 | ---D | M] -- C:\Quarantäne
[2011.06.09 09:24:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.19 21:16:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.26 12:33:54 | 000,000,000 | ---D | M] -- C:\temp
[2011.06.09 09:24:48 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.19 06:19:14 | 000,000,000 | ---D | M] -- C:\Windows
[2012.11.19 06:17:23 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.05 18:13:37 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.05 18:13:38 | 000,001,134 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.08 20:01:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         


Alt 19.11.2012, 23:34   #6
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
[2012.11.13 20:25:15 | 000,077,312 | ---- | C] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
[2012.11.13 20:25:15 | 000,077,312 | ---- | M] (Oxygen Software) -- C:\Users\***\AppData\Roaming\ie_util.exe
:Commands
[purity]
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Alt 19.11.2012, 23:46   #7
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Und weiter gehts, hier kommen die Files..

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\ie_util.exe moved successfully.
File C:\Users\***\AppData\Roaming\ie_util.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 20754 bytes
->Temporary Internet Files folder emptied: 10667748 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 10,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11192012_233812

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
und

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 19/11/2012 um 23:42:56 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : *** - LAPTOP_BERNHARD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [593 octets] - [19/11/2012 23:42:56]

########## EOF - C:\AdwCleaner[R1].txt - [652 octets] ##########
         

Alt 22.11.2012, 18:03   #8
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 22.11.2012, 23:05   #9
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Tja, da hat er noch einiges gefunden:

Aber bitte, wie kommt es, dass mein mehrmals täglich aktualisierter Mcafee das alles nicht gefunden hat? *seufz*

Code:
ATTFilter
C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe	probably a variant of Win32/Spy.Agent.MEJZNIK trojan
E:\Downloads\UnlockRoot_downloader_by_UnlockRoot.exe	a variant of Win32/Somoto.A application
G:\LAPTOP_BERNHARD\Backup Set 2012-10-07 154519\Backup Files 2012-10-07 154519\Backup files 39.zip	Java/Exploit.Agent.NBC trojan
         

Alt 27.11.2012, 01:20   #10
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Hast Du noch Probleme?
Es gibt immer wieder Fälle in denen ein AV nichts findet.

Alt 27.11.2012, 22:39   #11
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Hallo Swiss,

ich kann zur Zeit keine Probleme erkennen. Nachdem ich bei Feststellung der Probleme die folgenden Add-Ons deaktiviert hatte

Add-Ons Java(tm) Plug-In SSV Helper
Add-Ons Java(tm) Plug-In 2 SSV Helper,

wurden auch schon vor deiner Hilfe "scheinbar" keine Seiten mehr umgeleitet.

Ich habe nun diese Add-Ons wieder aktiviert und es gibt offensichtlich keine Probleme.

Wofür sind diese Ad-Ons eigentlich gut? Kann ich die auch problemlos deinstallieren?

Was mache ich denn jetzt mit den nachfolgenden Dateien?

Code:
ATTFilter
C:\_OTL\MovedFiles\11192012_061723\C_Users\***\AppData\Roaming\Qypye\izni.exe	probably a variant of Win32/Spy.Agent.MEJZNIK trojan
E:\Downloads\UnlockRoot_downloader_by_UnlockRoot.exe	a variant of Win32/Somoto.A application
G:\LAPTOP_BERNHARD\Backup Set 2012-10-07 154519\Backup Files 2012-10-07 154519\Backup files 39.zip	Java/Exploit.Agent.NBC trojan
         
Kann ich die einfach löschen?

Ich möchte gern einen anderen Vierenscanner auf einem anderen Rechner testen. Kann ich zu diesem Zweck problemlos die infizierte UnlockRoot_downloader_by_UnlockRoot.exe per eMail an den anderen Rechner senden, um den Scanner zu testen. Solange niemand diese Datei ausführt, sollte dies doch kein Problem/keine Gefahr sein, oder?

Gruß,
Chr.Bernhard

Alt 29.11.2012, 01:50   #12
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Zitat:
G:\LAPTOP_BERNHARD\Backup Set
Hier sicher einmal ein neues Backup machen ganz am Schluss und dann diese löschen.

Zitat:
Ich möchte gern einen anderen Vierenscanner auf einem anderen Rechner testen. Kann ich zu diesem Zweck problemlos die infizierte UnlockRoot_downloader_by_UnlockRoot.exe per eMail an den anderen Rechner senden, um den Scanner zu testen. Solange niemand diese Datei ausführt, sollte dies doch kein Problem/keine Gefahr sein, oder?
Würde ich Dir nicht empfehlen. Also Du meinst auf einen sauberen Computer kopieren und schauen ob der Virenscanner dort anschlägt?

Du kannst Du Datei auch einfach bei Virustotal.de hochladen und schauen welche Scanner die Datei finden:

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    E:\Downloads\UnlockRoot_downloader_by_UnlockRoot.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Alt 30.11.2012, 23:10   #13
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Ich habe zwar den von dir angesprochenen "Current status" nirgends gefunden, aber ich denke mal, es war "finished".

Hier kommt der Link

https://www.virustotal.com/file/ca61ad293a58e1aa2f9a66ad197c5f45eeaf34b2a23eba3d505f92b2db68bcdc/analysis/1354312293/

Faszinierend, dass nur 6 von 46 Scannern etwas finden. Das ist nicht wirklich vertrauenserweckend.

Kannst du mir noch etwas zu diesen Add-Ons sagen?
(Hintergrund siehe mein 1. und mein letzter Beitrag).

Add-Ons Java(tm) Plug-In SSV Helper
Add-Ons Java(tm) Plug-In 2 SSV Helper

Löschen oder nicht?
Aktivieren oder nicht aktivieren?

Ich danke dir!

Noch eine Frage:

Bei einigen Add-Ons ist unter "weitere Informationen" der Button "Entfernen" grau und kann nicht betätigt werden. Woran liegt das?

Zum Bsp:

Name: An OneNote senden
Herausgeber: Nicht verfügbar
Typ: Browsererweiterung
Version: Nicht verfügbar
Dateidatum:
Letzter Zugriff am: ‎Dienstag, ‎13. ‎November ‎2012, ‏‎23:48
Klassenkennung: {2670000A-7350-4F3C-8081-5663EE0C6C49}
Verwendung (Anzahl): 22
Blockierungen (Anzahl): 0
Datei: Nicht verfügbar
Ordner: Nicht verfügbar

oder

Name: Verknüpfte OneNote-Notizen
Herausgeber: Nicht verfügbar
Typ: Browsererweiterung
Version: Nicht verfügbar
Dateidatum:
Letzter Zugriff am: ‎Dienstag, ‎13. ‎November ‎2012, ‏‎23:48
Klassenkennung: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Verwendung (Anzahl): 22
Blockierungen (Anzahl): 0
Datei: Nicht verfügbar
Ordner: Nicht verfügbar

Viele Grüße,
Chr.Bernhard

Alt 01.12.2012, 15:40   #14
Swisstreasure
/// Malwareteam
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Also es ist auch nur Adware und nicht weiter schlimmes. Sondern eher ein ungewolltes Programm welches evtl. Werbung anzeigt aber nicht direkt aufs System zugreift.
Mach einmal ein Screenshot dieser Addons.

Alt 02.12.2012, 19:51   #15
chr.bernhard
 
Infektion mit Gen:Variant.Symmi.4661 - Standard

Infektion mit Gen:Variant.Symmi.4661



Hier kommt ein Screenshot eines beispielhaften Addons, das ich nicht entfernen kann.
Miniaturansicht angehängter Grafiken
Infektion mit Gen:Variant.Symmi.4661-anlage2.jpg   Infektion mit Gen:Variant.Symmi.4661-anlage-1.jpg  

Antwort

Themen zu Infektion mit Gen:Variant.Symmi.4661
akamai, autorun, bestimmte seiten, bho, ebanking, eigenartig, error, excel, firefox, flash player, iexplore.exe, install.exe, installation, logfile, msiexec.exe, nvidia update, oracle america, prozess, registry, rundll, scan, security, senden, server, software, svchost.exe, system, tcp, trojanisches pferd, usb, usb 3.0, windows



Ähnliche Themen: Infektion mit Gen:Variant.Symmi.4661


  1. Fund von Gen:Variant.Symmi.57621 (B)
    Plagegeister aller Art und deren Bekämpfung - 16.11.2015 (9)
  2. Windows XP: Avira erkennt wiederholt TR/Symmi.44590 - Trojaner
    Log-Analyse und Auswertung - 21.08.2014 (21)
  3. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  4. Trojaner TR/Symmi, Virus geblockt
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (9)
  5. Virus:Trojanische Pferd TR/Symmi.37296.33
    Log-Analyse und Auswertung - 13.04.2014 (3)
  6. Trojaner gefunden, wie entfernen? TR/Symmi.10088.29
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (2)
  7. Windows 8.1: Bitdefender Fund "gen.variant.symmi.[NUMMER]" Kann nicht entfernt werden.
    Log-Analyse und Auswertung - 16.02.2014 (2)
  8. Win7: Avira findet TR/Symmi.24442.5
    Log-Analyse und Auswertung - 22.12.2013 (7)
  9. tr/symmi.24101.1 und adware/installbrain.f gefunden
    Log-Analyse und Auswertung - 12.12.2013 (5)
  10. XP: Malwarebytes findet PUP.Optional.InstallIQ.a ; F-Secure: Gen:Variant.Symmi.34833
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (9)
  11. Problem mit TR/Symmi.21593.3
    Log-Analyse und Auswertung - 02.06.2013 (9)
  12. TR/Symmi.5782.4 - was ist das?
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (3)
  13. Trojaner ... Gen:Variant.Symmi.10415 - Online Banking
    Log-Analyse und Auswertung - 02.05.2013 (2)
  14. TR/injector.aop und TR/Symmi.6340.3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (24)
  15. Virus Gen:Variant.Symmi.10389 und Gen:Variant.Graftor.Elzob.23242 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (29)
  16. GVU-Trojaner mit Webcam, Symmi
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (22)
  17. WinXP - Infektion mit Adware.Vundo/Variant-MSFake und Rogue.AdvancedVirusRemover
    Log-Analyse und Auswertung - 27.11.2009 (5)

Zum Thema Infektion mit Gen:Variant.Symmi.4661 - Hallo zusammen, ich bitte euch um Hilfe bei dem nachfolgendem Problem. Ich hoffe ihr könnt mir helfen. Vielen Dank schon mal fürs Lesen!! Mein Zugang zum Onlinebanking wurde von meiner - Infektion mit Gen:Variant.Symmi.4661...
Archiv
Du betrachtest: Infektion mit Gen:Variant.Symmi.4661 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.