| |
| |||||||
Log-Analyse und Auswertung: Backdoor FAJX TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.02.2013, 20:27
| #1 |
 |  Backdoor FAJX Trojaner Hallo, mein PC arbeitet nur noch extrem langsam und stürzt immer wieder ab. MC Afee zeigte den BAckdoor FAJX Trojaner an. Besonders Word reagiert kaum noch. Die vorgegebenen logfiles stehen hier: OTL Extras logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01408145-13F9-40C9-8C4D-B218C0F88AE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BE6E028-DA30-4F22-80AB-89FC7F7C9E49}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{42A9E6EE-3749-4DAF-B6F4-7F7B35E19727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47C5D813-78A5-447F-8607-3F9D2A099DBE}" = rport=10243 | protocol=6 | dir=out | app=system | "{4907B9DF-E965-4275-82A7-F48E867718B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{55128460-BF79-44CF-BE0E-F637FD0EC9B2}" = lport=139 | protocol=6 | dir=in | app=system | "{5AACC7BA-5845-47DD-99F0-4C0C03FA3B34}" = rport=139 | protocol=6 | dir=out | app=system | "{5E15CB8B-8F08-48A6-8AAE-EE8A2436C188}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5EEC25CA-212B-4825-A76D-32584DCEA634}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5F70C152-3683-4436-8ADF-E51708BF835E}" = lport=138 | protocol=17 | dir=in | app=system | "{6438D3D2-8F33-4841-9F32-DA15C7E5118F}" = lport=10243 | protocol=6 | dir=in | app=system | "{71D69538-7265-40E9-99B7-91EC5F779AB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{771F14B4-C6A7-48AD-A896-FAAF0117B252}" = rport=138 | protocol=17 | dir=out | app=system | "{80187183-AC25-4F75-99D3-838EFA864DCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{80D014F3-BFB1-4C94-AEE4-27F416CBF75A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{838D9D05-4037-41A6-88F4-90BD8462F94B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{984EE27F-6DD8-4AD3-B5BC-DD1B4E89DB56}" = rport=137 | protocol=17 | dir=out | app=system | "{9C97D4EC-481E-444A-9CBD-9B023B975B9F}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5A3CD70-6B51-49AD-A994-21443E1314C9}" = lport=137 | protocol=17 | dir=in | app=system | "{ACC7EAFC-3A86-42AE-9D3F-29CC7C4E4625}" = lport=445 | protocol=6 | dir=in | app=system | "{AF698737-B1BE-4014-B075-0D0956FBAF61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3CC34E6-E6DF-4D7F-91A1-C39EAC321FF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5CB643F-45B1-41EE-B37D-BBC07F3D9447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA7104F9-6609-430D-B05C-0969742652EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DFD62FC5-D05D-42A3-8AEE-159E6F417824}" = rport=445 | protocol=6 | dir=out | app=system | "{E9139AB1-E5A8-4C20-B430-BCF523277C56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05806CFB-686B-4ECF-B75B-433BE6104D40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{0859A395-78AF-4821-9925-3E8E4CA91D88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A80C375-9F8D-4B60-B59C-86B2826A26E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DE39EF3-6DC2-4C0C-8B78-AC3ED1BE280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1303EF2C-EED2-4719-8D98-F1F44F428B55}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1FC3EF8E-2C65-4865-86D5-F2F3810A46FE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{21A008FD-EC75-4906-B7C2-AA2BBC2626E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C9498E8-DE9F-4BC1-AD15-02CD855D69DB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{3D013CD0-95D1-45D4-A746-298F6750E4BE}" = protocol=6 | dir=out | app=system | "{3EBF1C55-E682-4D71-9840-BB0FC56DDA52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{49438DD8-6BAA-477D-83D3-78A6553F4D52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4DCAA70E-7EE1-45E0-B30E-35D683A3FB75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5329C726-1755-4042-B998-AB6B9ED249F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{58F59BE4-2DE7-4597-BB44-D96CBD5BCA4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5A4286FD-4422-4027-9110-ABB517785086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5DAB5F91-56C7-4507-B5F5-46EAB83B6E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6CAC461A-791D-426A-AA76-69358A49BEA2}" = dir=out | app=c:\program files (x86)\fujitsu\ais connect\bin\qsamain.exe | "{7B1BBE74-2C33-4C67-BBE3-18724A6B82E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{832A6E03-93B6-4D8F-919C-2C3359EE9614}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8614B864-9881-44A8-96F7-DD7551F5576B}" = dir=in | app=c:\program files (x86)\fujitsu\ais connect\ultravnc\winvnc.exe | "{870931CC-F1E3-446A-B1E3-D9E3615D7E3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8DB5B3F9-288A-4E3C-B5B2-D2E2414B3A03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{92C99304-7AAB-4F9A-9C33-26136E8DB5D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{955A5197-145A-4B37-971C-82AB23525777}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{99B3B365-63B8-425E-A040-66FBDB4D7D99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B70C3BF-A236-4B1A-B57B-76A3A4BEF7D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5CBA2CD-A7DA-4307-8976-AC788A666F55}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AE0197C3-F81F-48A7-BBAE-C2AB5BDDBA74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF76C918-EA4E-4571-9F67-6B0BAD06EA6A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B1C76C81-FDD8-40A4-A00F-FD028600FF1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C088AF7D-E5D6-4A90-9870-5543210A3499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{CD9B1A22-CBE1-451C-8E7F-0278C2D49C1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1211C61-D611-4C0B-83DC-F38FA457919B}" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{D4A4D09F-B5A5-4EEE-BC41-6CBA0D45806D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D84B5AB5-C805-4602-A9C5-C3F351B6BD7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1726AD1-C0E3-40B0-8E46-8E5D62D22D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E20CFEFA-542B-4E92-8E5A-A601E0396E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E44CEBC9-4330-405C-A06D-3D2E1AB22768}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E87F2DAA-5384-45A6-B9AC-181E1F794054}" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{EBECF4EB-A12E-4E33-9257-5A39BE627788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1786ECB-C739-46E5-8946-BE657B30A025}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{4EFBD8EF-3A07-488D-A019-95B840D72BA6}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{3E5C4435-6E23-4FED-A18E-D368D3CECDB2}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists "{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0 "{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON-Drucker-Software "GIMP-2_is1" = GIMP 2.8.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{42BECD47-97E0-4A2A-B71E-769A6E8CE49F}" = Rund um (2.0) ... Seydlitz Erdkunde 3 RP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{684C156A-CB4E-4183-AE0F-39113A042B3C}" = Rund um (2.0) ... Seydlitz Erdkunde 1 RP "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71309017-BB93-4594-87B1-0228D59E779C}" = Rund um (2.0) ... Seydlitz Erdkunde 2 RP "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect "{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIS Connect" = AIS Connect "Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Der Geographie-Pool 2009-2010" = Der Geographie-Pool 2009-2010 "Der Geographie-Pool 2010-2011" = Der Geographie-Pool 2010-2011 "Der Geographie-Pool 2011-2012" = Der Geographie-Pool 2011-2012 "DeskUpdate_is1" = DeskUpdate 4.11 "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular-Update "FileZilla Client" = FileZilla Client 3.5.1 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Virtual Technician" = McAfee Virtual Technician "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "MSC" = McAfee Total Protection "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "Speed Dial Utility" = Canon Kurzwahlprogramm "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 3058 Description = Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 7010 Description = Error - 1/29/2013 4:29:01 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 1/29/2013 4:49:09 PM | Computer Name = Silja-PC | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 14.0.6129.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a90 Startzeit: 01cdfe5f423be477 Endzeit: 1919 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Berichts-ID: 46617653-6a55-11e2-9401-4cedde899ee1 Error - 1/30/2013 9:10:27 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 9:40:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:00:54 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:29:30 PM | Computer Name = Silja-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: CSRBthFtpShellExt.dll, Version: 5.0.14.0, Zeitstempel: 0x4b2f522b Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000006633e ID des fehlerhaften Prozesses: 0x244 Startzeit der fehlerhaften Anwendung: 0x01ce00a6405783c3 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpShellExt.dll Berichtskennung: 50b33900-6c9d-11e2-91a6-4cedde899ee1 Error - 2/2/2013 3:18:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/2/2013 11:54:51 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/29/2013 4:28:38 PM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/29/2013 4:32:57 PM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 1/30/2013 9:13:49 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:50 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:53 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:54 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:55 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:56 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 2/2/2013 4:02:43 AM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 2/2/2013 11:54:25 AM | Computer Name = Silja-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Silja-PC\Silja-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. < End of report > OTL logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/01/19 13:58:37 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/01/19 13:58:28 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 11:07:08 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/10 11:07:07 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe MOD - [2013/01/10 09:32:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/10 09:32:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 09:32:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 09:32:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 09:32:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 09:32:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/01/19 13:58:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 18:02:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE:64bit: - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG IE - HKCU\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKCU\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE443 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de/ig" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/16 16:59:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/07 14:05:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/04 21:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/24 18:13:36 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\2020Player_IKEA@2020Technologies.com [2011/08/27 09:32:16 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\firefox\profiles\0kmecpcp.default\extensions\youtube2mp3@mondayx.de.xpi [2013/01/19 13:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/16 16:59:53 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013/01/19 13:58:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/26 21:34:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/01 20:06:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/26 21:34:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/26 21:34:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/21 08:27:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/07/26 21:34:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/26 21:34:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64A77631-F53B-4C0A-B1EA-9B7F7FB51112}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell - "" = AutoRun O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/02 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 17:08:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/02 17:03:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/02 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/02/02 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\Malwarebytes [2013/02/02 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 16:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 16:57:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/02 16:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\Programs [2013/02/02 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A5BE5C60-F597-4973-B52C-00A0933C9293} [2013/02/01 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2200EEEF-2183-49A8-99FC-285104A9D22A} [2013/01/30 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{8C09482A-6D84-4888-A4DF-8788A1AAA01D} [2013/01/29 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{87635D22-F573-484E-A9D4-F671105B208D} [2013/01/28 17:51:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{980C562A-6892-4534-9BFA-B8389A63CAA8} [2013/01/27 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E18F106A-57AA-4A40-84B7-01A00F3B420F} [2013/01/26 18:47:36 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A65834CD-A4D3-4336-921E-6BFD508EB01B} [2013/01/26 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\vlc [2013/01/26 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/01/26 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/01/24 22:41:51 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{451403DE-7969-4F25-BAF4-AB583264692D} [2013/01/23 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{25BD6F06-E507-4800-9917-6F1523950092} [2013/01/22 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{216BABC5-5C3D-4D70-9D9B-E1722409C5BC} [2013/01/22 06:16:42 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{B23043C8-269B-4974-AF1F-81BD9A42E8AF} [2013/01/21 16:14:19 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F3394AE6-C01F-4170-AD6A-3CA8394892D2} [2013/01/20 09:07:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{538DB1CA-DB8B-4AF7-A517-0FC4C6207910} [2013/01/19 13:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/19 12:45:25 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{19FECCF4-FDFC-4215-A70D-697C22C551BE} [2013/01/18 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{92182C80-0AEB-43D4-AD40-7565AA9864C9} [2013/01/17 20:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/17 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{03BB4C46-B0DA-430D-874F-0F3A5E03D03B} [2013/01/16 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{04791108-DD0C-4B18-9F6B-4B80458A3BE7} [2013/01/15 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{3B174036-544D-4B9D-8F9E-2AD3F1515F11} [2013/01/15 06:57:06 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A7B9C386-B30C-4AA9-93F2-04BAA09D5BBB} [2013/01/14 17:52:35 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{48AC2A84-AC5B-43B1-87C5-8EBB55ED76BE} [2013/01/13 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{4E33A9AF-6858-4B5A-A4F8-C248853110DE} [2013/01/13 09:00:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{53EC7630-26AE-42CC-B872-D615C37591C7} [2013/01/12 10:37:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F2B23D77-6EEB-4374-B723-5FAE4E6E6B59} [2013/01/11 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{1A500B04-7391-40BE-BA0F-C4C3D94CD36F} [2013/01/11 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E81B5409-0D5B-4A05-960B-432CA51DD3AF} [2013/01/10 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2BE3B405-7C61-43AF-8958-BD9091617BF0} [2013/01/09 10:39:44 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{BD821DD2-CDB8-4514-82C5-B8D9ED065262} [2013/01/08 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{26F34ED9-4509-4A01-82B6-FB89A481EBF2} [2013/01/07 14:09:22 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{05E466CF-D5F0-4E7F-822B-1E3537B0BD3C} [2013/01/06 14:23:44 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013/01/06 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{0F631E05-3F7D-4A56-9AD5-8DB77EE8801A} ========== Files - Modified Within 30 Days ========== [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 19:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/02 19:01:50 | 000,000,000 | ---- | M] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:31 | 000,050,477 | ---- | M] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 16:57:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/02 16:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/02 16:52:59 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/02/01 19:30:23 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/01 19:30:23 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/01 19:30:23 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/01 19:30:23 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/01 19:30:23 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/01 14:41:56 | 000,001,025 | ---- | M] () -- C:\Users\Silja\Desktop\Dropbox.lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | M] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/20 09:02:25 | 000,418,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/13 18:36:18 | 000,299,647 | ---- | M] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:46 | 000,472,837 | ---- | M] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/09 21:51:08 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/02/02 19:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:30 | 000,050,477 | ---- | C] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 16:57:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | C] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/13 18:36:31 | 000,299,647 | ---- | C] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:45 | 000,472,837 | ---- | C] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/06 14:24:42 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2013/01/06 14:24:42 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2012/08/06 13:35:58 | 000,159,830 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2011-2012 Uninstaller.exe [2012/08/06 13:30:11 | 000,159,318 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2009-2010 Uninstaller.exe [2012/08/06 13:21:35 | 000,159,440 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2010-2011 Uninstaller.exe [2011/11/14 10:37:48 | 000,000,077 | ---- | C] () -- C:\Windows\GEOPOOL11.ini [2011/10/30 19:08:27 | 000,000,077 | ---- | C] () -- C:\Users\Silja\.gtk-bookmarks [2011/08/07 18:03:58 | 000,092,240 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/08/07 18:03:58 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/08/07 18:03:58 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/08/07 18:03:58 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/08/07 18:03:58 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/08/07 18:03:58 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/08/07 18:03:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/08/07 18:03:58 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/08/07 18:03:58 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/08/07 18:03:58 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011/08/07 18:03:58 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011/08/07 18:03:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/08/07 18:03:58 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/08/07 18:00:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini [2011/07/01 11:11:48 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/07/01 11:11:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/07/01 11:11:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/07/01 11:11:48 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/07/01 11:11:47 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/15 06:37:26 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/01/25 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\46developments [2011/08/07 09:31:25 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AIS Connect [2012/06/26 08:41:28 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AnvSoft [2011/08/20 09:26:19 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canneverbe Limited [2012/03/13 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canon [2013/02/02 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Dropbox [2012/10/08 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\DVDVideoSoft [2012/02/23 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\elsterformular [2012/06/03 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\FileZilla [2011/08/04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Fujitsu [2012/04/21 07:36:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\gtk-2.0 [2012/05/19 07:58:13 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\IrfanView [2012/12/09 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\JAM Software [2012/10/08 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Publish Providers [2011/11/27 11:13:11 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Smart PDF Converter Pro [2013/02/02 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\SoftGrid Client [2012/10/08 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Sony [2011/08/06 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\TP [2011/08/06 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-02 19:35:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Silja\AppData\Local\Temp\uwtoypow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ? C:\Windows\system32\mssprxy.dll [2724] entry point in ".rdata" section 00000000703f71e6 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077926f80 5 bytes JMP 00000001714dbcb0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077927070 5 bytes JMP 00000001714dbb90 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde899ee1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde899ee1 (not active ControlSet) ---- EOF - GMER 2.0 ---- Vielen Dank für eure Hilfe |
| Themen zu Backdoor FAJX Trojaner |
| backdoor, bho, bonjour, canon, converter, error, excel, flash player, gruppe, helper, home, install.exe, langsam, microsoft office starter 2010, mozilla, mp3, msvcrt, picasa, plug-in, realtek, registry, richtlinie, rundll, saving, scan, security, server, siteadvisor, software, svchost.exe, trojaner, usb, windows |
Baum-Darstellung