| |
| |||||||
Log-Analyse und Auswertung: Backdoor FAJX TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.02.2013, 20:27
| #1 |
 |  Backdoor FAJX Trojaner Hallo, mein PC arbeitet nur noch extrem langsam und stürzt immer wieder ab. MC Afee zeigte den BAckdoor FAJX Trojaner an. Besonders Word reagiert kaum noch. Die vorgegebenen logfiles stehen hier: OTL Extras logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01408145-13F9-40C9-8C4D-B218C0F88AE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BE6E028-DA30-4F22-80AB-89FC7F7C9E49}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{42A9E6EE-3749-4DAF-B6F4-7F7B35E19727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47C5D813-78A5-447F-8607-3F9D2A099DBE}" = rport=10243 | protocol=6 | dir=out | app=system | "{4907B9DF-E965-4275-82A7-F48E867718B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{55128460-BF79-44CF-BE0E-F637FD0EC9B2}" = lport=139 | protocol=6 | dir=in | app=system | "{5AACC7BA-5845-47DD-99F0-4C0C03FA3B34}" = rport=139 | protocol=6 | dir=out | app=system | "{5E15CB8B-8F08-48A6-8AAE-EE8A2436C188}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5EEC25CA-212B-4825-A76D-32584DCEA634}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5F70C152-3683-4436-8ADF-E51708BF835E}" = lport=138 | protocol=17 | dir=in | app=system | "{6438D3D2-8F33-4841-9F32-DA15C7E5118F}" = lport=10243 | protocol=6 | dir=in | app=system | "{71D69538-7265-40E9-99B7-91EC5F779AB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{771F14B4-C6A7-48AD-A896-FAAF0117B252}" = rport=138 | protocol=17 | dir=out | app=system | "{80187183-AC25-4F75-99D3-838EFA864DCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{80D014F3-BFB1-4C94-AEE4-27F416CBF75A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{838D9D05-4037-41A6-88F4-90BD8462F94B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{984EE27F-6DD8-4AD3-B5BC-DD1B4E89DB56}" = rport=137 | protocol=17 | dir=out | app=system | "{9C97D4EC-481E-444A-9CBD-9B023B975B9F}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5A3CD70-6B51-49AD-A994-21443E1314C9}" = lport=137 | protocol=17 | dir=in | app=system | "{ACC7EAFC-3A86-42AE-9D3F-29CC7C4E4625}" = lport=445 | protocol=6 | dir=in | app=system | "{AF698737-B1BE-4014-B075-0D0956FBAF61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3CC34E6-E6DF-4D7F-91A1-C39EAC321FF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5CB643F-45B1-41EE-B37D-BBC07F3D9447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA7104F9-6609-430D-B05C-0969742652EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DFD62FC5-D05D-42A3-8AEE-159E6F417824}" = rport=445 | protocol=6 | dir=out | app=system | "{E9139AB1-E5A8-4C20-B430-BCF523277C56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05806CFB-686B-4ECF-B75B-433BE6104D40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{0859A395-78AF-4821-9925-3E8E4CA91D88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A80C375-9F8D-4B60-B59C-86B2826A26E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DE39EF3-6DC2-4C0C-8B78-AC3ED1BE280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1303EF2C-EED2-4719-8D98-F1F44F428B55}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1FC3EF8E-2C65-4865-86D5-F2F3810A46FE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{21A008FD-EC75-4906-B7C2-AA2BBC2626E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C9498E8-DE9F-4BC1-AD15-02CD855D69DB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{3D013CD0-95D1-45D4-A746-298F6750E4BE}" = protocol=6 | dir=out | app=system | "{3EBF1C55-E682-4D71-9840-BB0FC56DDA52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{49438DD8-6BAA-477D-83D3-78A6553F4D52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4DCAA70E-7EE1-45E0-B30E-35D683A3FB75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5329C726-1755-4042-B998-AB6B9ED249F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{58F59BE4-2DE7-4597-BB44-D96CBD5BCA4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5A4286FD-4422-4027-9110-ABB517785086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5DAB5F91-56C7-4507-B5F5-46EAB83B6E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6CAC461A-791D-426A-AA76-69358A49BEA2}" = dir=out | app=c:\program files (x86)\fujitsu\ais connect\bin\qsamain.exe | "{7B1BBE74-2C33-4C67-BBE3-18724A6B82E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{832A6E03-93B6-4D8F-919C-2C3359EE9614}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8614B864-9881-44A8-96F7-DD7551F5576B}" = dir=in | app=c:\program files (x86)\fujitsu\ais connect\ultravnc\winvnc.exe | "{870931CC-F1E3-446A-B1E3-D9E3615D7E3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8DB5B3F9-288A-4E3C-B5B2-D2E2414B3A03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{92C99304-7AAB-4F9A-9C33-26136E8DB5D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{955A5197-145A-4B37-971C-82AB23525777}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{99B3B365-63B8-425E-A040-66FBDB4D7D99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B70C3BF-A236-4B1A-B57B-76A3A4BEF7D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5CBA2CD-A7DA-4307-8976-AC788A666F55}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AE0197C3-F81F-48A7-BBAE-C2AB5BDDBA74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF76C918-EA4E-4571-9F67-6B0BAD06EA6A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B1C76C81-FDD8-40A4-A00F-FD028600FF1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C088AF7D-E5D6-4A90-9870-5543210A3499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{CD9B1A22-CBE1-451C-8E7F-0278C2D49C1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1211C61-D611-4C0B-83DC-F38FA457919B}" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{D4A4D09F-B5A5-4EEE-BC41-6CBA0D45806D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D84B5AB5-C805-4602-A9C5-C3F351B6BD7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1726AD1-C0E3-40B0-8E46-8E5D62D22D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E20CFEFA-542B-4E92-8E5A-A601E0396E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E44CEBC9-4330-405C-A06D-3D2E1AB22768}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E87F2DAA-5384-45A6-B9AC-181E1F794054}" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{EBECF4EB-A12E-4E33-9257-5A39BE627788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1786ECB-C739-46E5-8946-BE657B30A025}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{4EFBD8EF-3A07-488D-A019-95B840D72BA6}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{3E5C4435-6E23-4FED-A18E-D368D3CECDB2}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists "{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0 "{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON-Drucker-Software "GIMP-2_is1" = GIMP 2.8.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{42BECD47-97E0-4A2A-B71E-769A6E8CE49F}" = Rund um (2.0) ... Seydlitz Erdkunde 3 RP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{684C156A-CB4E-4183-AE0F-39113A042B3C}" = Rund um (2.0) ... Seydlitz Erdkunde 1 RP "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71309017-BB93-4594-87B1-0228D59E779C}" = Rund um (2.0) ... Seydlitz Erdkunde 2 RP "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect "{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIS Connect" = AIS Connect "Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Der Geographie-Pool 2009-2010" = Der Geographie-Pool 2009-2010 "Der Geographie-Pool 2010-2011" = Der Geographie-Pool 2010-2011 "Der Geographie-Pool 2011-2012" = Der Geographie-Pool 2011-2012 "DeskUpdate_is1" = DeskUpdate 4.11 "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular-Update "FileZilla Client" = FileZilla Client 3.5.1 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Virtual Technician" = McAfee Virtual Technician "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "MSC" = McAfee Total Protection "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "Speed Dial Utility" = Canon Kurzwahlprogramm "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 3058 Description = Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 7010 Description = Error - 1/29/2013 4:29:01 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 1/29/2013 4:49:09 PM | Computer Name = Silja-PC | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 14.0.6129.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a90 Startzeit: 01cdfe5f423be477 Endzeit: 1919 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Berichts-ID: 46617653-6a55-11e2-9401-4cedde899ee1 Error - 1/30/2013 9:10:27 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 9:40:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:00:54 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:29:30 PM | Computer Name = Silja-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: CSRBthFtpShellExt.dll, Version: 5.0.14.0, Zeitstempel: 0x4b2f522b Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000006633e ID des fehlerhaften Prozesses: 0x244 Startzeit der fehlerhaften Anwendung: 0x01ce00a6405783c3 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpShellExt.dll Berichtskennung: 50b33900-6c9d-11e2-91a6-4cedde899ee1 Error - 2/2/2013 3:18:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/2/2013 11:54:51 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/29/2013 4:28:38 PM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/29/2013 4:32:57 PM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 1/30/2013 9:13:49 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:50 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:53 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:54 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:55 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:56 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 2/2/2013 4:02:43 AM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 2/2/2013 11:54:25 AM | Computer Name = Silja-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Silja-PC\Silja-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. < End of report > OTL logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/01/19 13:58:37 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/01/19 13:58:28 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 11:07:08 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/10 11:07:07 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe MOD - [2013/01/10 09:32:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/10 09:32:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 09:32:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 09:32:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 09:32:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 09:32:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/01/19 13:58:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 18:02:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE:64bit: - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG IE - HKCU\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKCU\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE443 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de/ig" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/16 16:59:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/07 14:05:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/04 21:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/24 18:13:36 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\2020Player_IKEA@2020Technologies.com [2011/08/27 09:32:16 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\firefox\profiles\0kmecpcp.default\extensions\youtube2mp3@mondayx.de.xpi [2013/01/19 13:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/16 16:59:53 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013/01/19 13:58:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/26 21:34:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/01 20:06:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/26 21:34:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/26 21:34:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/21 08:27:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/07/26 21:34:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/26 21:34:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64A77631-F53B-4C0A-B1EA-9B7F7FB51112}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell - "" = AutoRun O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/02 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 17:08:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/02 17:03:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/02 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/02/02 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\Malwarebytes [2013/02/02 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 16:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 16:57:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/02 16:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\Programs [2013/02/02 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A5BE5C60-F597-4973-B52C-00A0933C9293} [2013/02/01 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2200EEEF-2183-49A8-99FC-285104A9D22A} [2013/01/30 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{8C09482A-6D84-4888-A4DF-8788A1AAA01D} [2013/01/29 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{87635D22-F573-484E-A9D4-F671105B208D} [2013/01/28 17:51:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{980C562A-6892-4534-9BFA-B8389A63CAA8} [2013/01/27 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E18F106A-57AA-4A40-84B7-01A00F3B420F} [2013/01/26 18:47:36 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A65834CD-A4D3-4336-921E-6BFD508EB01B} [2013/01/26 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\vlc [2013/01/26 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/01/26 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/01/24 22:41:51 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{451403DE-7969-4F25-BAF4-AB583264692D} [2013/01/23 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{25BD6F06-E507-4800-9917-6F1523950092} [2013/01/22 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{216BABC5-5C3D-4D70-9D9B-E1722409C5BC} [2013/01/22 06:16:42 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{B23043C8-269B-4974-AF1F-81BD9A42E8AF} [2013/01/21 16:14:19 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F3394AE6-C01F-4170-AD6A-3CA8394892D2} [2013/01/20 09:07:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{538DB1CA-DB8B-4AF7-A517-0FC4C6207910} [2013/01/19 13:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/19 12:45:25 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{19FECCF4-FDFC-4215-A70D-697C22C551BE} [2013/01/18 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{92182C80-0AEB-43D4-AD40-7565AA9864C9} [2013/01/17 20:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/17 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{03BB4C46-B0DA-430D-874F-0F3A5E03D03B} [2013/01/16 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{04791108-DD0C-4B18-9F6B-4B80458A3BE7} [2013/01/15 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{3B174036-544D-4B9D-8F9E-2AD3F1515F11} [2013/01/15 06:57:06 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A7B9C386-B30C-4AA9-93F2-04BAA09D5BBB} [2013/01/14 17:52:35 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{48AC2A84-AC5B-43B1-87C5-8EBB55ED76BE} [2013/01/13 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{4E33A9AF-6858-4B5A-A4F8-C248853110DE} [2013/01/13 09:00:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{53EC7630-26AE-42CC-B872-D615C37591C7} [2013/01/12 10:37:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F2B23D77-6EEB-4374-B723-5FAE4E6E6B59} [2013/01/11 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{1A500B04-7391-40BE-BA0F-C4C3D94CD36F} [2013/01/11 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E81B5409-0D5B-4A05-960B-432CA51DD3AF} [2013/01/10 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2BE3B405-7C61-43AF-8958-BD9091617BF0} [2013/01/09 10:39:44 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{BD821DD2-CDB8-4514-82C5-B8D9ED065262} [2013/01/08 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{26F34ED9-4509-4A01-82B6-FB89A481EBF2} [2013/01/07 14:09:22 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{05E466CF-D5F0-4E7F-822B-1E3537B0BD3C} [2013/01/06 14:23:44 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013/01/06 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{0F631E05-3F7D-4A56-9AD5-8DB77EE8801A} ========== Files - Modified Within 30 Days ========== [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 19:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/02 19:01:50 | 000,000,000 | ---- | M] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:31 | 000,050,477 | ---- | M] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 16:57:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/02 16:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/02 16:52:59 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/02/01 19:30:23 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/01 19:30:23 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/01 19:30:23 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/01 19:30:23 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/01 19:30:23 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/01 14:41:56 | 000,001,025 | ---- | M] () -- C:\Users\Silja\Desktop\Dropbox.lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | M] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/20 09:02:25 | 000,418,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/13 18:36:18 | 000,299,647 | ---- | M] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:46 | 000,472,837 | ---- | M] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/09 21:51:08 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/02/02 19:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:30 | 000,050,477 | ---- | C] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 16:57:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | C] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/13 18:36:31 | 000,299,647 | ---- | C] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:45 | 000,472,837 | ---- | C] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/06 14:24:42 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2013/01/06 14:24:42 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2012/08/06 13:35:58 | 000,159,830 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2011-2012 Uninstaller.exe [2012/08/06 13:30:11 | 000,159,318 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2009-2010 Uninstaller.exe [2012/08/06 13:21:35 | 000,159,440 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2010-2011 Uninstaller.exe [2011/11/14 10:37:48 | 000,000,077 | ---- | C] () -- C:\Windows\GEOPOOL11.ini [2011/10/30 19:08:27 | 000,000,077 | ---- | C] () -- C:\Users\Silja\.gtk-bookmarks [2011/08/07 18:03:58 | 000,092,240 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/08/07 18:03:58 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/08/07 18:03:58 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/08/07 18:03:58 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/08/07 18:03:58 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/08/07 18:03:58 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/08/07 18:03:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/08/07 18:03:58 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/08/07 18:03:58 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/08/07 18:03:58 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011/08/07 18:03:58 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011/08/07 18:03:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/08/07 18:03:58 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/08/07 18:00:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini [2011/07/01 11:11:48 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/07/01 11:11:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/07/01 11:11:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/07/01 11:11:48 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/07/01 11:11:47 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/15 06:37:26 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/01/25 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\46developments [2011/08/07 09:31:25 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AIS Connect [2012/06/26 08:41:28 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AnvSoft [2011/08/20 09:26:19 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canneverbe Limited [2012/03/13 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canon [2013/02/02 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Dropbox [2012/10/08 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\DVDVideoSoft [2012/02/23 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\elsterformular [2012/06/03 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\FileZilla [2011/08/04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Fujitsu [2012/04/21 07:36:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\gtk-2.0 [2012/05/19 07:58:13 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\IrfanView [2012/12/09 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\JAM Software [2012/10/08 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Publish Providers [2011/11/27 11:13:11 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Smart PDF Converter Pro [2013/02/02 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\SoftGrid Client [2012/10/08 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Sony [2011/08/06 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\TP [2011/08/06 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-02 19:35:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Silja\AppData\Local\Temp\uwtoypow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ? C:\Windows\system32\mssprxy.dll [2724] entry point in ".rdata" section 00000000703f71e6 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077926f80 5 bytes JMP 00000001714dbcb0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077927070 5 bytes JMP 00000001714dbb90 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde899ee1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde899ee1 (not active ControlSet) ---- EOF - GMER 2.0 ---- Vielen Dank für eure Hilfe |
|
03.02.2013, 18:15
| #2 |
| /// Malware-holic   | Backdoor FAJX Trojaner hi
__________________poste die Mcafee Meldung(en) danke. öffne Malwarebytes, Logdateien, poste Berichte mit Funden
__________________ |
|
03.02.2013, 19:45
| #3 |
| | Backdoor FAJX Trojaner Malwarebytes zeigt in der Logdatei keine Funde an.
__________________Der McAfeefund ist im Anhang. Danke sehr. Geändert von Gregor259 (03.02.2013 um 20:00 Uhr) |
|
04.02.2013, 12:47
| #4 |
| /// Malware-holic | Backdoor FAJX Trojaner mcafee fund als text posten bitte, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 14:57
| #5 |
| | Backdoor FAJX Trojaner Wie bekomme ich das als Text bzw. logfile ? Der Sicherheitsverlauf von Mc Afee Total Protection öffnet sich unter McAfee nur als Fenster aus dem ich nichts kopieren kann? |
|
04.02.2013, 16:38
| #6 |
| /// Malware-holic | Backdoor FAJX Trojaner Dann abtippen, nutze das Programm nicht.
__________________ --> Backdoor FAJX Trojaner |
|
04.02.2013, 16:48
| #7 |
| | Backdoor FAJX Trojaner Name der Bedrohung: BackDoor-FAJX (Trojaner) Datei: C:\Users\Silja\AppData\Local\Microsoft Live Mail\Gmx(silja.578\Deleted Items\7CD5646A-00001BB6.eml 29.1.2013, 21:07:33 Bitte. Danke |
|
04.02.2013, 18:11
| #8 |
| /// Malware-holic | Backdoor FAJX Trojaner hi lösche im Windows live mail alle unnötigen mails, leere den Papierkorb. Wenn du Spams bekommst, hätte ich, wenn es nicht zu viel Mühe macht, diese immer gern zur analyse, wie das geht, steht in meiner Signatur. hätte trotzdem gern das letzte Malwarebytes log gesehen, danke
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 18:18
| #9 |
| | Backdoor FAJX TrojanerCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Silja :: SILJA-PC [Administrator] 03.02.2013 19:49:45 mbam-log-2013-02-03 (19-49-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237309 Laufzeit: 7 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) Was ist jetzt eigentlich mit dem defogger muss ich da noch was re-enable mäßig machen ? |
|
04.02.2013, 19:43
| #10 |
| /// Malware-holic | Backdoor FAJX Trojaner noch nicht. hast du unnötige Mails gelöscht und den Papierkorb geleert? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 19:54
| #11 |
| | Backdoor FAJX Trojaner ja habe gelöscht und geleert. Code:
ATTFilter 19:49:34.0416 4952 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:49:34.0916 4952 ============================================================
19:49:34.0916 4952 Current date / time: 2013/02/04 19:49:34.0916
19:49:34.0916 4952 SystemInfo:
19:49:34.0916 4952
19:49:34.0916 4952 OS Version: 6.1.7601 ServicePack: 1.0
19:49:34.0916 4952 Product type: Workstation
19:49:34.0916 4952 ComputerName: SILJA-PC
19:49:34.0916 4952 UserName: Silja
19:49:34.0916 4952 Windows directory: C:\Windows
19:49:34.0916 4952 System windows directory: C:\Windows
19:49:34.0916 4952 Running under WOW64
19:49:34.0916 4952 Processor architecture: Intel x64
19:49:34.0916 4952 Number of processors: 4
19:49:34.0916 4952 Page size: 0x1000
19:49:34.0916 4952 Boot type: Normal boot
19:49:34.0916 4952 ============================================================
19:49:36.0444 4952 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:36.0476 4952 ============================================================
19:49:36.0476 4952 \Device\Harddisk0\DR0:
19:49:36.0476 4952 MBR partitions:
19:49:36.0476 4952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401000, BlocksNum 0x6400800
19:49:36.0476 4952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6801800, BlocksNum 0x1EC2C800
19:49:36.0476 4952 ============================================================
19:49:36.0507 4952 C: <-> \Device\Harddisk0\DR0\Partition1
19:49:36.0632 4952 D: <-> \Device\Harddisk0\DR0\Partition2
19:49:36.0632 4952 ============================================================
19:49:36.0632 4952 Initialize success
19:49:36.0632 4952 ============================================================
19:50:14.0638 3132 ============================================================
19:50:14.0638 3132 Scan started
19:50:14.0638 3132 Mode: Manual; SigCheck; TDLFS;
19:50:14.0638 3132 ============================================================
19:50:14.0825 3132 ================ Scan system memory ========================
19:50:14.0825 3132 System memory - ok
19:50:14.0825 3132 ================ Scan services =============================
19:50:14.0996 3132 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:50:15.0277 3132 1394ohci - ok
19:50:15.0324 3132 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:50:15.0386 3132 ACPI - ok
19:50:15.0418 3132 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:50:15.0558 3132 AcpiPmi - ok
19:50:15.0683 3132 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:50:15.0761 3132 AdobeARMservice - ok
19:50:15.0901 3132 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:50:15.0979 3132 AdobeFlashPlayerUpdateSvc - ok
19:50:16.0042 3132 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:50:16.0166 3132 adp94xx - ok
19:50:16.0198 3132 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:50:16.0276 3132 adpahci - ok
19:50:16.0291 3132 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:50:16.0369 3132 adpu320 - ok
19:50:16.0385 3132 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:50:16.0525 3132 AeLookupSvc - ok
19:50:16.0556 3132 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:50:16.0697 3132 AFD - ok
19:50:16.0728 3132 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:50:16.0806 3132 agp440 - ok
19:50:16.0868 3132 [ 7D73C704ECF4AD7919111DEC2B18471F ] AISConnect C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
19:50:16.0915 3132 AISConnect ( UnsignedFile.Multi.Generic ) - warning
19:50:16.0915 3132 AISConnect - detected UnsignedFile.Multi.Generic (1)
19:50:16.0946 3132 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:50:17.0071 3132 ALG - ok
19:50:17.0134 3132 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:50:17.0227 3132 aliide - ok
19:50:17.0258 3132 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:50:17.0321 3132 amdide - ok
19:50:17.0368 3132 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:50:17.0446 3132 AmdK8 - ok
19:50:17.0461 3132 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:50:17.0570 3132 AmdPPM - ok
19:50:17.0617 3132 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:50:17.0680 3132 amdsata - ok
19:50:17.0726 3132 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:50:17.0804 3132 amdsbs - ok
19:50:17.0820 3132 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:50:17.0882 3132 amdxata - ok
19:50:17.0929 3132 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:50:18.0070 3132 AppID - ok
19:50:18.0101 3132 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:50:18.0194 3132 AppIDSvc - ok
19:50:18.0210 3132 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:50:18.0319 3132 Appinfo - ok
19:50:18.0428 3132 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:50:18.0522 3132 Apple Mobile Device - ok
19:50:18.0538 3132 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:50:18.0631 3132 AppMgmt - ok
19:50:18.0678 3132 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:50:18.0787 3132 arc - ok
19:50:18.0803 3132 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:50:18.0865 3132 arcsas - ok
19:50:18.0974 3132 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:50:19.0068 3132 aspnet_state - ok
19:50:19.0115 3132 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:19.0208 3132 AsyncMac - ok
19:50:19.0255 3132 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:50:19.0318 3132 atapi - ok
19:50:19.0364 3132 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:50:19.0520 3132 athr - ok
19:50:19.0567 3132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:50:19.0708 3132 AudioEndpointBuilder - ok
19:50:19.0739 3132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:50:19.0848 3132 AudioSrv - ok
19:50:19.0879 3132 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:50:20.0004 3132 AxInstSV - ok
19:50:20.0051 3132 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:50:20.0191 3132 b06bdrv - ok
19:50:20.0238 3132 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:50:20.0364 3132 b57nd60a - ok
19:50:20.0395 3132 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:50:20.0473 3132 BDESVC - ok
19:50:20.0489 3132 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:50:20.0598 3132 Beep - ok
19:50:20.0629 3132 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:50:20.0785 3132 BFE - ok
19:50:20.0832 3132 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:50:21.0019 3132 BITS - ok
19:50:21.0050 3132 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:50:21.0144 3132 blbdrive - ok
19:50:21.0206 3132 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:50:21.0301 3132 Bonjour Service - ok
19:50:21.0332 3132 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:50:21.0472 3132 bowser - ok
19:50:21.0519 3132 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:50:21.0597 3132 BrFiltLo - ok
19:50:21.0613 3132 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:50:21.0691 3132 BrFiltUp - ok
19:50:21.0722 3132 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:50:21.0847 3132 Browser - ok
19:50:21.0862 3132 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:50:21.0972 3132 Brserid - ok
19:50:21.0987 3132 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:50:22.0081 3132 BrSerWdm - ok
19:50:22.0081 3132 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:50:22.0174 3132 BrUsbMdm - ok
19:50:22.0174 3132 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:50:22.0252 3132 BrUsbSer - ok
19:50:22.0316 3132 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:50:22.0409 3132 BthEnum - ok
19:50:22.0441 3132 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:50:22.0519 3132 BTHMODEM - ok
19:50:22.0565 3132 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:50:22.0643 3132 BthPan - ok
19:50:22.0706 3132 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:50:22.0846 3132 BTHPORT - ok
19:50:22.0877 3132 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:50:22.0971 3132 bthserv - ok
19:50:23.0018 3132 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:50:23.0127 3132 BTHUSB - ok
19:50:23.0158 3132 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:50:23.0252 3132 cdfs - ok
19:50:23.0299 3132 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:50:23.0392 3132 cdrom - ok
19:50:23.0439 3132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:50:23.0579 3132 CertPropSvc - ok
19:50:23.0642 3132 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
19:50:23.0751 3132 cfwids - ok
19:50:23.0782 3132 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:50:23.0876 3132 circlass - ok
19:50:23.0891 3132 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:50:23.0985 3132 CLFS - ok
19:50:24.0016 3132 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:50:24.0110 3132 clr_optimization_v2.0.50727_32 - ok
19:50:24.0141 3132 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:50:24.0203 3132 clr_optimization_v2.0.50727_64 - ok
19:50:24.0281 3132 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:50:24.0375 3132 clr_optimization_v4.0.30319_32 - ok
19:50:24.0391 3132 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:50:24.0469 3132 clr_optimization_v4.0.30319_64 - ok
19:50:24.0500 3132 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:50:24.0578 3132 CmBatt - ok
19:50:24.0593 3132 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:50:24.0671 3132 cmdide - ok
19:50:24.0703 3132 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:50:24.0796 3132 CNG - ok
19:50:24.0827 3132 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:50:24.0890 3132 Compbatt - ok
19:50:24.0921 3132 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:50:25.0030 3132 CompositeBus - ok
19:50:25.0061 3132 COMSysApp - ok
19:50:25.0093 3132 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:50:25.0171 3132 crcdisk - ok
19:50:25.0233 3132 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:50:25.0373 3132 CryptSvc - ok
19:50:25.0405 3132 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:50:25.0529 3132 CSC - ok
19:50:25.0576 3132 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:50:25.0685 3132 CscService - ok
19:50:25.0795 3132 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:50:25.0904 3132 cvhsvc - ok
19:50:25.0935 3132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:50:26.0044 3132 DcomLaunch - ok
19:50:26.0075 3132 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:50:26.0185 3132 defragsvc - ok
19:50:26.0216 3132 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:50:26.0341 3132 DfsC - ok
19:50:26.0372 3132 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:50:26.0481 3132 Dhcp - ok
19:50:26.0497 3132 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:50:26.0590 3132 discache - ok
19:50:26.0621 3132 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:50:26.0699 3132 Disk - ok
19:50:26.0715 3132 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:50:26.0824 3132 dmvsc - ok
19:50:26.0871 3132 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:50:27.0027 3132 Dnscache - ok
19:50:27.0058 3132 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:50:27.0167 3132 dot3svc - ok
19:50:27.0183 3132 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:50:27.0292 3132 DPS - ok
19:50:27.0323 3132 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:50:27.0401 3132 drmkaud - ok
19:50:27.0433 3132 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:50:27.0542 3132 DXGKrnl - ok
19:50:27.0557 3132 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:50:27.0667 3132 EapHost - ok
19:50:27.0760 3132 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:50:27.0963 3132 ebdrv - ok
19:50:27.0994 3132 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:50:28.0088 3132 EFS - ok
19:50:28.0150 3132 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:50:28.0291 3132 ehRecvr - ok
19:50:28.0306 3132 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:50:28.0400 3132 ehSched - ok
19:50:28.0415 3132 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:50:28.0509 3132 elxstor - ok
19:50:28.0540 3132 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:50:28.0618 3132 ErrDev - ok
19:50:28.0665 3132 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:50:28.0790 3132 EventSystem - ok
19:50:28.0805 3132 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:50:28.0930 3132 exfat - ok
19:50:28.0946 3132 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:50:29.0055 3132 fastfat - ok
19:50:29.0102 3132 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:50:29.0227 3132 Fax - ok
19:50:29.0242 3132 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:50:29.0351 3132 fdc - ok
19:50:29.0398 3132 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:50:29.0507 3132 fdPHost - ok
19:50:29.0523 3132 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:50:29.0632 3132 FDResPub - ok
19:50:29.0663 3132 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:50:29.0726 3132 FileInfo - ok
19:50:29.0741 3132 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:50:29.0851 3132 Filetrace - ok
19:50:29.0882 3132 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:50:29.0960 3132 flpydisk - ok
19:50:29.0991 3132 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:50:30.0069 3132 FltMgr - ok
19:50:30.0131 3132 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:50:30.0256 3132 FontCache - ok
19:50:30.0303 3132 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:50:30.0381 3132 FontCache3.0.0.0 - ok
19:50:30.0381 3132 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:50:30.0459 3132 FsDepends - ok
19:50:30.0475 3132 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:50:30.0553 3132 Fs_Rec - ok
19:50:30.0584 3132 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys
19:50:30.0693 3132 FUJ02B1 - ok
19:50:30.0724 3132 [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys
19:50:30.0818 3132 FUJ02E3 - ok
19:50:30.0849 3132 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:50:30.0943 3132 fvevol - ok
19:50:30.0958 3132 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:50:31.0036 3132 gagp30kx - ok
19:50:31.0052 3132 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:31.0114 3132 GEARAspiWDM - ok
19:50:31.0145 3132 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:50:31.0270 3132 gpsvc - ok
19:50:31.0317 3132 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:50:31.0379 3132 gusvc - ok
19:50:31.0426 3132 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:50:31.0551 3132 hcw85cir - ok
19:50:31.0582 3132 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:50:31.0660 3132 HdAudAddService - ok
19:50:31.0707 3132 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:50:31.0801 3132 HDAudBus - ok
19:50:31.0832 3132 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:50:31.0894 3132 HECIx64 - ok
19:50:31.0910 3132 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:50:32.0003 3132 HidBatt - ok
19:50:32.0003 3132 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:50:32.0097 3132 HidBth - ok
19:50:32.0128 3132 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:50:32.0206 3132 HidIr - ok
19:50:32.0222 3132 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:50:32.0331 3132 hidserv - ok
19:50:32.0362 3132 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:50:32.0425 3132 HidUsb - ok
19:50:32.0456 3132 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:50:32.0565 3132 hkmsvc - ok
19:50:32.0581 3132 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:50:32.0659 3132 HomeGroupListener - ok
19:50:32.0690 3132 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:50:32.0768 3132 HomeGroupProvider - ok
19:50:32.0877 3132 [ 389BC447DF363450A78845D35DBA0047 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:50:32.0971 3132 HomeNetSvc - ok
19:50:33.0002 3132 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:50:33.0080 3132 HpSAMD - ok
19:50:33.0111 3132 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:50:33.0220 3132 HTTP - ok
19:50:33.0236 3132 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:50:33.0314 3132 hwpolicy - ok
19:50:33.0329 3132 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:50:33.0407 3132 i8042prt - ok
19:50:33.0423 3132 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:50:33.0501 3132 iaStor - ok
19:50:33.0532 3132 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:50:33.0610 3132 iaStorV - ok
19:50:33.0657 3132 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:50:33.0782 3132 idsvc - ok
19:50:33.0969 3132 [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:50:34.0297 3132 igfx - ok
19:50:34.0328 3132 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:50:34.0437 3132 iirsp - ok
19:50:34.0468 3132 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:50:34.0609 3132 IKEEXT - ok
19:50:34.0640 3132 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:50:34.0765 3132 Impcd - ok
19:50:34.0858 3132 [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:50:34.0999 3132 IntcAzAudAddService - ok
19:50:35.0045 3132 [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:50:35.0139 3132 IntcDAud - ok
19:50:35.0170 3132 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:50:35.0233 3132 intelide - ok
19:50:35.0264 3132 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:50:35.0357 3132 intelppm - ok
19:50:35.0373 3132 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:50:35.0482 3132 IPBusEnum - ok
19:50:35.0498 3132 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:35.0591 3132 IpFilterDriver - ok
19:50:35.0638 3132 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:50:35.0732 3132 iphlpsvc - ok
19:50:35.0747 3132 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:50:35.0825 3132 IPMIDRV - ok
19:50:35.0857 3132 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:50:35.0950 3132 IPNAT - ok
19:50:36.0028 3132 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:50:36.0137 3132 iPod Service - ok
19:50:36.0153 3132 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:50:36.0247 3132 IRENUM - ok
19:50:36.0262 3132 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:50:36.0340 3132 isapnp - ok
19:50:36.0356 3132 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:50:36.0434 3132 iScsiPrt - ok
19:50:36.0465 3132 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:36.0543 3132 kbdclass - ok
19:50:36.0559 3132 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:50:36.0637 3132 kbdhid - ok
19:50:36.0652 3132 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:50:36.0715 3132 KeyIso - ok
19:50:36.0746 3132 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:50:36.0839 3132 KSecDD - ok
19:50:36.0855 3132 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:50:36.0933 3132 KSecPkg - ok
19:50:36.0964 3132 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:50:37.0058 3132 ksthunk - ok
19:50:37.0183 3132 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:50:37.0339 3132 KtmRm - ok
19:50:37.0385 3132 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:50:37.0526 3132 LanmanServer - ok
19:50:37.0557 3132 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:50:37.0666 3132 LanmanWorkstation - ok
19:50:37.0697 3132 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:50:37.0822 3132 lltdio - ok
19:50:37.0853 3132 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:50:37.0994 3132 lltdsvc - ok
19:50:38.0025 3132 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:50:38.0119 3132 lmhosts - ok
19:50:38.0181 3132 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:50:38.0259 3132 LMS ( UnsignedFile.Multi.Generic ) - warning
19:50:38.0259 3132 LMS - detected UnsignedFile.Multi.Generic (1)
19:50:38.0290 3132 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:50:38.0368 3132 LSI_FC - ok
19:50:38.0384 3132 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:50:38.0462 3132 LSI_SAS - ok
19:50:38.0477 3132 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:50:38.0555 3132 LSI_SAS2 - ok
19:50:38.0571 3132 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:50:38.0649 3132 LSI_SCSI - ok
19:50:38.0665 3132 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:50:38.0743 3132 luafv - ok
19:50:38.0836 3132 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:50:38.0930 3132 McAfee SiteAdvisor Service - ok
19:50:38.0977 3132 [ 389BC447DF363450A78845D35DBA0047 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:50:39.0039 3132 McNaiAnn - ok
19:50:39.0148 3132 [ 93432FAEA699F7A2B4F4AC5949D0B6AB ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:50:39.0242 3132 McODS - ok
19:50:39.0320 3132 [ 389BC447DF363450A78845D35DBA0047 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:50:39.0413 3132 mcpltsvc - ok
19:50:39.0460 3132 [ 389BC447DF363450A78845D35DBA0047 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:50:39.0523 3132 McProxy - ok
19:50:39.0569 3132 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:50:39.0679 3132 Mcx2Svc - ok
19:50:39.0710 3132 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:50:39.0772 3132 megasas - ok
19:50:39.0803 3132 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:50:39.0866 3132 MegaSR - ok
19:50:39.0913 3132 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
19:50:39.0991 3132 mfeapfk - ok
19:50:40.0037 3132 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
19:50:40.0115 3132 mfeavfk - ok
19:50:40.0162 3132 mfeavfk01 - ok
19:50:40.0240 3132 [ 38D1F23EE031B615A8CA51DD1E523579 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
19:50:40.0318 3132 mfecore - ok
19:50:40.0381 3132 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:50:40.0474 3132 mfefire - ok
19:50:40.0521 3132 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
19:50:40.0600 3132 mfefirek - ok
19:50:40.0662 3132 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
19:50:40.0772 3132 mfehidk - ok
19:50:40.0834 3132 [ 9C9FC3770BD600B2D761D666234C244D ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys
19:50:40.0912 3132 mfencbdc - ok
19:50:40.0928 3132 [ 93241CC8509B622B47EEA1B8505CF511 ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys
19:50:40.0990 3132 mfencrk - ok
19:50:41.0021 3132 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe
19:50:41.0099 3132 mfevtp - ok
19:50:41.0115 3132 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
19:50:41.0193 3132 mfewfpk - ok
19:50:41.0255 3132 Microsoft SharePoint Workspace Audit Service - ok
19:50:41.0286 3132 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:50:41.0427 3132 MMCSS - ok
19:50:41.0442 3132 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:50:41.0552 3132 Modem - ok
19:50:41.0567 3132 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:50:41.0645 3132 monitor - ok
19:50:41.0676 3132 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:50:41.0739 3132 mouclass - ok
19:50:41.0770 3132 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:50:41.0848 3132 mouhid - ok
19:50:41.0864 3132 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:50:41.0926 3132 mountmgr - ok
19:50:42.0004 3132 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:50:42.0098 3132 MozillaMaintenance - ok
19:50:42.0176 3132 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:50:42.0269 3132 MpFilter - ok
19:50:42.0285 3132 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:50:42.0347 3132 mpio - ok
19:50:42.0363 3132 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:50:42.0456 3132 mpsdrv - ok
19:50:42.0503 3132 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:50:42.0644 3132 MpsSvc - ok
19:50:42.0675 3132 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:50:42.0768 3132 MRxDAV - ok
19:50:42.0784 3132 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:42.0893 3132 mrxsmb - ok
19:50:42.0924 3132 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:43.0034 3132 mrxsmb10 - ok
19:50:43.0065 3132 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:43.0190 3132 mrxsmb20 - ok
19:50:43.0221 3132 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:50:43.0299 3132 msahci - ok
19:50:43.0314 3132 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:50:43.0377 3132 msdsm - ok
19:50:43.0408 3132 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:50:43.0502 3132 MSDTC - ok
19:50:43.0548 3132 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:50:43.0658 3132 Msfs - ok
19:50:43.0673 3132 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:50:43.0782 3132 mshidkmdf - ok
19:50:43.0814 3132 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:50:43.0892 3132 msisadrv - ok
19:50:43.0907 3132 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:50:44.0048 3132 MSiSCSI - ok
19:50:44.0048 3132 msiserver - ok
19:50:44.0063 3132 [ 389BC447DF363450A78845D35DBA0047 ] MSK80Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:50:44.0141 3132 MSK80Service - ok
19:50:44.0172 3132 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:50:44.0250 3132 MSKSSRV - ok
19:50:44.0344 3132 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:50:44.0422 3132 MsMpSvc - ok
19:50:44.0438 3132 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:44.0531 3132 MSPCLOCK - ok
19:50:44.0547 3132 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:50:44.0640 3132 MSPQM - ok
19:50:44.0672 3132 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:50:44.0750 3132 MsRPC - ok
19:50:44.0765 3132 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:50:44.0828 3132 mssmbios - ok
19:50:44.0843 3132 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:50:44.0937 3132 MSTEE - ok
19:50:44.0952 3132 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:50:45.0046 3132 MTConfig - ok
19:50:45.0062 3132 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:50:45.0140 3132 Mup - ok
19:50:45.0171 3132 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:50:45.0296 3132 napagent - ok
19:50:45.0342 3132 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:50:45.0436 3132 NativeWifiP - ok
19:50:45.0483 3132 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:50:45.0608 3132 NDIS - ok
19:50:45.0623 3132 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:50:45.0732 3132 NdisCap - ok
19:50:45.0748 3132 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:45.0842 3132 NdisTapi - ok
19:50:45.0857 3132 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:45.0951 3132 Ndisuio - ok
19:50:45.0982 3132 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:46.0076 3132 NdisWan - ok
19:50:46.0091 3132 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:50:46.0169 3132 NDProxy - ok
19:50:46.0200 3132 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:50:46.0325 3132 NetBIOS - ok
19:50:46.0341 3132 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:50:46.0434 3132 NetBT - ok
19:50:46.0450 3132 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:50:46.0512 3132 Netlogon - ok
19:50:46.0559 3132 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:50:46.0668 3132 Netman - ok
19:50:46.0700 3132 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:46.0778 3132 NetMsmqActivator - ok
19:50:46.0778 3132 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:46.0840 3132 NetPipeActivator - ok
19:50:46.0856 3132 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:50:46.0949 3132 netprofm - ok
19:50:46.0949 3132 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:47.0012 3132 NetTcpActivator - ok
19:50:47.0012 3132 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:47.0090 3132 NetTcpPortSharing - ok
19:50:47.0105 3132 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:50:47.0168 3132 nfrd960 - ok
19:50:47.0214 3132 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:50:47.0277 3132 NisDrv - ok
19:50:47.0324 3132 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:50:47.0386 3132 NisSrv - ok
19:50:47.0448 3132 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:50:47.0526 3132 NlaSvc - ok
19:50:47.0558 3132 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:50:47.0636 3132 Npfs - ok
19:50:47.0667 3132 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:50:47.0760 3132 nsi - ok
19:50:47.0760 3132 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:50:47.0854 3132 nsiproxy - ok
19:50:47.0916 3132 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:50:48.0041 3132 Ntfs - ok
19:50:48.0041 3132 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:50:48.0150 3132 Null - ok
19:50:48.0182 3132 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:50:48.0244 3132 nvraid - ok
19:50:48.0275 3132 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:50:48.0353 3132 nvstor - ok
19:50:48.0369 3132 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:50:48.0447 3132 nv_agp - ok
19:50:48.0462 3132 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:50:48.0540 3132 ohci1394 - ok
19:50:48.0572 3132 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:50:48.0634 3132 ose - ok
19:50:48.0774 3132 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:50:48.0930 3132 osppsvc - ok
19:50:48.0993 3132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:50:49.0133 3132 p2pimsvc - ok
19:50:49.0149 3132 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:50:49.0274 3132 p2psvc - ok
19:50:49.0289 3132 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:50:49.0367 3132 Parport - ok
19:50:49.0398 3132 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:50:49.0461 3132 partmgr - ok
19:50:49.0492 3132 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:50:49.0586 3132 PcaSvc - ok
19:50:49.0617 3132 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:50:49.0679 3132 pci - ok
19:50:49.0695 3132 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:50:49.0773 3132 pciide - ok
19:50:49.0804 3132 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:50:49.0866 3132 pcmcia - ok
19:50:49.0898 3132 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:50:49.0960 3132 pcw - ok
19:50:50.0007 3132 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:50:50.0116 3132 PEAUTH - ok
19:50:50.0163 3132 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:50:50.0303 3132 PeerDistSvc - ok
19:50:50.0366 3132 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:50:50.0459 3132 PerfHost - ok
19:50:50.0522 3132 [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE ] PFNService C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
19:50:50.0584 3132 PFNService ( UnsignedFile.Multi.Generic ) - warning
19:50:50.0584 3132 PFNService - detected UnsignedFile.Multi.Generic (1)
19:50:50.0646 3132 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:50:50.0818 3132 pla - ok
19:50:50.0865 3132 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:50:50.0990 3132 PlugPlay - ok
19:50:51.0021 3132 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:50:51.0099 3132 PNRPAutoReg - ok
19:50:51.0146 3132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:50:51.0208 3132 PNRPsvc - ok
19:50:51.0255 3132 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:50:51.0364 3132 PolicyAgent - ok
19:50:51.0395 3132 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:50:51.0504 3132 Power - ok
19:50:51.0551 3132 [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
19:50:51.0645 3132 PowerSavingUtilityService - ok
19:50:51.0676 3132 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:50:51.0785 3132 PptpMiniport - ok
19:50:51.0801 3132 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:50:51.0879 3132 Processor - ok
19:50:51.0910 3132 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:50:52.0019 3132 ProfSvc - ok
19:50:52.0035 3132 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:50:52.0097 3132 ProtectedStorage - ok
19:50:52.0128 3132 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:50:52.0222 3132 Psched - ok
19:50:52.0284 3132 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:50:52.0456 3132 ql2300 - ok
19:50:52.0487 3132 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:50:52.0565 3132 ql40xx - ok
19:50:52.0596 3132 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:50:52.0674 3132 QWAVE - ok
19:50:52.0690 3132 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:50:52.0784 3132 QWAVEdrv - ok
19:50:52.0784 3132 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:50:52.0893 3132 RasAcd - ok
19:50:52.0924 3132 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:50:53.0018 3132 RasAgileVpn - ok
19:50:53.0174 3132 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:50:53.0314 3132 RasAuto - ok
19:50:53.0345 3132 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:53.0454 3132 Rasl2tp - ok
19:50:53.0501 3132 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:50:53.0642 3132 RasMan - ok
19:50:53.0657 3132 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:53.0782 3132 RasPppoe - ok
19:50:53.0798 3132 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:50:53.0891 3132 RasSstp - ok
19:50:53.0907 3132 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:50:54.0000 3132 rdbss - ok
19:50:54.0016 3132 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:50:54.0110 3132 rdpbus - ok
19:50:54.0141 3132 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:54.0234 3132 RDPCDD - ok
19:50:54.0250 3132 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:50:54.0359 3132 RDPDR - ok
19:50:54.0375 3132 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:50:54.0484 3132 RDPENCDD - ok
19:50:54.0500 3132 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:50:54.0578 3132 RDPREFMP - ok
19:50:54.0624 3132 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:50:54.0718 3132 RDPWD - ok
19:50:54.0749 3132 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:50:54.0827 3132 rdyboost - ok
19:50:54.0858 3132 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:50:54.0968 3132 RemoteAccess - ok
19:50:55.0014 3132 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:50:55.0155 3132 RemoteRegistry - ok
19:50:55.0217 3132 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:50:55.0326 3132 RFCOMM - ok
19:50:55.0373 3132 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:50:55.0514 3132 RpcEptMapper - ok
19:50:55.0545 3132 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:50:55.0623 3132 RpcLocator - ok
19:50:55.0654 3132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:50:55.0748 3132 RpcSs - ok
19:50:55.0794 3132 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:50:55.0888 3132 rspndr - ok
19:50:55.0935 3132 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:50:56.0044 3132 RSUSBSTOR - ok
19:50:56.0060 3132 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:50:56.0122 3132 RTL8167 - ok
19:50:56.0153 3132 RtsUIR - ok
19:50:56.0169 3132 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:50:56.0247 3132 s3cap - ok
19:50:56.0262 3132 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:50:56.0325 3132 SamSs - ok
19:50:56.0356 3132 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:50:56.0434 3132 sbp2port - ok
19:50:56.0465 3132 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:50:56.0574 3132 SCardSvr - ok
19:50:56.0590 3132 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:50:56.0699 3132 scfilter - ok
19:50:56.0730 3132 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:50:56.0886 3132 Schedule - ok
19:50:56.0918 3132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:50:56.0996 3132 SCPolicySvc - ok
19:50:57.0027 3132 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:50:57.0105 3132 SDRSVC - ok
19:50:57.0136 3132 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:50:57.0214 3132 secdrv - ok
19:50:57.0230 3132 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:50:57.0323 3132 seclogon - ok
19:50:57.0339 3132 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:50:57.0417 3132 SENS - ok
19:50:57.0432 3132 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:50:57.0526 3132 SensrSvc - ok
19:50:57.0573 3132 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:50:57.0666 3132 Serenum - ok
19:50:57.0682 3132 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:50:57.0760 3132 Serial - ok
19:50:57.0776 3132 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:50:57.0854 3132 sermouse - ok
19:50:57.0885 3132 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:50:57.0994 3132 SessionEnv - ok
19:50:58.0025 3132 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:50:58.0103 3132 sffdisk - ok
19:50:58.0119 3132 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:50:58.0212 3132 sffp_mmc - ok
19:50:58.0212 3132 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:50:58.0290 3132 sffp_sd - ok
19:50:58.0337 3132 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:50:58.0400 3132 sfloppy - ok
19:50:58.0462 3132 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:50:58.0540 3132 Sftfs - ok
19:50:58.0602 3132 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:50:58.0712 3132 sftlist - ok
19:50:58.0727 3132 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:50:58.0805 3132 Sftplay - ok
19:50:58.0836 3132 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:50:58.0899 3132 Sftredir - ok
19:50:58.0914 3132 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:50:58.0992 3132 Sftvol - ok
19:50:59.0024 3132 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:50:59.0086 3132 sftvsa - ok
19:50:59.0117 3132 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:50:59.0226 3132 SharedAccess - ok
19:50:59.0258 3132 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:50:59.0367 3132 ShellHWDetection - ok
19:50:59.0367 3132 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:50:59.0445 3132 SiSRaid2 - ok
19:50:59.0476 3132 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:50:59.0538 3132 SiSRaid4 - ok
19:50:59.0601 3132 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:50:59.0710 3132 SkypeUpdate - ok
19:50:59.0726 3132 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:50:59.0819 3132 Smb - ok
19:50:59.0866 3132 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:50:59.0944 3132 SNMPTRAP - ok
19:50:59.0944 3132 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:51:00.0022 3132 spldr - ok
19:51:00.0053 3132 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:51:00.0147 3132 Spooler - ok
19:51:00.0240 3132 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:51:00.0474 3132 sppsvc - ok
19:51:00.0490 3132 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:51:00.0584 3132 sppuinotify - ok
19:51:00.0615 3132 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:51:00.0693 3132 srv - ok
19:51:00.0724 3132 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:00.0802 3132 srv2 - ok
19:51:00.0833 3132 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:00.0896 3132 srvnet - ok
19:51:00.0942 3132 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:01.0052 3132 SSDPSRV - ok
19:51:01.0052 3132 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:51:01.0161 3132 SstpSvc - ok
19:51:01.0176 3132 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:51:01.0239 3132 stexstor - ok
19:51:01.0286 3132 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:51:01.0379 3132 stisvc - ok
19:51:01.0410 3132 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:51:01.0473 3132 storflt - ok
19:51:01.0504 3132 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:51:01.0598 3132 StorSvc - ok
19:51:01.0644 3132 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:51:01.0707 3132 storvsc - ok
19:51:01.0722 3132 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:51:01.0785 3132 swenum - ok
19:51:01.0816 3132 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:51:01.0941 3132 swprv - ok
19:51:01.0956 3132 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:51:02.0034 3132 SynTP - ok
19:51:02.0081 3132 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:51:02.0237 3132 SysMain - ok
19:51:02.0253 3132 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:02.0346 3132 TabletInputService - ok
19:51:02.0362 3132 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:02.0487 3132 TapiSrv - ok
19:51:02.0502 3132 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:51:02.0596 3132 TBS - ok
19:51:02.0674 3132 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:02.0846 3132 Tcpip - ok
19:51:02.0908 3132 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:03.0017 3132 TCPIP6 - ok
19:51:03.0048 3132 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:03.0158 3132 tcpipreg - ok
19:51:03.0189 3132 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:03.0282 3132 TDPIPE - ok
19:51:03.0298 3132 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:03.0376 3132 TDTCP - ok
19:51:03.0407 3132 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:03.0501 3132 tdx - ok
19:51:03.0516 3132 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:51:03.0579 3132 TermDD - ok
19:51:03.0626 3132 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:51:03.0750 3132 TermService - ok
19:51:03.0766 3132 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:51:03.0844 3132 Themes - ok
19:51:03.0875 3132 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:03.0953 3132 THREADORDER - ok
19:51:04.0000 3132 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
19:51:04.0094 3132 TPM - ok
19:51:04.0109 3132 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:51:04.0234 3132 TrkWks - ok
19:51:04.0281 3132 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:04.0374 3132 TrustedInstaller - ok
19:51:04.0390 3132 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:04.0484 3132 tssecsrv - ok
19:51:04.0515 3132 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:51:04.0593 3132 TsUsbFlt - ok
19:51:04.0624 3132 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:51:04.0702 3132 TsUsbGD - ok
19:51:04.0733 3132 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:04.0842 3132 tunnel - ok
19:51:04.0858 3132 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:51:04.0936 3132 uagp35 - ok
19:51:04.0952 3132 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:05.0076 3132 udfs - ok
19:51:05.0108 3132 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:05.0186 3132 UI0Detect - ok
19:51:05.0201 3132 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:05.0279 3132 uliagpkx - ok
19:51:05.0326 3132 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:51:05.0420 3132 umbus - ok
19:51:05.0451 3132 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:51:05.0529 3132 UmPass - ok
19:51:05.0560 3132 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:51:05.0638 3132 UmRdpService - ok
19:51:05.0747 3132 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:51:05.0825 3132 UNS ( UnsignedFile.Multi.Generic ) - warning
19:51:05.0825 3132 UNS - detected UnsignedFile.Multi.Generic (1)
19:51:05.0856 3132 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:51:05.0950 3132 upnphost - ok
19:51:05.0981 3132 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:51:06.0090 3132 USBAAPL64 - ok
19:51:06.0122 3132 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:06.0200 3132 usbccgp - ok
19:51:06.0215 3132 USBCCID - ok
19:51:06.0246 3132 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:06.0324 3132 usbcir - ok
19:51:06.0356 3132 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:51:06.0465 3132 usbehci - ok
19:51:06.0496 3132 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:06.0590 3132 usbhub - ok
19:51:06.0605 3132 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:51:06.0699 3132 usbohci - ok
19:51:06.0730 3132 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:51:06.0824 3132 usbprint - ok
19:51:06.0870 3132 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:51:06.0980 3132 usbscan - ok
19:51:06.0995 3132 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:07.0104 3132 USBSTOR - ok
19:51:07.0120 3132 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:51:07.0198 3132 usbuhci - ok
19:51:07.0214 3132 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:51:07.0292 3132 usbvideo - ok
19:51:07.0307 3132 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:51:07.0416 3132 UxSms - ok
19:51:07.0432 3132 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:51:07.0494 3132 VaultSvc - ok
19:51:07.0526 3132 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:51:07.0588 3132 vdrvroot - ok
19:51:07.0604 3132 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:51:07.0728 3132 vds - ok
19:51:07.0791 3132 [ D9656445499625B0ED88C0B203F3C16F ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
19:51:07.0869 3132 VFPRadioSupportService - ok
19:51:07.0900 3132 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:07.0962 3132 vga - ok
19:51:07.0994 3132 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:08.0087 3132 VgaSave - ok
19:51:08.0134 3132 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:51:08.0196 3132 vhdmp - ok
19:51:08.0212 3132 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:08.0290 3132 viaide - ok
19:51:08.0321 3132 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:51:08.0399 3132 vmbus - ok
19:51:08.0415 3132 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:51:08.0493 3132 VMBusHID - ok
19:51:08.0508 3132 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:08.0586 3132 volmgr - ok
19:51:08.0602 3132 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:08.0680 3132 volmgrx - ok
19:51:08.0696 3132 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:08.0774 3132 volsnap - ok
19:51:08.0789 3132 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:51:08.0867 3132 vsmraid - ok
19:51:08.0914 3132 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:51:09.0086 3132 VSS - ok
19:51:09.0148 3132 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:09.0273 3132 vwifibus - ok
19:51:09.0304 3132 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:09.0413 3132 vwififlt - ok
19:51:09.0413 3132 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:51:09.0538 3132 W32Time - ok
19:51:09.0554 3132 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:51:09.0632 3132 WacomPen - ok
19:51:09.0678 3132 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:51:09.0772 3132 WANARP - ok
19:51:09.0772 3132 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:51:09.0866 3132 Wanarpv6 - ok
19:51:09.0912 3132 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:51:10.0131 3132 wbengine - ok
19:51:10.0146 3132 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:51:10.0224 3132 WbioSrvc - ok
19:51:10.0256 3132 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:10.0349 3132 wcncsvc - ok
19:51:10.0365 3132 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:10.0458 3132 WcsPlugInService - ok
19:51:10.0490 3132 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:51:10.0568 3132 Wd - ok
19:51:10.0614 3132 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:51:10.0708 3132 Wdf01000 - ok
19:51:10.0724 3132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:10.0880 3132 WdiServiceHost - ok
19:51:10.0880 3132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:10.0959 3132 WdiSystemHost - ok
19:51:11.0005 3132 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:51:11.0208 3132 WebClient - ok
19:51:11.0239 3132 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:11.0364 3132 Wecsvc - ok
19:51:11.0395 3132 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:51:11.0505 3132 wercplsupport - ok
19:51:11.0520 3132 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:11.0614 3132 WerSvc - ok
19:51:11.0645 3132 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:11.0739 3132 WfpLwf - ok
19:51:11.0754 3132 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:51:11.0817 3132 WIMMount - ok
19:51:11.0848 3132 WinDefend - ok
19:51:11.0863 3132 WinHttpAutoProxySvc - ok
19:51:11.0926 3132 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:51:12.0066 3132 Winmgmt - ok
19:51:12.0113 3132 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:12.0300 3132 WinRM - ok
19:51:12.0363 3132 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:12.0472 3132 WinUsb - ok
19:51:12.0503 3132 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:12.0628 3132 Wlansvc - ok
19:51:12.0675 3132 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:51:12.0753 3132 wlcrasvc - ok
19:51:12.0877 3132 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:51:12.0987 3132 wlidsvc - ok
19:51:13.0018 3132 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:51:13.0111 3132 WmiAcpi - ok
19:51:13.0143 3132 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:51:13.0252 3132 wmiApSrv - ok
19:51:13.0299 3132 WMPNetworkSvc - ok
19:51:13.0330 3132 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:13.0423 3132 WPCSvc - ok
19:51:13.0439 3132 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:13.0533 3132 WPDBusEnum - ok
19:51:13.0564 3132 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:51:13.0673 3132 ws2ifsl - ok
19:51:13.0689 3132 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:51:13.0782 3132 wscsvc - ok
19:51:13.0782 3132 WSearch - ok
19:51:13.0876 3132 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:51:14.0032 3132 wuauserv - ok
19:51:14.0079 3132 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:51:14.0172 3132 WudfPf - ok
19:51:14.0203 3132 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:14.0281 3132 WUDFRd - ok
19:51:14.0297 3132 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:14.0375 3132 wudfsvc - ok
19:51:14.0391 3132 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:51:14.0484 3132 WwanSvc - ok
19:51:14.0515 3132 ================ Scan global ===============================
19:51:14.0531 3132 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:51:14.0578 3132 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:51:14.0593 3132 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
19:51:14.0609 3132 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:51:14.0640 3132 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:51:14.0640 3132 [Global] - ok
19:51:14.0640 3132 ================ Scan MBR ==================================
19:51:14.0656 3132 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:51:15.0061 3132 \Device\Harddisk0\DR0 - ok
19:51:15.0061 3132 ================ Scan VBR ==================================
19:51:15.0093 3132 [ 32D6012C410DCA3042B1AD2E2BFB427A ] \Device\Harddisk0\DR0\Partition1
19:51:15.0093 3132 \Device\Harddisk0\DR0\Partition1 - ok
19:51:15.0108 3132 [ BBF83EF10BC8F974D9954CBBA1DE9C31 ] \Device\Harddisk0\DR0\Partition2
19:51:15.0108 3132 \Device\Harddisk0\DR0\Partition2 - ok
19:51:15.0108 3132 ============================================================
19:51:15.0108 3132 Scan finished
19:51:15.0108 3132 ============================================================
19:51:15.0124 4212 Detected object count: 4
19:51:15.0124 4212 Actual detected object count: 4
19:51:38.0681 4212 AISConnect ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:38.0681 4212 AISConnect ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:38.0681 4212 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:38.0681 4212 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:38.0681 4212 PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:38.0681 4212 PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:38.0681 4212 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:38.0681 4212 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.02.2013, 17:12
| #12 |
| /// Malware-holic | Backdoor FAJX Trojaner hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 18:55
| #13 |
| | Backdoor FAJX Trojaner okay bin dran Geändert von Gregor259 (05.02.2013 um 19:02 Uhr) |
|
05.02.2013, 18:58
| #14 |
| /// Malware-holic | Backdoor FAJX Trojaner lass ihn ne weile laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 19:41
| #15 |
| | Backdoor FAJX TrojanerCode:
ATTFilter ComboFix 13-02-03.03 - Silja 05.02.2013 18:28:19.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3893.2085 [GMT 1:00]
ausgeführt von:: c:\users\Silja\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 ))))))))))))))))))))))))))))))
.
.
2013-02-05 18:16 . 2013-02-05 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-05 17:14 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A17EAC44-87DC-44B9-B71A-F78B042146CF}\mpengine.dll
2013-02-04 16:46 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-02 15:57 . 2013-02-02 15:57 -------- d-----w- c:\users\Silja\AppData\Roaming\Malwarebytes
2013-02-02 15:57 . 2013-02-02 15:57 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 15:57 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 15:57 . 2013-02-02 15:57 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-02 15:57 . 2013-02-02 15:57 -------- d-----w- c:\users\Silja\AppData\Local\Programs
2013-01-26 13:26 . 2013-01-26 13:31 -------- d-----w- c:\users\Silja\AppData\Roaming\vlc
2013-01-26 13:24 . 2013-01-26 13:24 -------- dc----w- c:\program files (x86)\VideoLAN
2013-01-09 17:02 . 2013-01-09 17:02 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-09 13:39 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 13:39 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 13:37 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 13:37 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 13:37 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 13:37 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 13:37 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 13:37 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 13:37 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 13:37 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 13:37 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 13:37 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 13:37 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 13:37 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:42 . 2011-08-12 18:05 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 17:02 . 2012-09-01 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 17:02 . 2011-08-08 15:05 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-28 11:04 . 2012-12-28 11:05 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-28 11:04 . 2012-12-28 11:05 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-28 11:04 . 2011-08-21 14:35 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-21 21:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 21:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 13:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 15:40 . 2012-11-29 15:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5B7FFD-8DEA-4217-8217-94602C8C2228}\gapaengine.dll
2012-11-14 07:06 . 2012-12-12 18:03 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 18:03 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 18:03 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 18:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 18:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 18:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 18:03 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 18:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 18:03 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 18:03 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 18:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 18:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 18:03 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 18:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 18:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 18:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 18:03 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 18:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 18:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 18:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 18:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 18:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 13:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 05:40 . 2012-11-09 05:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:37 . 2012-11-09 05:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 05:37 . 2013-01-06 13:23 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:35 . 2012-11-09 05:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:34 . 2012-11-09 05:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:34 . 2012-11-09 05:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:33 . 2012-11-09 05:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-09 04:42 . 2012-12-12 13:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-01-23 5629720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AISConnect;AIS Connect Agent;c:\program files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [2009-01-26 32768]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-24 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 17:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-24 6310912]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Silja\AppData\Roaming\Mozilla\Firefox\Profiles\0kmecpcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de/ig
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (S-1-5-21-1148136723-791584922-1288239498-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1148136723-791584922-1288239498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05 19:36:19
ComboFix-quarantined-files.txt 2013-02-05 18:36
.
Vor Suchlauf: 7.120.818.176 Bytes frei
Nach Suchlauf: 7.040.151.552 Bytes frei
.
- - End Of File - - 345B5256DA747DE6CD9E08DFBF0CB9EE
|
|
| Themen zu Backdoor FAJX Trojaner |
| backdoor, bho, bonjour, canon, converter, error, excel, flash player, gruppe, helper, home, install.exe, langsam, microsoft office starter 2010, mozilla, mp3, msvcrt, picasa, plug-in, realtek, registry, richtlinie, rundll, saving, scan, security, server, siteadvisor, software, svchost.exe, trojaner, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
