|
Backdoor FAJX Trojaner Hallo, mein PC arbeitet nur noch extrem langsam und stürzt immer wieder ab. MC Afee zeigte den BAckdoor FAJX Trojaner an. Besonders Word reagiert kaum noch. Die vorgegebenen logfiles stehen hier: OTL Extras logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01408145-13F9-40C9-8C4D-B218C0F88AE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BE6E028-DA30-4F22-80AB-89FC7F7C9E49}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{42A9E6EE-3749-4DAF-B6F4-7F7B35E19727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47C5D813-78A5-447F-8607-3F9D2A099DBE}" = rport=10243 | protocol=6 | dir=out | app=system | "{4907B9DF-E965-4275-82A7-F48E867718B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{55128460-BF79-44CF-BE0E-F637FD0EC9B2}" = lport=139 | protocol=6 | dir=in | app=system | "{5AACC7BA-5845-47DD-99F0-4C0C03FA3B34}" = rport=139 | protocol=6 | dir=out | app=system | "{5E15CB8B-8F08-48A6-8AAE-EE8A2436C188}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5EEC25CA-212B-4825-A76D-32584DCEA634}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5F70C152-3683-4436-8ADF-E51708BF835E}" = lport=138 | protocol=17 | dir=in | app=system | "{6438D3D2-8F33-4841-9F32-DA15C7E5118F}" = lport=10243 | protocol=6 | dir=in | app=system | "{71D69538-7265-40E9-99B7-91EC5F779AB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{771F14B4-C6A7-48AD-A896-FAAF0117B252}" = rport=138 | protocol=17 | dir=out | app=system | "{80187183-AC25-4F75-99D3-838EFA864DCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{80D014F3-BFB1-4C94-AEE4-27F416CBF75A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{838D9D05-4037-41A6-88F4-90BD8462F94B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{984EE27F-6DD8-4AD3-B5BC-DD1B4E89DB56}" = rport=137 | protocol=17 | dir=out | app=system | "{9C97D4EC-481E-444A-9CBD-9B023B975B9F}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5A3CD70-6B51-49AD-A994-21443E1314C9}" = lport=137 | protocol=17 | dir=in | app=system | "{ACC7EAFC-3A86-42AE-9D3F-29CC7C4E4625}" = lport=445 | protocol=6 | dir=in | app=system | "{AF698737-B1BE-4014-B075-0D0956FBAF61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3CC34E6-E6DF-4D7F-91A1-C39EAC321FF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5CB643F-45B1-41EE-B37D-BBC07F3D9447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA7104F9-6609-430D-B05C-0969742652EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DFD62FC5-D05D-42A3-8AEE-159E6F417824}" = rport=445 | protocol=6 | dir=out | app=system | "{E9139AB1-E5A8-4C20-B430-BCF523277C56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05806CFB-686B-4ECF-B75B-433BE6104D40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{0859A395-78AF-4821-9925-3E8E4CA91D88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A80C375-9F8D-4B60-B59C-86B2826A26E1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DE39EF3-6DC2-4C0C-8B78-AC3ED1BE280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1303EF2C-EED2-4719-8D98-F1F44F428B55}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1FC3EF8E-2C65-4865-86D5-F2F3810A46FE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{21A008FD-EC75-4906-B7C2-AA2BBC2626E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C9498E8-DE9F-4BC1-AD15-02CD855D69DB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{3D013CD0-95D1-45D4-A746-298F6750E4BE}" = protocol=6 | dir=out | app=system | "{3EBF1C55-E682-4D71-9840-BB0FC56DDA52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{49438DD8-6BAA-477D-83D3-78A6553F4D52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4DCAA70E-7EE1-45E0-B30E-35D683A3FB75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5329C726-1755-4042-B998-AB6B9ED249F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{58F59BE4-2DE7-4597-BB44-D96CBD5BCA4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5A4286FD-4422-4027-9110-ABB517785086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5DAB5F91-56C7-4507-B5F5-46EAB83B6E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6CAC461A-791D-426A-AA76-69358A49BEA2}" = dir=out | app=c:\program files (x86)\fujitsu\ais connect\bin\qsamain.exe | "{7B1BBE74-2C33-4C67-BBE3-18724A6B82E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{832A6E03-93B6-4D8F-919C-2C3359EE9614}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8614B864-9881-44A8-96F7-DD7551F5576B}" = dir=in | app=c:\program files (x86)\fujitsu\ais connect\ultravnc\winvnc.exe | "{870931CC-F1E3-446A-B1E3-D9E3615D7E3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8DB5B3F9-288A-4E3C-B5B2-D2E2414B3A03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{92C99304-7AAB-4F9A-9C33-26136E8DB5D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{955A5197-145A-4B37-971C-82AB23525777}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{99B3B365-63B8-425E-A040-66FBDB4D7D99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B70C3BF-A236-4B1A-B57B-76A3A4BEF7D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5CBA2CD-A7DA-4307-8976-AC788A666F55}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AE0197C3-F81F-48A7-BBAE-C2AB5BDDBA74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF76C918-EA4E-4571-9F67-6B0BAD06EA6A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B1C76C81-FDD8-40A4-A00F-FD028600FF1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C088AF7D-E5D6-4A90-9870-5543210A3499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{CD9B1A22-CBE1-451C-8E7F-0278C2D49C1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1211C61-D611-4C0B-83DC-F38FA457919B}" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{D4A4D09F-B5A5-4EEE-BC41-6CBA0D45806D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D84B5AB5-C805-4602-A9C5-C3F351B6BD7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1726AD1-C0E3-40B0-8E46-8E5D62D22D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E20CFEFA-542B-4E92-8E5A-A601E0396E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E44CEBC9-4330-405C-A06D-3D2E1AB22768}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E87F2DAA-5384-45A6-B9AC-181E1F794054}" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "{EBECF4EB-A12E-4E33-9257-5A39BE627788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1786ECB-C739-46E5-8946-BE657B30A025}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{4EFBD8EF-3A07-488D-A019-95B840D72BA6}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{3E5C4435-6E23-4FED-A18E-D368D3CECDB2}C:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\silja\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists "{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0 "{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON-Drucker-Software "GIMP-2_is1" = GIMP 2.8.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{42BECD47-97E0-4A2A-B71E-769A6E8CE49F}" = Rund um (2.0) ... Seydlitz Erdkunde 3 RP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{684C156A-CB4E-4183-AE0F-39113A042B3C}" = Rund um (2.0) ... Seydlitz Erdkunde 1 RP "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71309017-BB93-4594-87B1-0228D59E779C}" = Rund um (2.0) ... Seydlitz Erdkunde 2 RP "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect "{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIS Connect" = AIS Connect "Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Der Geographie-Pool 2009-2010" = Der Geographie-Pool 2009-2010 "Der Geographie-Pool 2010-2011" = Der Geographie-Pool 2010-2011 "Der Geographie-Pool 2011-2012" = Der Geographie-Pool 2011-2012 "DeskUpdate_is1" = DeskUpdate 4.11 "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular-Update "FileZilla Client" = FileZilla Client 3.5.1 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility "InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Virtual Technician" = McAfee Virtual Technician "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "MSC" = McAfee Total Protection "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "Speed Dial Utility" = Canon Kurzwahlprogramm "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 3058 Description = Error - 1/29/2013 4:28:29 PM | Computer Name = Silja-PC | Source = Windows Search Service | ID = 7010 Description = Error - 1/29/2013 4:29:01 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 1/29/2013 4:49:09 PM | Computer Name = Silja-PC | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 14.0.6129.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a90 Startzeit: 01cdfe5f423be477 Endzeit: 1919 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Berichts-ID: 46617653-6a55-11e2-9401-4cedde899ee1 Error - 1/30/2013 9:10:27 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 9:40:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:00:54 PM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/1/2013 2:29:30 PM | Computer Name = Silja-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: CSRBthFtpShellExt.dll, Version: 5.0.14.0, Zeitstempel: 0x4b2f522b Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000006633e ID des fehlerhaften Prozesses: 0x244 Startzeit der fehlerhaften Anwendung: 0x01ce00a6405783c3 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpShellExt.dll Berichtskennung: 50b33900-6c9d-11e2-91a6-4cedde899ee1 Error - 2/2/2013 3:18:24 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = Error - 2/2/2013 11:54:51 AM | Computer Name = Silja-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/29/2013 4:28:38 PM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/29/2013 4:32:57 PM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 1/30/2013 9:13:49 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:50 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:53 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:54 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:55 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 1/30/2013 9:13:56 AM | Computer Name = Silja-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 2/2/2013 4:02:43 AM | Computer Name = Silja-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 2/2/2013 11:54:25 AM | Computer Name = Silja-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Silja-PC\Silja-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. < End of report > OTL logfile created on: 2/2/2013 7:02:32 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Silja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.64% Memory free 7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50.00 Gb Total Space | 6.58 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive D: | 246.09 Gb Total Space | 122.34 Gb Free Space | 49.72% Space Free | Partition Type: NTFS Computer Name: SILJA-PC | User Name: Silja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/01/19 13:58:37 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/07/08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/01/19 13:58:28 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 11:07:08 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/10 11:07:07 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe MOD - [2013/01/10 09:32:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/10 09:32:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 09:32:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 09:32:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 09:32:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 09:32:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/01/19 13:58:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 18:02:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE:64bit: - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKLM\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG IE - HKCU\..\SearchScopes,DefaultScope = {E7796404-243F-40E8-B4E5-3E7DA2BAF7BF} IE - HKCU\..\SearchScopes\{E7796404-243F-40E8-B4E5-3E7DA2BAF7BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE443 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de/ig" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/16 16:59:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/07 14:05:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 13:58:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/04 21:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions [2013/01/10 19:16:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/24 18:13:36 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Silja\AppData\Roaming\mozilla\Firefox\Profiles\0kmecpcp.default\extensions\2020Player_IKEA@2020Technologies.com [2011/08/27 09:32:16 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Silja\AppData\Roaming\mozilla\firefox\profiles\0kmecpcp.default\extensions\youtube2mp3@mondayx.de.xpi [2013/01/19 13:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/16 16:59:53 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013/01/19 13:58:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/26 21:34:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/01 20:06:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/26 21:34:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/26 21:34:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/21 08:27:10 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/07/26 21:34:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/26 21:34:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64A77631-F53B-4C0A-B1EA-9B7F7FB51112}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell - "" = AutoRun O33 - MountPoints2\{d212b67d-bf61-11e1-ad60-4cedde899ee1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/02 19:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 17:08:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/02 17:03:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/02 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/02/02 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\Malwarebytes [2013/02/02 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 16:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 16:57:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/02 16:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 16:57:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\Programs [2013/02/02 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A5BE5C60-F597-4973-B52C-00A0933C9293} [2013/02/01 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2200EEEF-2183-49A8-99FC-285104A9D22A} [2013/01/30 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{8C09482A-6D84-4888-A4DF-8788A1AAA01D} [2013/01/29 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{87635D22-F573-484E-A9D4-F671105B208D} [2013/01/28 17:51:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{980C562A-6892-4534-9BFA-B8389A63CAA8} [2013/01/27 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E18F106A-57AA-4A40-84B7-01A00F3B420F} [2013/01/26 18:47:36 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A65834CD-A4D3-4336-921E-6BFD508EB01B} [2013/01/26 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Roaming\vlc [2013/01/26 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/01/26 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/01/24 22:41:51 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{451403DE-7969-4F25-BAF4-AB583264692D} [2013/01/23 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{25BD6F06-E507-4800-9917-6F1523950092} [2013/01/22 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{216BABC5-5C3D-4D70-9D9B-E1722409C5BC} [2013/01/22 06:16:42 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{B23043C8-269B-4974-AF1F-81BD9A42E8AF} [2013/01/21 16:14:19 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F3394AE6-C01F-4170-AD6A-3CA8394892D2} [2013/01/20 09:07:05 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{538DB1CA-DB8B-4AF7-A517-0FC4C6207910} [2013/01/19 13:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/19 12:45:25 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{19FECCF4-FDFC-4215-A70D-697C22C551BE} [2013/01/18 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{92182C80-0AEB-43D4-AD40-7565AA9864C9} [2013/01/17 20:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/17 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{03BB4C46-B0DA-430D-874F-0F3A5E03D03B} [2013/01/16 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{04791108-DD0C-4B18-9F6B-4B80458A3BE7} [2013/01/15 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{3B174036-544D-4B9D-8F9E-2AD3F1515F11} [2013/01/15 06:57:06 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{A7B9C386-B30C-4AA9-93F2-04BAA09D5BBB} [2013/01/14 17:52:35 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{48AC2A84-AC5B-43B1-87C5-8EBB55ED76BE} [2013/01/13 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{4E33A9AF-6858-4B5A-A4F8-C248853110DE} [2013/01/13 09:00:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{53EC7630-26AE-42CC-B872-D615C37591C7} [2013/01/12 10:37:32 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{F2B23D77-6EEB-4374-B723-5FAE4E6E6B59} [2013/01/11 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{1A500B04-7391-40BE-BA0F-C4C3D94CD36F} [2013/01/11 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{E81B5409-0D5B-4A05-960B-432CA51DD3AF} [2013/01/10 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{2BE3B405-7C61-43AF-8958-BD9091617BF0} [2013/01/09 10:39:44 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{BD821DD2-CDB8-4514-82C5-B8D9ED065262} [2013/01/08 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{26F34ED9-4509-4A01-82B6-FB89A481EBF2} [2013/01/07 14:09:22 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{05E466CF-D5F0-4E7F-822B-1E3537B0BD3C} [2013/01/06 14:23:44 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013/01/06 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\Silja\AppData\Local\{0F631E05-3F7D-4A56-9AD5-8DB77EE8801A} ========== Files - Modified Within 30 Days ========== [2013/02/02 19:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Silja\Desktop\OTL.exe [2013/02/02 19:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/02 19:01:50 | 000,000,000 | ---- | M] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:31 | 000,050,477 | ---- | M] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 17:01:19 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/02 16:57:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 16:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/02 16:52:59 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/02/01 19:30:23 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/01 19:30:23 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/01 19:30:23 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/01 19:30:23 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/01 19:30:23 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/01 14:41:56 | 000,001,025 | ---- | M] () -- C:\Users\Silja\Desktop\Dropbox.lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | M] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/20 09:02:25 | 000,418,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/13 18:36:18 | 000,299,647 | ---- | M] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:46 | 000,472,837 | ---- | M] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/09 21:51:08 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/02/02 19:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Silja\defogger_reenable [2013/02/02 19:01:30 | 000,050,477 | ---- | C] () -- C:\Users\Silja\Desktop\Defogger.exe [2013/02/02 16:57:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/21 21:33:22 | 000,005,276 | ---- | C] () -- C:\Users\Silja\AppData\Local\recently-used.xbel [2013/01/13 18:36:31 | 000,299,647 | ---- | C] () -- C:\Users\Silja\Desktop\roskrift clean.zip [2013/01/12 15:01:45 | 000,472,837 | ---- | C] () -- C:\Users\Silja\Desktop\Rechnung Skihelm.jpg [2013/01/06 14:24:42 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2013/01/06 14:24:42 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2012/08/06 13:35:58 | 000,159,830 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2011-2012 Uninstaller.exe [2012/08/06 13:30:11 | 000,159,318 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2009-2010 Uninstaller.exe [2012/08/06 13:21:35 | 000,159,440 | ---- | C] () -- C:\Windows\Der Geographie-Pool 2010-2011 Uninstaller.exe [2011/11/14 10:37:48 | 000,000,077 | ---- | C] () -- C:\Windows\GEOPOOL11.ini [2011/10/30 19:08:27 | 000,000,077 | ---- | C] () -- C:\Users\Silja\.gtk-bookmarks [2011/08/07 18:03:58 | 000,092,240 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/08/07 18:03:58 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/08/07 18:03:58 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/08/07 18:03:58 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/08/07 18:03:58 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/08/07 18:03:58 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/08/07 18:03:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/08/07 18:03:58 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/08/07 18:03:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/08/07 18:03:58 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/08/07 18:03:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/08/07 18:03:58 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011/08/07 18:03:58 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011/08/07 18:03:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/08/07 18:03:58 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/08/07 18:00:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini [2011/07/01 11:11:48 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/07/01 11:11:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/07/01 11:11:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/07/01 11:11:48 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/07/01 11:11:47 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/15 06:37:26 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/01/25 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\46developments [2011/08/07 09:31:25 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AIS Connect [2012/06/26 08:41:28 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\AnvSoft [2011/08/20 09:26:19 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canneverbe Limited [2012/03/13 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Canon [2013/02/02 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Dropbox [2012/10/08 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\DVDVideoSoft [2012/02/23 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\elsterformular [2012/06/03 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\FileZilla [2011/08/04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Fujitsu [2012/04/21 07:36:04 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\gtk-2.0 [2012/05/19 07:58:13 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\IrfanView [2012/12/09 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\JAM Software [2012/10/08 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Publish Providers [2011/11/27 11:13:11 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Smart PDF Converter Pro [2013/02/02 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\SoftGrid Client [2012/10/08 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Sony [2011/08/06 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\TP [2011/08/06 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Silja\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-02 19:35:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Silja\AppData\Local\Temp\uwtoypow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ? C:\Windows\system32\mssprxy.dll [2724] entry point in ".rdata" section 00000000703f71e6 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077926f80 5 bytes JMP 00000001714dbcb0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3256] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077927070 5 bytes JMP 00000001714dbb90 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075fb1401 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075fb1419 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075fb1431 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075fb144a 2 bytes [FB, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075fb14dd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075fb14f5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075fb150d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075fb1525 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075fb153d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075fb1555 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075fb156d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075fb1585 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075fb159d 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075fb15b5 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075fb15cd 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075fb16b2 2 bytes [FB, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075fb16bd 2 bytes [FB, 75] ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde899ee1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde899ee1 (not active ControlSet) ---- EOF - GMER 2.0 ---- Vielen Dank für eure Hilfe |
hi poste die Mcafee Meldung(en) danke. öffne Malwarebytes, Logdateien, poste Berichte mit Funden |
Liste der Anhänge anzeigen (Anzahl: 1) Malwarebytes zeigt in der Logdatei keine Funde an. Der McAfeefund ist im Anhang. Danke sehr. |
mcafee fund als text posten bitte, danke. |
Wie bekomme ich das als Text bzw. logfile ? Der Sicherheitsverlauf von Mc Afee Total Protection öffnet sich unter McAfee nur als Fenster aus dem ich nichts kopieren kann? |
Dann abtippen, nutze das Programm nicht. |
Name der Bedrohung: BackDoor-FAJX (Trojaner) Datei: C:\Users\Silja\AppData\Local\Microsoft Live Mail\Gmx(silja.578\Deleted Items\7CD5646A-00001BB6.eml 29.1.2013, 21:07:33 Bitte. Danke |
hi lösche im Windows live mail alle unnötigen mails, leere den Papierkorb. Wenn du Spams bekommst, hätte ich, wenn es nicht zu viel Mühe macht, diese immer gern zur analyse, wie das geht, steht in meiner Signatur. hätte trotzdem gern das letzte Malwarebytes log gesehen, danke |
Code: Malwarebytes Anti-Malware 1.70.0.1100Was ist jetzt eigentlich mit dem defogger muss ich da noch was re-enable mäßig machen ? |
noch nicht. hast du unnötige Mails gelöscht und den Papierkorb geleert? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten |
ja habe gelöscht und geleert. Code: 19:49:34.0416 4952 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 |
hi Combofix: Scan mit Combofix
|
okay bin dran |
lass ihn ne weile laufen |
Code: ComboFix 13-02-03.03 - Silja 05.02.2013 18:28:19.1.4 - x64 |
passt lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. |
Code: Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 unbekannt |
deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: CDBurnerXP ConvertHelper CyberLink FileZilla IrfanView Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Microsoft Security Essentials Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
Code: # AdwCleaner v2.111 - Datei am 06/02/2013 um 15:05:25 erstellt |
Teste bitte, wie PC + Programme wie Browser laufen. |
Hallo Markus, die ersten Tests laufen sehr gut. Programme laufen fehlerfrei was ich bis dato so ausprobiert habe. |
gut zu hören. Sollte das so bleiben. Öffne OTL, bereinigen, PC startet neu, Remover werden gelöscht. Lösche übrig gebliebene Remover, Logs, Setups, leere den Papierkorb. PC absichern: die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten |
Hallo Markus, ich würde gerne weiter den Mozilla Firefox nutzen wenn nicht zu viel dagegen spricht. |
Hi du solltest dir den chrome mal ansehen, bietet noch einige Sicherheitsfeatures mehr als der FF und sollte schneller sein, meckern kann man ja immernoch :-) adblock für chrome: http://filepony.de/download-adblock_chrome/ damit sollte das leben werbefreier von statten gehen. ghostery um tracking zu verhindern: http://filepony.de/download-ghostery_chrome/ HTTPS Everywhere https://chrome.google.com/webstore/d...jekcdonpmejbdp wählt, wenn möglich, eine sichere Verbindung sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online |
Hallo Markus, kann ich irgendwie meine Lesezeichen in chrome übertragen? Was ist mit defogger, re-enablen ? Sollen die Unmengen von Programmen die ich runtergeladen habe auf meinen Pc bleiben? Danke für deine hervorragende Hilfe, die Erfolge sind sehr deutlich. Grüße Gregor |
hi, ich hab ja gesagt, in otl auf bereinigen dann sollte das meiste gelöscht werden, den Rest selbst löschen, im defogger auf enable is ok. lesezeichen importieren: Lesezeichen importieren oder exportieren - Google Chrome-Hilfe chrome konfig: adblock für chrome: http://filepony.de/download-adblock_chrome/ damit sollte das leben werbefreier von statten gehen. ghostery um tracking zu verhindern: http://filepony.de/download-ghostery_chrome/ HTTPS Everywhere https://chrome.google.com/webstore/d...jekcdonpmejbdp wählt, wenn möglich, eine sichere Verbindung sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online |
okay, das sollte alles sein. Bin ich nun safe? Vielen Dank für deine Hilfe. Grüße Gregor |
hi ich möchte erst mal anhand einer checkliste prüfen ob du alles hast. - instalieren von optionalen und wichtigen updates. - konfigurieren von windows updates. - dep für alle prozesse aktivieren. - sehop aktivieren. - chrome instalieren. - sandboxie instalieren. - autorun deaktivieren. - panda vaccine instalieren. - secunia instalieren. - file hippo instalieren. beachte: secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch. - backup software instalieren, backup und rettungsdvd erstellen. hier ne kurze anleitung: Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT - wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen. - passwort manager instaliert. |
Zitat:
|
sandboxie und firefox. trag anstelle der chrome.exe firefox.exe plugin-container.exe ein bei anwendung, webbrowser, firefox alle Freigaben, außer gesammten profilordner. panda vaccine ist hier: http://www.trojaner-board.de/96344-a...-rechners.html zu finden. Hinweisen öchte ich, falls dir unsere Arbeit zugesagt hatt, auf die Möglichkeit zu spenden, das Geld wird genutzt, um den Server zu bezahlen, somit können wir unsere Arbeit hier vortsetzen. |
Alles klar, vielen vielen Dank. |
kein Problem, schönes we. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:57 Uhr. |
Copyright ©2000-2025, Trojaner-Board
WARNUNG an die MITLESER: