Gregor259 | 17.01.2015 17:07 | Windows 8 mit Power 8 Startmenü Ersatz : Laptop lüftet permanent extrem laut, Office Programme insbes. word agieren verzögert auf Eingaben Liste der Anhänge anzeigen (Anzahl: 1) Hallo zusammen,
wie beschrieben , besagter Laptop Windows 8 mit Power 8 Startmenü Ersatz lüftet vom einschalten bis zum ausschalten permanent sehr laut, dies war noch vor einiger Zeit nicht so.
Desweiteren verzögert sich die Buchstaben- oder Leerzeicheneingabe in Word immer häufiger und immer länger. Dieses Problem kam aber erst später hinzu.
Vielen Dank vorab.
Gruß Gregor Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by xxx at 2015-01-17 16:11:15
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anytime USB Charge Utility (HKLM-x32\...\InstallShield_{A794229E-401E-44D4-A8B5-B21E975676DE}) (Version: 3.0.0.0 - FUJITSU LIMITED)
Anytime USB Charge Utility (Version: 3.0.0.0 - FUJITSU LIMITED) Hidden
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5505.02 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fujitsu BIOS Driver (HKLM-x32\...\InstallShield_{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.1.1.0 - FUJITSU LIMITED)
Fujitsu BIOS Driver (Version: 1.1.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.0.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.6.0.0 - FUJITSU LIMITED) Hidden
Function Manager (HKLM-x32\...\InstallShield_{20CA9527-15AD-4D95-815B-414BD1CF1A44}) (Version: 1.0.0.0 - FUJITSU LIMITED)
Function Manager (Version: 1.0.0.0 - FUJITSU LIMITED) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5586ea81-c047-4609-b47a-4bad18347b44}) (Version: 16.5.0 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.3.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.5.3.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MasterTool - Autorensystem (HKLM-x32\...\MasterTool - Autorensystem_is1) (Version: - Thomas Gottfried EDV)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Graphics Driver 326.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.83 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
Pfadfinder 2.0 (HKLM-x32\...\{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}) (Version: 1.0.1 - Bildungshaus Schulbuchverlage GmbH, Braunschweig)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.1.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 7.1.001 - FUJITSU LIMITED) Hidden
Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Pointing Device Utility (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 143.0.0.0 (00.002) - FUJITSU LIMITED)
Power Saving Utility (Version: 143.0.0.0 - FUJITSU LIMITED) Hidden
Power8 (HKLM-x32\...\{AEE2067B-73CC-4322-AF5A-1DA86E448E26}) (Version: 1.4.4.628 - Power8 team)
Prisma Biologie multimedial 2 (HKLM-x32\...\{8C373203-590D-4147-AEB7-0853CF06D1FA}) (Version: 1.00.0000 - Ernst Klett Verlag)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Rund um (2.0) ... Seydlitz Erdkunde 1 RP (HKLM-x32\...\{684C156A-CB4E-4183-AE0F-39113A042B3C}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System (06/26/2013 1.23) (HKLM\...\068FEFD9ECB0E04D17792AACEDA1D0A43CD7F82C) (Version: 06/26/2013 1.23 - FUJITSU LIMITED)
Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System (07/02/2013 1.30.1.0) (HKLM\...\39B67640DB636F6D78D660BE574C0C5DC39D08CF) (Version: 07/02/2013 1.30.1.0 - FUJITSU LIMITED)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wireless Radio Switch Driver (HKLM-x32\...\InstallShield_{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 1.1.0.0 - FUJITSU LIMITED)
Wireless Radio Switch Driver (Version: 1.1.0.0 - FUJITSU LIMITED) Hidden
Yahoo Community Smartbar (HKLM-x32\...\{C9AC6061-68A8-475E-B75E-E59C35AF0972}) (Version: 11.123.66.20439 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3485260420-1742902342-1236973085-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-12-2014 21:04:07 Windows Update
13-01-2015 19:51:21 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0661698F-C364-4C8D-868B-13CAA8C551D2} - System32\Tasks\Fujitsu\PointingDeviceUtility\ToggleIPD => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)
Task: {0802000F-AADA-4BBC-B7E6-B5368F6393CB} - System32\Tasks\Fujitsu\StatusPanelSwitch\PressHoldButton => C:\Program Files\Fujitsu\StatusPanelSwitch\PressHoldButton.exe [2013-08-28] (FUJITSU LIMITED)
Task: {0FFEEEF1-7957-40B7-BB45-FD2AADBB5895} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1512087F-A33A-424D-9D4D-C75EAEE4A60C} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {1647B64D-1C13-4D54-A8DE-B94699609761} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1832924F-DC1B-40F4-A924-ADF4CFCF2D76} - System32\Tasks\Fujitsu\StatusPanelSwitch\ShowDialogToRestartSuspendPrevention => C:\Program Files\Fujitsu\StatusPanelSwitch\StatusPanelSwitch.exe [2013-08-28] (FUJITSU LIMITED)
Task: {2029761D-5FB6-4158-937A-A2B62A00C101} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndSetWakeupSetting => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {25AAA002-521C-4D01-9E55-DAD95C52C6E9} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {25D7BFA3-A4F0-4D88-939B-94FE70EE43E4} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupNow => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {2D8E1FE4-2575-471F-B210-482145D850CF} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeup => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {2E6BA0CB-D9C7-4F75-9B2B-8EAE50283768} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetDriverIfFuj02b1DisableOnLogon => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)
Task: {3594AEEC-8AC8-41F7-A9F5-8104ED0F7B95} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {3C26C1A5-2916-4C65-803B-C078A2310ECD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {3C75A4FB-BAA1-4936-BBB3-58E5B662C235} - System32\Tasks\Fujitsu\StatusPanelSwitch\RestartScreenSaverPrevention => C:\Program Files\Fujitsu\StatusPanelSwitch\DeviceEngine\RestartScreenSaverPrevention.exe [2013-08-28] (FUJITSU LIMITED)
Task: {482FD1D2-001D-4C85-94AD-C95704244C1F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {575A2DFC-2CEC-4EBD-B4A1-8A7E06AD58FC} - System32\Tasks\Fujitsu\Power Saving Utility\Fujitsu Power Saving Utility => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [2013-08-23] (FUJITSU LIMITED)
Task: {5EFAA160-5E25-4E09-91C1-BAA14277F62A} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {6B257876-1795-401D-A832-FD6015F53375} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {6B4A8139-6CDE-403E-B003-AF648F5B7371} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {6B701E75-82DF-47D6-B913-743C5B953005} - System32\Tasks\Fujitsu\ApplicationPanel\DisableBtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {73B96FF1-C71E-4B3A-AA61-7321C3652785} - System32\Tasks\Fujitsu\StatusPanelSwitch\NotifyOfCradleStatusChange => C:\Program Files\Fujitsu\StatusPanelSwitch\ExecuteAdjustCradleMode.exe [2013-08-28] (FUJITSU LIMITED)
Task: {7AB6F121-5A61-4027-A251-4E3D8330F846} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {826DAD24-C2C2-423E-8F9C-5C8B57EC8661} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetShowNotificationOn => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)
Task: {8526E19D-5E7D-4C48-8A6D-D7FEA3C9D35E} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {88EA3E65-B8C2-4D3E-88E2-717C3BD1A51F} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartBtnHndHKB => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {8F512C33-DAE8-427A-A831-764877386F02} - System32\Tasks\{276B8DB6-37E6-4A9A-8B08-A5A386C065F5} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
Task: {96CD651B-0CE0-46AB-B720-5BB809179EE2} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {A244DD8F-10EA-475F-98BE-14AE08FCF5FB} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeupBySwitch => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {A9592091-2245-41DF-A4CD-71785EC540AF} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {B7D24ADF-6EDD-4EB6-BFF5-E5EAC316A5D5} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {BEAF604C-63E4-4CB9-AD71-E3E6207461C3} - System32\Tasks\Fujitsu\StatusPanelSwitch\StopSuspendPrevention => C:\Program Files\Fujitsu\StatusPanelSwitch\DeviceEngine\StopSuspendPrevention.exe [2013-08-28] (FUJITSU LIMITED)
Task: {D82D8D45-2360-4D24-A472-7A645C64DC17} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {E23E6697-DB59-43DE-8419-7407A982B717} - System32\Tasks\Fujitsu\StatusPanelSwitch\StopPopupPrevention => C:\Program Files\Fujitsu\StatusPanelSwitch\DeviceEngine\StopPopupPrevention.exe [2013-08-28] (FUJITSU LIMITED)
Task: {EA5C9758-2775-4131-BE3E-01D368979A67} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetShowNotificationOff => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)
Task: {ED8B9896-56BB-4485-8D78-AC37BFEE2ACB} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {F8219EA3-AAC5-4035-A673-67D60B9C61DE} - \ASP No Task File <==== ATTENTION
Task: {F89C225A-5CAE-4A52-B793-53C802C94F43} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-09-02] (Fujitsu Technology Solutions)
Task: {FA412CD7-569D-4CED-A407-BEE835D67A31} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: {FB451642-2A6C-4737-932F-B1CD40D4EC93} - System32\Tasks\{C63379A9-2EDD-4F4B-9688-603443F9A91A} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {FC12BFB3-A2F7-4983-8145-12BFCC98852A} - System32\Tasks\{7CE04745-11CA-4E20-A1EA-083F59730B5D} => pcalua.exe -a C:\Users\Silja\Downloads\HLD1.1_DE.exe -d C:\Users\Silja\Downloads
Task: {FD953A08-7729-48B7-AC06-6167E4F2BE7D} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\xxx\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3485260420-1742902342-1236973085-500 - Administrator - Disabled)
Gast (S-1-5-21-3485260420-1742902342-1236973085-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3485260420-1742902342-1236973085-1004 - Limited - Enabled)
xxx (S-1-5-21-3485260420-1742902342-1236973085-1002 - Administrator - Enabled) => C:\Users\xxx
UpdatusUser (S-1-5-21-3485260420-1742902342-1236973085-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/17/2015 03:54:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0b7a7dd7-b9cd-40dd-b146-83a92b70003a}
Error: (01/15/2015 10:00:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {190633e3-620f-47b6-9667-406b7443c84b}
Error: (01/15/2015 06:21:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {42fee12e-7029-4df1-b2a3-7b9e2b605356}
Error: (01/09/2015 07:36:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {bd4b9681-5c6b-42cc-87e2-58279ba5a60e}
Error: (01/09/2015 07:34:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x51f6dc00
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x51f6dacd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5
Error: (01/09/2015 04:53:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1964
Startzeit: 01d02c23a4b683fa
Endzeit: 4294967295
Anwendungspfad: C:\windows\syswow64\wwahost.exe
Berichts-ID: 989defa5-9817-11e4-82ef-0c8bfd81889f
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/09/2015 04:05:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1078
Startzeit: 01d02c1ceb987f3c
Endzeit: 4294967295
Anwendungspfad: C:\windows\syswow64\wwahost.exe
Berichts-ID: e137e9fe-9810-11e4-82ef-0c8bfd81889f
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/09/2015 03:35:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {fcdfa820-e16b-4e0d-9561-bdeabd318227}
Error: (01/09/2015 03:31:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x51f6dc00
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x51f6dacd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5
Error: (01/06/2015 11:56:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e1f963a7-85b4-41f0-b39d-2af2119af1ee}
System errors:
=============
Error: (01/17/2015 04:08:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:08:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:08:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:08:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:04:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/17/2015 04:04:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (01/17/2015 03:54:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0b7a7dd7-b9cd-40dd-b146-83a92b70003a}
Error: (01/15/2015 10:00:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {190633e3-620f-47b6-9667-406b7443c84b}
Error: (01/15/2015 06:21:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {42fee12e-7029-4df1-b2a3-7b9e2b605356}
Error: (01/09/2015 07:36:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {bd4b9681-5c6b-42cc-87e2-58279ba5a60e}
Error: (01/09/2015 07:34:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.5.0.051f6dc00MurocApi.dll16.5.0.051f6dacdc0000005000000000002bcd881801d02c3a8d0319f1C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll1520fa0a-982e-11e4-82f0-0c8bfd81889f
Error: (01/09/2015 04:53:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031196401d02c23a4b683fa4294967295C:\windows\syswow64\wwahost.exe989defa5-9817-11e4-82ef-0c8bfd81889fMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (01/09/2015 04:05:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031107801d02c1ceb987f3c4294967295C:\windows\syswow64\wwahost.exee137e9fe-9810-11e4-82ef-0c8bfd81889fMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (01/09/2015 03:35:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {fcdfa820-e16b-4e0d-9561-bdeabd318227}
Error: (01/09/2015 03:31:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.5.0.051f6dc00MurocApi.dll16.5.0.051f6dacdc0000005000000000002bcd884401d02c18c934a6b5C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll3c9a53e2-980c-11e4-82ef-0c8bfd81889f
Error: (01/06/2015 11:56:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e1f963a7-85b4-41f0-b39d-2af2119af1ee}
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8099.71 MB
Available physical RAM: 6116.06 MB
Total Pagefile: 9379.71 MB
Available Pagefile: 7402.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:458.08 GB) (Free:360.14 GB) NTFS
Drive d: (Daten) (Fixed) (Total:456.3 GB) (Free:419.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Silja (administrator) on SILJASLAPTOP on 17-01-2015 16:09:08
Running from C:\Users\xxx\Downloads
Loaded Profiles: UpdatusUser & xxx (Available profiles: UpdatusUser & xxx)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\PSUtility\TrayManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Power8 Team) C:\Program Files (x86)\Power8 team\Power8\Power8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Dropbox, Inc.) C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\FUJITSU\Plugfree NETWORK\PFNTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-23] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-09-02] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\...\Run: [Power8] => C:\Program Files (x86)\Power8 team\Power8\Power8.exe [326656 2013-09-12] (Power8 Team)
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52013;https=127.0.0.1:52013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3485260420-1742902342-1236973085-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fujitsu13.msn.com/?pc=FSJB
HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-3485260420-1742902342-1236973085-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\uln8fnfw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3485260420-1742902342-1236973085-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\xxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\uln8fnfw.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-31]
FF Extension: EPUBReader - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\uln8fnfw.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-13]
FF Extension: Video Downloader professional - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\uln8fnfw.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-05-18]
FF Extension: Pin It Button - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\uln8fnfw.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-06]
FF HKU\S-1-5-21-3485260420-1742902342-1236973085-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [74448 2013-07-18] (FUJITSU LIMITED)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2013-07-12] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\FUJITSU\PSUtility\PSUService.exe [51608 2013-08-19] (FUJITSU LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [20176 2013-08-09] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [15696 2013-08-12] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [21200 2013-08-12] (FUJITSU LIMITED)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-09-11] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 16:09 - 2015-01-17 16:10 - 00020383 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-01-17 16:08 - 2015-01-17 16:09 - 00000000 ____D () C:\FRST
2015-01-17 16:08 - 2015-01-17 16:08 - 02125824 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2015-01-17 16:06 - 2015-01-17 16:06 - 01117696 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2015-01-17 16:05 - 2015-01-17 16:05 - 00000472 _____ () C:\Users\xxx\Desktop\defogger_disable.log
2015-01-17 16:05 - 2015-01-17 16:05 - 00000000 _____ () C:\Users\xxx\defogger_reenable
2015-01-17 16:04 - 2015-01-17 16:04 - 00050477 _____ () C:\Users\xxx\Desktop\Defogger.exe
2015-01-15 18:19 - 2015-01-17 15:52 - 00000348 _____ () C:\windows\setupact.log
2015-01-15 18:19 - 2015-01-15 21:55 - 00327570 _____ () C:\windows\PFRO.log
2015-01-15 18:19 - 2015-01-15 18:19 - 00000000 _____ () C:\windows\setuperr.log
2015-01-14 19:20 - 2015-01-14 19:20 - 05317104 _____ (Piriform Ltd) C:\Users\xxx\Downloads\ccsetup501.exe
2015-01-13 20:22 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 20:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 20:22 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-13 20:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-13 20:22 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-13 20:22 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-13 20:22 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-13 20:22 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 20:22 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-13 20:22 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-13 20:22 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-13 20:22 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-13 20:22 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-13 20:22 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-13 20:22 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-13 20:22 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-13 20:22 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-13 20:22 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-13 20:22 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-13 20:22 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-13 20:22 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-13 20:22 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-13 20:22 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-13 20:22 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-13 20:22 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 19:10 - 2015-01-13 19:10 - 04877488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-08 20:44 - 2015-01-15 19:04 - 00048640 ___SH () C:\Users\xxx\Desktop\Thumbs.db
2014-12-26 19:34 - 2014-12-26 19:34 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 21:39 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-12-19 21:39 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-12-19 21:23 - 2014-09-11 14:33 - 00076064 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
2014-12-19 21:23 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 16:10 - 2013-12-06 22:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 16:07 - 2013-12-06 18:59 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3485260420-1742902342-1236973085-1002
2015-01-17 16:05 - 2013-12-06 18:53 - 00000000 ____D () C:\Users\xxx
2015-01-17 16:01 - 2013-12-06 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-17 16:00 - 2013-12-06 22:55 - 00000000 ___DO () C:\Users\xxx\SkyDrive
2015-01-17 16:00 - 2013-12-06 22:47 - 00000000 ___RD () C:\Users\xxx\Dropbox
2015-01-17 16:00 - 2013-12-06 22:43 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Dropbox
2015-01-17 16:00 - 2013-12-06 22:26 - 00000000 __RSD () C:\Users\xxx\Documents\McAfee-Tresore
2015-01-17 16:00 - 2013-12-06 18:55 - 00000000 ____D () C:\Users\xxx\Documents\Youcam
2015-01-17 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-17 15:52 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 21:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-01-16 19:03 - 2013-12-06 19:03 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{DDB8DAE0-9D71-4228-B790-2A9D7AA62445}
2015-01-16 16:54 - 2013-09-10 07:12 - 00765582 _____ () C:\windows\system32\perfh007.dat
2015-01-16 16:54 - 2013-09-10 07:12 - 00159366 _____ () C:\windows\system32\perfc007.dat
2015-01-16 16:54 - 2013-09-02 08:32 - 01776918 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-16 14:58 - 2014-12-08 20:42 - 01762548 _____ () C:\windows\WindowsUpdate.log
2015-01-16 14:44 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-14 19:41 - 2013-12-15 16:34 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 19:39 - 2013-12-15 16:34 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 19:21 - 2013-12-26 21:26 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 19:07 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-14 18:42 - 2014-07-13 12:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 20:19 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-01-13 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-13 19:10 - 2013-12-06 22:33 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 19:09 - 2013-09-10 14:53 - 00000000 ____D () C:\windows\System32\Tasks\Fujitsu
2015-01-09 15:35 - 2014-11-12 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-08 19:46 - 2013-12-06 21:29 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 01:08 - 2014-11-14 17:56 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-11-14 17:56 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 13:10 - 2014-09-01 17:12 - 00000000 ____D () C:\Users\xxx\Desktop\Fotos Ebay Kleinanzeigen
2014-12-21 21:15 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2014-12-21 21:15 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2014-12-19 21:22 - 2013-12-06 22:18 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-19 21:22 - 2013-08-22 16:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-12-19 21:21 - 2013-09-10 14:54 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-19 21:09 - 2013-12-06 22:47 - 00001079 _____ () C:\Users\xxx\Desktop\Dropbox.lnk
2014-12-19 21:09 - 2013-12-06 22:46 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2014-09-29 20:28 - 2014-09-29 20:28 - 0007052 _____ () C:\Users\xxx\AppData\Local\recently-used.xbel
2013-09-10 14:44 - 2013-09-10 14:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt1edik.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-08 21:39
==================== End Of Log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-17 16:29:44
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MQ01ABD100 rev.AX002K 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Silja\AppData\Local\Temp\uxtdrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\nvvsvc.exe[1040] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\nvvsvc.exe[1040] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\nvvsvc.exe[1040] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\nvvsvc.exe[1040] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\WLANExt.exe[1372] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\WLANExt.exe[1372] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\WLANExt.exe[1372] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\WLANExt.exe[1372] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\windows\System32\spoolsv.exe[1580] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\System32\spoolsv.exe[1580] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\System32\spoolsv.exe[1580] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\System32\spoolsv.exe[1580] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fffa89c1f6a 4 bytes [9C, A8, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1912] C:\windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fffa89c1f82 4 bytes [9C, A8, FF, 7F]
.text C:\windows\system32\mfevtps.exe[1240] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\mfevtps.exe[1240] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\mfevtps.exe[1240] C:\windows\system32\psapi.dll!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\mfevtps.exe[1240] C:\windows\system32\psapi.dll!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2096] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2096] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2096] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2096] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2168] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2168] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2168] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2168] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\wbem\wmiprvse.exe[2336] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\wbem\wmiprvse.exe[2336] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\wbem\wmiprvse.exe[2336] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\wbem\wmiprvse.exe[2336] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2480] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2480] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2480] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2480] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2620] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2620] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2620] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2620] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3644] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3644] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3644] C:\windows\system32\psapi.dll!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe[3644] C:\windows\system32\psapi.dll!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[2780] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[2780] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[2780] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[2780] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3616] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3616] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3616] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3616] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\windows\system32\svchost.exe[3932] C:\windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fffa89c1f6a 4 bytes [9C, A8, FF, 7F]
.text C:\windows\system32\svchost.exe[3932] C:\windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fffa89c1f82 4 bytes [9C, A8, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4884] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4884] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4884] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4884] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\windows\Explorer.EXE[4232] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\windows\Explorer.EXE[4232] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\windows\Explorer.EXE[4232] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\windows\Explorer.EXE[4232] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1784] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1784] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1784] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1784] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fffa89c1f6a 4 bytes [9C, A8, FF, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[6316] C:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fffa89c1f82 4 bytes [9C, A8, FF, 7F]
.text C:\Program Files (x86)\Power8 team\Power8\Power8.exe[6344] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\Power8 team\Power8\Power8.exe[6344] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\Power8 team\Power8\Power8.exe[6344] C:\windows\system32\psapi.dll!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files (x86)\Power8 team\Power8\Power8.exe[6344] C:\windows\system32\psapi.dll!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6548] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007fffb481169a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6548] C:\windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007fffb48116a2 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6548] C:\windows\system32\psapi.dll!QueryWorkingSet + 118 00007fffb481181a 4 bytes [81, B4, FF, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[6548] C:\windows\system32\psapi.dll!QueryWorkingSet + 142 00007fffb4811832 4 bytes [81, B4, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [812:836] fffff96000895b90
Thread C:\Windows\System32\SettingSyncHost.exe [6404:6476] 00007fff9fb26da0
---- Processes - GMER 2.1 ----
Process C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006e320000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006e020000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006dc30000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636](2014-10-22 00:22:50) 000000006db70000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004260000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\silja\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt1edik.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636](2015-01-17 15:00:12) 0000000003d00000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006d690000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006c6a0000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006c480000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000006c220000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000744d0000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636](2014-10-22 00:22:50) 000000006c210000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006c1e0000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006c1a0000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006c150000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636](2014-10-22 00:22:48) 000000006c070000
Library C:\Users\Silja\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe [6636](2014-10-22 00:22:46) 000000006c030000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:05 on 17/01/2015 (Silja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Code:
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2015-01-14T18:42:48.685927+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxx" fromVersion="2014.12.8.1" last_modified_tag="50e1419b-7ecd-4582-a71a-8ebd523e588e" name="Rootkit Database" toVersion="2015.1.7.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-01-14T18:42:56.295367+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxP" fromVersion="2014.12.8.8" last_modified_tag="bdc9fb2b-ded0-4908-b3b6-c665b34e8029" name="Malware Database" toVersion="2015.1.14.8"></record>
</logs> Code:
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:23:21.130686+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2013.10.16.1" last_modified_tag="ca19740e-9de5-4633-9173-991a85200d1d" name="Remediation Database" toVersion="2014.12.6.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:23:21.161936+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.11.12.1" last_modified_tag="9ca292ec-4a93-4d3e-b293-ce6cd8a0f77c" name="Rootkit Database" toVersion="2014.12.8.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:23:31.805784+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.11.13.6" last_modified_tag="dfb74d04-6e88-48a4-a780-5435b0906f92" name="Malware Database" toVersion="2014.12.8.8"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:24:10.702497+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2.0.3.1025" last_modified_tag="614befbd-3db9-4891-8a0c-958c6d7c8cfd" name="program" toVersion="2.0.4.1028"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:25:21.017661+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.11.18.1" last_modified_tag="ffc5a0f0-6a6d-4692-8e56-55a006d4503f" name="Rootkit Database" toVersion="2014.12.8.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:25:21.439540+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2013.10.16.1" last_modified_tag="473c2374-b0a0-43f9-84a5-821d70473eb9" name="Remediation Database" toVersion="2014.12.6.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T20:25:31.102411+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.11.20.6" last_modified_tag="cf951687-341e-4386-a0a4-a0557cbadfce" name="Malware Database" toVersion="2014.12.8.8"></record>
</logs> Code:
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2014-11-13T17:41:02.696668+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.8.21.1" last_modified_tag="f0d2b32f-0dc0-4700-96b1-757632a4c685" name="Rootkit Database" toVersion="2014.11.12.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-11-13T17:41:21.371095+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.8.23.1" last_modified_tag="9f0dab42-d732-40e9-91d0-6df176a8a9fc" name="Malware Database" toVersion="2014.11.13.6"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-11-13T17:41:32.246203+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2.0.2.1012" last_modified_tag="4204491d-1c13-44ff-a222-4cc03b4d292c" name="program" toVersion="2.0.3.1025"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-11-13T17:42:48.948858+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.9.18.1" last_modified_tag="9a38e79d-590b-4b6f-9df3-1fc3a9c743c0" name="Rootkit Database" toVersion="2014.11.12.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-11-13T17:42:57.870814+01:00" source="Manual" type="Update" username="SYSTEM" systemname="xxxSLAPTOP" fromVersion="2014.9.19.5" last_modified_tag="fffa945b-9697-4932-a93d-2f61d656394a" name="Malware Database" toVersion="2014.11.13.6"></record>
</logs> |