| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Facebook.vbs auf Rechner und USB-StickWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.11.2013, 15:18
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 7: Facebook.vbs auf Rechner und USB-Stick Ok, Windows neustaten und neues Log mit FRST machen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.11.2013, 15:33
| #17 |
 | Windows 7: Facebook.vbs auf Rechner und USB-Stick so neue FRST-Datei
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Jana (administrator) on JANA-PC on 14-11-2013 15:26:45
Running from C:\Users\Jana\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Akamai Technologies, Inc.) C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Akamai Technologies, Inc.) C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Adobe Flash, Media Inc TM.) C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-10-08] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ABBYY Screenshot Reader Bonus] - "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [FlashPlayerPlug_11_4_76_983] - C:\Users\Jana\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe [364032 2013-11-11] (Adobe Flash, Media Inc TM.)
HKCU\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\DOLBY PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\Default User\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
ShortcutTarget: FlashPlayerPlug.lnk -> C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe (Adobe Flash, Media Inc TM.)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe (Adobe Flash, Media Inc TM.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {2C32CC42-F221-41D6-9424-199F427EED9B} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2C32CC42-F221-41D6-9424-199F427EED9B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/ade4dc80c585b082b9aad3bdea6b40a7/proxy.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\toolbar@gmx.net.xpi
FF Extension: gadrm - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-23] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [913408 2009-10-21] (DiBcom)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-14 15:13 - 2013-04-15 04:11 - 00007596 _____ C:\Users\Jana\AppData\Roaming\Facebook.vbs
2013-11-14 15:09 - 2013-11-14 15:10 - 01957794 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe
2013-11-14 14:25 - 2013-11-14 14:25 - 00000155 _____ C:\Users\Jana\Downloads\noautorun.reg
2013-11-14 13:55 - 2013-11-14 13:55 - 00003349 _____ C:\Users\Jana\Downloads\JRT.txt
2013-11-14 13:48 - 2013-11-14 13:48 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 13:46 - 2013-11-14 13:46 - 01034531 _____ (Thisisu) C:\Users\Jana\Desktop\JRT.exe
2013-11-14 13:46 - 2013-11-14 13:46 - 00022698 _____ C:\Users\Jana\Downloads\AdwCleaner[S0].txt
2013-11-14 13:35 - 2013-11-14 13:37 - 00000000 ____D C:\AdwCleaner
2013-11-14 13:33 - 2013-11-14 13:33 - 01085542 _____ C:\Users\Jana\Desktop\adwcleaner.exe
2013-11-14 07:59 - 2013-11-14 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 03:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:07 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 03:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 03:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:07 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:07 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:07 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:07 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 00:35 - 2013-11-14 07:59 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 00:25 - 2013-11-14 08:58 - 00000000 ____D C:\Users\Jana\Desktop\mbar
2013-11-14 00:25 - 2013-11-14 00:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Downloads\mbar-1.07.0.1007.exe
2013-11-14 00:15 - 2013-11-14 07:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 00:15 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1C5F0E2C.sys
2013-11-14 00:12 - 2013-11-14 00:13 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Desktop\mbar-1.07.0.1007.exe
2013-11-13 22:50 - 2013-11-13 22:50 - 00077319 _____ C:\Users\Jana\Downloads\Neues Textdokument.txt
2013-11-13 22:42 - 2013-11-13 22:42 - 00024287 _____ C:\Users\Jana\Downloads\Log Dateien.zip
2013-11-13 22:27 - 2013-11-13 22:27 - 00013279 _____ C:\Users\Jana\Downloads\log.zip
2013-11-13 21:52 - 2013-11-13 21:52 - 00142922 _____ C:\Users\Jana\Downloads\Ereignisse.txt
2013-11-13 21:45 - 2013-11-13 21:45 - 00262144 _____ C:\Windows\Minidump\111313-123100-01.dmp
2013-11-13 21:30 - 2013-11-13 21:30 - 00007841 _____ C:\Users\Jana\Downloads\gmer.txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00377856 _____ C:\Users\Jana\Downloads\loqoi3qj.exe
2013-11-13 21:05 - 2013-11-13 21:05 - 00000540 _____ C:\Users\Jana\Downloads\defogger_disable.log
2013-11-13 21:05 - 2013-11-13 21:05 - 00000168 _____ C:\Users\Jana\defogger_reenable
2013-11-13 21:04 - 2013-11-13 21:04 - 00050477 _____ C:\Users\Jana\Downloads\Defogger.exe
2013-11-13 20:53 - 2013-11-13 21:09 - 00033495 _____ C:\Users\Jana\Downloads\Addition.txt
2013-11-13 20:51 - 2013-11-14 15:26 - 00020170 _____ C:\Users\Jana\Downloads\FRST.txt
2013-11-13 20:51 - 2013-11-14 15:12 - 00000000 ____D C:\FRST
2013-11-13 15:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 15:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 15:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 15:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 15:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 15:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 15:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 15:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 15:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 15:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 15:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 15:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 15:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 15:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 15:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 15:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 15:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 15:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 15:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 15:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 15:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 15:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 15:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 15:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 15:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 15:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 15:14 - 2013-11-13 15:14 - 104010312 _____ C:\Windows\SysWOW64\�€
2013-11-11 22:12 - 2013-11-11 22:12 - 00001526 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-11-11 21:54 - 2013-11-14 07:30 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-11-11 21:54 - 2013-11-11 21:55 - 01793672 _____ (Adobe Systems, Incorporated) C:\Windows\SysWOW64\amtlib.dll
2013-11-11 21:11 - 2013-11-11 21:11 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-11 21:11 - 2013-11-11 21:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 21:10 - 2013-11-11 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 21:10 - 2013-11-11 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 21:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-11 21:09 - 2013-11-11 21:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-11 20:58 - 2013-11-11 20:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\FlashPlayer Install
2013-11-10 16:38 - 2013-11-13 15:26 - 00000000 ____D C:\Users\Jana\Desktop\Design
2013-11-06 12:48 - 2013-11-08 08:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:49 - 2013-11-08 16:14 - 00000000 ____D C:\Users\Jana\Desktop\7.semester
2013-10-23 20:28 - 2013-10-23 20:28 - 102674996 _____ C:\Windows\SysWOW64\죇賳K
2013-10-23 13:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-22 17:56 - 2013-11-13 15:17 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\WPF Toolkit
2013-10-20 22:23 - 2013-10-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-20 22:20 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression
2013-10-15 09:03 - 2013-10-15 15:02 - 101148298 _____ C:\Windows\SysWOW64\⽪쩝›
==================== One Month Modified Files and Folders =======
2013-11-14 15:26 - 2013-11-13 20:51 - 00020170 _____ C:\Users\Jana\Downloads\FRST.txt
2013-11-14 15:26 - 2011-06-09 10:49 - 01729714 _____ C:\Windows\WindowsUpdate.log
2013-11-14 15:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 15:21 - 2009-07-14 05:51 - 00141184 _____ C:\Windows\setupact.log
2013-11-14 15:19 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:19 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:12 - 2013-11-13 20:51 - 00000000 ____D C:\FRST
2013-11-14 15:10 - 2013-11-14 15:09 - 01957794 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe
2013-11-14 15:10 - 2011-08-10 16:51 - 00000000 ___RD C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 15:10 - 2010-11-21 04:47 - 00230488 _____ C:\Windows\PFRO.log
2013-11-14 14:44 - 2012-04-18 08:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 14:25 - 2013-11-14 14:25 - 00000155 _____ C:\Users\Jana\Downloads\noautorun.reg
2013-11-14 14:19 - 2011-08-11 21:39 - 00000000 ____D C:\Users\Jana\Documents\FH Emden
2013-11-14 13:55 - 2013-11-14 13:55 - 00003349 _____ C:\Users\Jana\Downloads\JRT.txt
2013-11-14 13:48 - 2013-11-14 13:48 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 13:46 - 2013-11-14 13:46 - 01034531 _____ (Thisisu) C:\Users\Jana\Desktop\JRT.exe
2013-11-14 13:46 - 2013-11-14 13:46 - 00022698 _____ C:\Users\Jana\Downloads\AdwCleaner[S0].txt
2013-11-14 13:37 - 2013-11-14 13:35 - 00000000 ____D C:\AdwCleaner
2013-11-14 13:37 - 2011-08-10 16:51 - 00000000 ____D C:\Users\Jana
2013-11-14 13:33 - 2013-11-14 13:33 - 01085542 _____ C:\Users\Jana\Desktop\adwcleaner.exe
2013-11-14 08:58 - 2013-11-14 07:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 08:58 - 2013-11-14 00:25 - 00000000 ____D C:\Users\Jana\Desktop\mbar
2013-11-14 07:59 - 2013-11-14 00:35 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 07:59 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 07:30 - 2013-11-11 21:54 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-11-14 04:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:06 - 2011-08-12 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:05 - 2013-08-20 08:50 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:03 - 2011-08-25 11:25 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 00:25 - 2013-11-14 00:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Downloads\mbar-1.07.0.1007.exe
2013-11-14 00:15 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1C5F0E2C.sys
2013-11-14 00:13 - 2013-11-14 00:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Desktop\mbar-1.07.0.1007.exe
2013-11-13 22:50 - 2013-11-13 22:50 - 00077319 _____ C:\Users\Jana\Downloads\Neues Textdokument.txt
2013-11-13 22:42 - 2013-11-13 22:42 - 00024287 _____ C:\Users\Jana\Downloads\Log Dateien.zip
2013-11-13 22:27 - 2013-11-13 22:27 - 00013279 _____ C:\Users\Jana\Downloads\log.zip
2013-11-13 21:52 - 2013-11-13 21:52 - 00142922 _____ C:\Users\Jana\Downloads\Ereignisse.txt
2013-11-13 21:45 - 2013-11-13 21:45 - 00262144 _____ C:\Windows\Minidump\111313-123100-01.dmp
2013-11-13 21:45 - 2013-09-04 19:34 - 00000000 ____D C:\Windows\Minidump
2013-11-13 21:45 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 21:45 - 2009-07-14 05:45 - 05068392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-13 21:44 - 2013-09-04 19:34 - 820709658 _____ C:\Windows\MEMORY.DMP
2013-11-13 21:30 - 2013-11-13 21:30 - 00007841 _____ C:\Users\Jana\Downloads\gmer.txt
2013-11-13 21:09 - 2013-11-13 20:53 - 00033495 _____ C:\Users\Jana\Downloads\Addition.txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00377856 _____ C:\Users\Jana\Downloads\loqoi3qj.exe
2013-11-13 21:05 - 2013-11-13 21:05 - 00000540 _____ C:\Users\Jana\Downloads\defogger_disable.log
2013-11-13 21:05 - 2013-11-13 21:05 - 00000168 _____ C:\Users\Jana\defogger_reenable
2013-11-13 21:04 - 2013-11-13 21:04 - 00050477 _____ C:\Users\Jana\Downloads\Defogger.exe
2013-11-13 20:42 - 2011-06-09 20:41 - 03617538 _____ C:\Windows\system32\perfh007.dat
2013-11-13 20:42 - 2011-06-09 20:41 - 01120428 _____ C:\Windows\system32\perfc007.dat
2013-11-13 20:42 - 2009-07-14 06:13 - 00006686 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 15:26 - 2013-11-10 16:38 - 00000000 ____D C:\Users\Jana\Desktop\Design
2013-11-13 15:17 - 2013-10-22 17:56 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-13 15:17 - 2013-02-18 18:55 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 104010312 _____ C:\Windows\SysWOW64\�€
2013-11-11 22:28 - 2011-08-10 16:51 - 00117080 _____ C:\Users\Jana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 22:21 - 2011-04-06 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-11 22:20 - 2012-12-02 10:45 - 00000000 ____D C:\Program Files\Adobe
2013-11-11 22:12 - 2013-11-11 22:12 - 00001526 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-11-11 21:55 - 2013-11-11 21:54 - 01793672 _____ (Adobe Systems, Incorporated) C:\Windows\SysWOW64\amtlib.dll
2013-11-11 21:11 - 2013-11-11 21:11 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-11 21:11 - 2013-11-11 21:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 21:11 - 2013-11-11 21:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 21:10 - 2013-11-11 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 21:10 - 2013-11-11 21:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-11 20:58 - 2013-11-11 20:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\FlashPlayer Install
2013-11-11 15:41 - 2011-08-11 21:39 - 00000000 ____D C:\Users\Jana\Documents\bewerbung
2013-11-09 17:46 - 2012-03-13 22:47 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Autodesk
2013-11-09 17:46 - 2012-03-13 22:47 - 00000000 ____D C:\ProgramData\Autodesk
2013-11-09 17:44 - 2012-03-13 22:53 - 00000000 ____D C:\Program Files\Autodesk
2013-11-09 17:26 - 2012-05-05 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 16:14 - 2013-11-06 11:49 - 00000000 ____D C:\Users\Jana\Desktop\7.semester
2013-11-08 08:35 - 2013-11-06 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 22:46 - 2013-04-20 10:18 - 00001236 _____ C:\Users\Jana\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2013-11-06 22:46 - 2013-04-18 21:59 - 00001679 _____ C:\Users\Jana\Desktop\Adobe Illustrator CS6 (64 Bit).lnk
2013-10-31 13:25 - 2013-03-12 14:35 - 00000000 ____D C:\Users\Jana\Documents\Praktikum
2013-10-23 20:28 - 2013-10-23 20:28 - 102674996 _____ C:\Windows\SysWOW64\죇賳K
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\WPF Toolkit
2013-10-20 22:24 - 2013-10-20 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression
2013-10-20 22:23 - 2013-10-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-20 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-15 15:02 - 2013-10-15 09:03 - 101148298 _____ C:\Windows\SysWOW64\⽪쩝›
Files to move or delete:
====================
C:\Windows\System32\msiexec.exe /qn /x{voidguid}
Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-14 04:22
==================== End Of Log ============================
|
|
14.11.2013, 15:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Hm die Teile respawn immer wieder
__________________ Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ |
|
14.11.2013, 16:05
| #19 |
| | Windows 7: Facebook.vbs auf Rechner und USB-Stick So hier ist das Ergebnis: Code:
ATTFilter ComboFix 13-11-12.01 - Jana 14.11.2013 15:42:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5980 [GMT 1:00]
ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6E38BFE-1C31-47EA-B58B-468A007E0900}.xps
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3D29B66-A54A-4975-AE01-F30AF05F75D8}.xps
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC72D083-4969-43F1-85A2-D581ADC4F7B7}.xps
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2D0CAEE-1EBD-43FC-BB4F-8A1B123AAB18}.xps
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB23D61A-1E56-4461-AA4E-8BD2B31697F3}.xps
c:\users\Jana\AppData\Roaming\AcroIEHelpe.txt
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe
c:\users\Jana\AppData\Roaming\srvblck2.tmp
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-14 bis 2013-11-14 ))))))))))))))))))))))))))))))
.
.
2013-11-14 14:54 . 2013-11-14 14:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-14 14:54 . 2013-11-14 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 14:13 . 2013-04-15 03:11 7596 ----a-w- c:\users\Jana\AppData\Roaming\Facebook.vbs
2013-11-14 12:48 . 2013-11-14 12:48 -------- d-----w- c:\windows\ERUNT
2013-11-14 12:35 . 2013-11-14 12:37 -------- d-----w- C:\AdwCleaner
2013-11-14 06:59 . 2013-11-14 07:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-13 23:35 . 2013-11-14 06:59 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 23:15 . 2013-11-14 06:59 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-13 23:15 . 2013-11-13 23:15 91352 ----a-w- c:\windows\system32\drivers\1C5F0E2C.sys
2013-11-13 19:51 . 2013-11-14 14:12 -------- d-----w- C:\FRST
2013-11-12 06:46 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24FD7D4-7721-4A77-8269-BC2CDC9A4F7B}\mpengine.dll
2013-11-11 21:20 . 2013-11-11 21:20 -------- d-----w- C:\adobeTemp
2013-11-11 20:54 . 2013-11-11 20:55 1793672 ----a-w- c:\windows\SysWow64\amtlib.dll
2013-11-11 20:54 . 2013-11-11 20:54 -------- d-----w- c:\programdata\Logs
2013-11-11 20:11 . 2013-11-11 20:11 -------- d-----w- c:\users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 20:10 . 2013-11-11 20:10 -------- d-----w- c:\programdata\Malwarebytes
2013-11-11 20:10 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-11 20:10 . 2013-11-11 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-11 19:58 . 2013-11-11 19:58 -------- d-----w- c:\users\Jana\AppData\Roaming\FlashPlayer Install
2013-11-11 13:42 . 2013-04-15 03:11 7596 ----a-w- c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
2013-10-23 12:01 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-23 12:01 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-23 12:01 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-23 12:01 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-23 12:01 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-23 12:01 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-23 12:01 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-22 16:56 . 2013-11-13 14:17 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-20 21:24 . 2013-10-20 21:24 -------- d-----w- c:\program files (x86)\WPF Toolkit
2013-10-20 21:23 . 2013-10-20 21:23 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-10-20 21:20 . 2013-10-20 21:24 -------- d-----w- c:\program files (x86)\Microsoft Expression
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 02:03 . 2011-08-25 10:25 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 20:44 . 2011-08-14 19:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-11 18:02 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 18:02 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 18:02 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 13:25 . 2013-05-11 00:18 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-02 13:25 . 2013-03-31 15:27 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-02 13:25 . 2013-03-31 15:27 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 02:17 . 2013-10-11 18:02 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 18:02 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 18:02 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 18:02 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 18:02 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 18:02 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 18:02 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 18:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 18:02 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 18:02 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 18:02 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 18:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 18:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 18:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 18:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 18:02 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 18:02 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 18:02 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jana\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-09-04 1564528]
"FlashPlayerPlug_11_4_76_983"="c:\users\Jana\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe" [2013-11-11 364032]
"Facebook.vbs"="c:\users\Jana\AppData\Roaming\Facebook.vbs" [2013-04-15 7596]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-4-15 7596]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Facebook.vbs"="c:\users\Jana\AppData\Roaming\Facebook.vbs" [2013-04-15 7596]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-16 21:28; {b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}; c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF - ExtSQL: 2013-11-01 22:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2011-09-03 18:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ABBYY Screenshot Reader Bonus - c:\program files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk - c:\users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
AddRemove-Mipony Download Manager Packages - c:\users\Jana\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe
AddRemove-Mipony Download Manager Packages 38 - c:\users\Jana\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-14 15:57:38
ComboFix-quarantined-files.txt 2013-11-14 14:57
.
Vor Suchlauf: 21 Verzeichnis(se), 163.264.925.696 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 186.939.232.256 Bytes frei
.
- - End Of File - - 0C9122CAA0B26F52C976176E1027D4BD
|
|
14.11.2013, 16:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2013, 17:04
| #21 |
| | Windows 7: Facebook.vbs auf Rechner und USB-StickCode:
ATTFilter ComboFix 13-11-12.01 - Jana 14.11.2013 16:40:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5629 [GMT 1:00]
ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jana\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jana\AppData\Roaming\Facebook.vbs"
"c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-14 bis 2013-11-14 ))))))))))))))))))))))))))))))
.
.
2013-11-14 15:45 . 2013-11-14 15:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-14 15:45 . 2013-11-14 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 15:39 . 2013-11-14 15:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24FD7D4-7721-4A77-8269-BC2CDC9A4F7B}\offreg.dll
2013-11-14 14:13 . 2013-04-15 03:11 7596 ----a-w- c:\users\Jana\AppData\Roaming\Facebook.vbs
2013-11-14 12:48 . 2013-11-14 12:48 -------- d-----w- c:\windows\ERUNT
2013-11-14 12:35 . 2013-11-14 12:37 -------- d-----w- C:\AdwCleaner
2013-11-14 06:59 . 2013-11-14 07:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-13 23:35 . 2013-11-14 06:59 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 23:15 . 2013-11-14 06:59 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-13 23:15 . 2013-11-13 23:15 91352 ----a-w- c:\windows\system32\drivers\1C5F0E2C.sys
2013-11-13 19:51 . 2013-11-14 14:12 -------- d-----w- C:\FRST
2013-11-12 06:46 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24FD7D4-7721-4A77-8269-BC2CDC9A4F7B}\mpengine.dll
2013-11-11 21:20 . 2013-11-11 21:20 -------- d-----w- C:\adobeTemp
2013-11-11 20:54 . 2013-11-11 20:55 1793672 ----a-w- c:\windows\SysWow64\amtlib.dll
2013-11-11 20:54 . 2013-11-11 20:54 -------- d-----w- c:\programdata\Logs
2013-11-11 20:11 . 2013-11-11 20:11 -------- d-----w- c:\users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 20:10 . 2013-11-11 20:10 -------- d-----w- c:\programdata\Malwarebytes
2013-11-11 20:10 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-11 20:10 . 2013-11-11 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-11 19:58 . 2013-11-11 19:58 -------- d-----w- c:\users\Jana\AppData\Roaming\FlashPlayer Install
2013-10-23 12:01 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-23 12:01 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-23 12:01 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-23 12:01 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-23 12:01 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-23 12:01 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-23 12:01 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-22 16:56 . 2013-11-13 14:17 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-20 21:24 . 2013-10-20 21:24 -------- d-----w- c:\program files (x86)\WPF Toolkit
2013-10-20 21:23 . 2013-10-20 21:23 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-10-20 21:20 . 2013-10-20 21:24 -------- d-----w- c:\program files (x86)\Microsoft Expression
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 02:03 . 2011-08-25 10:25 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 20:44 . 2011-08-14 19:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-11 18:02 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 18:02 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 18:02 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 13:25 . 2013-05-11 00:18 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-02 13:25 . 2013-03-31 15:27 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-02 13:25 . 2013-03-31 15:27 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 02:17 . 2013-10-11 18:02 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 18:02 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 18:02 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 18:02 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 18:02 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 18:02 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 18:02 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 18:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 18:02 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 18:02 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 18:02 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 18:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 18:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 18:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 18:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 18:02 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 18:02 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 18:02 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jana\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-09-04 1564528]
"FlashPlayerPlug_11_4_76_983"="c:\users\Jana\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe" [2013-11-11 364032]
"Facebook.vbs"="c:\users\Jana\AppData\Roaming\Facebook.vbs" [2013-04-15 7596]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-4-15 7596]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Facebook.vbs"="c:\users\Jana\AppData\Roaming\Facebook.vbs" [2013-04-15 7596]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-16 21:28; {b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}; c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF - ExtSQL: 2013-11-01 22:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2011-09-03 18:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-14 16:46:38
ComboFix-quarantined-files.txt 2013-11-14 15:46
ComboFix2.txt 2013-11-14 14:57
.
Vor Suchlauf: 27 Verzeichnis(se), 186.778.181.632 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 186.700.062.720 Bytes frei
.
- - End Of File - - C0314AA4B0FE623E179A362367C8B5DF
|
|
14.11.2013, 17:11
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Also irgendwas stimmt hier nicht. Diese facebook.vbs Einträge verschwinden einfach nicht. Hast du den infizierten Stick angesteckt die ganze Zeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2013, 17:15
| #23 |
| | Windows 7: Facebook.vbs auf Rechner und USB-Stick ja habe ich. Hätte ich den auswerfen sollen die ganze Zeit? Habe ich vorhin auch schon mal gefragt... Hast du vielleicht übersehen. |
|
14.11.2013, 17:16
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Naja, du hast die automatische Wiedergabe komplett deaktiviert. Dadurch kann der eigentlich nicht mehr das System ohne dein Zutun re-infizieren. Steck den Stick bitte mal ab und wiederhol den letzten Fix mit FRST.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2013, 17:31
| #25 |
| | Windows 7: Facebook.vbs auf Rechner und USB-StickCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Jana at 2013-11-14 17:22:50 Run:3
Running from C:\Users\Jana\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
HKCU\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
C:\Users\Jana\AppData\Roaming\Facebook.vbs
C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
C:\Users\Jana\AppData\Local\Temp\7B38.exe
C:\Users\Jana\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jana\AppData\Local\Temp\avguidx.dll
C:\Users\Jana\AppData\Local\Temp\busunint.exe
C:\Users\Jana\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jana\AppData\Local\Temp\DLMGuardian.exe
C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe
C:\Users\Jana\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Jana\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Jana\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Jana\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Jana\AppData\Local\Temp\ose00000.exe
C:\Users\Jana\AppData\Local\Temp\Quarantine.exe
C:\Users\Jana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jana\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jana\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jana\AppData\Local\Temp\uninst1.exe
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs => Value deleted successfully.
C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs => Moved successfully.
Could not move "C:\Users\Jana\AppData\Roaming\Facebook.vbs" => Scheduled to move on reboot.
"C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\7B38.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\AcDeltree.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\avguidx.dll" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\busunint.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\CommonInstaller.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\DLMGuardian.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\iGearedHelper.dll" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\ToolbarInstaller.exe" => File/Directory not found.
"C:\Users\Jana\AppData\Local\Temp\uninst1.exe" => File/Directory not found.
=========== Result of Scheduled Files to move ===========
C:\Users\Jana\AppData\Roaming\Facebook.vbs => Moved successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Jana (administrator) on JANA-PC on 14-11-2013 17:26:43
Running from C:\Users\Jana\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Akamai Technologies, Inc.) C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Akamai Technologies, Inc.) C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Flash, Media Inc TM.) C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-10-08] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jana\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [FlashPlayerPlug_11_4_76_983] - C:\Users\Jana\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe [364032 2013-11-11] (Adobe Flash, Media Inc TM.)
HKCU\...\Run: [Facebook.vbs] - C:\Users\Jana\AppData\Roaming\Facebook.vbs [7596 2013-04-15] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\DOLBY PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\Default User\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
ShortcutTarget: FlashPlayerPlug.lnk -> C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe (Adobe Flash, Media Inc TM.)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe (Adobe Flash, Media Inc TM.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {2C32CC42-F221-41D6-9424-199F427EED9B} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2C32CC42-F221-41D6-9424-199F427EED9B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/ade4dc80c585b082b9aad3bdea6b40a7/proxy.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\toolbar@gmx.net.xpi
FF Extension: gadrm - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\polzwhva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-23] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [913408 2009-10-21] (DiBcom)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-14 16:46 - 2013-11-14 16:46 - 00026756 _____ C:\ComboFix.txt
2013-11-14 16:33 - 2013-11-14 16:33 - 05147957 ____R (Swearware) C:\Users\Jana\Desktop\ComboFix.exe
2013-11-14 15:41 - 2013-11-14 16:46 - 00000000 ____D C:\Qoobox
2013-11-14 15:41 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-14 15:41 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-14 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-14 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-14 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-14 15:41 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-14 15:41 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-14 15:41 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-14 15:40 - 2013-11-14 15:56 - 00000000 ____D C:\Windows\erdnt
2013-11-14 15:13 - 2013-04-15 04:11 - 00007596 _____ C:\Users\Jana\AppData\Roaming\Facebook.vbs
2013-11-14 15:09 - 2013-11-14 15:10 - 01957794 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe
2013-11-14 14:25 - 2013-11-14 14:25 - 00000155 _____ C:\Users\Jana\Downloads\noautorun.reg
2013-11-14 13:55 - 2013-11-14 13:55 - 00003349 _____ C:\Users\Jana\Downloads\JRT.txt
2013-11-14 13:48 - 2013-11-14 13:48 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 13:46 - 2013-11-14 13:46 - 01034531 _____ (Thisisu) C:\Users\Jana\Desktop\JRT.exe
2013-11-14 13:46 - 2013-11-14 13:46 - 00022698 _____ C:\Users\Jana\Downloads\AdwCleaner[S0].txt
2013-11-14 13:35 - 2013-11-14 13:37 - 00000000 ____D C:\AdwCleaner
2013-11-14 13:33 - 2013-11-14 13:33 - 01085542 _____ C:\Users\Jana\Desktop\adwcleaner.exe
2013-11-14 07:59 - 2013-11-14 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 03:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:07 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 03:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:07 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 03:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:07 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:07 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:07 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:07 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:07 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 00:35 - 2013-11-14 07:59 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 00:25 - 2013-11-14 08:58 - 00000000 ____D C:\Users\Jana\Desktop\mbar
2013-11-14 00:25 - 2013-11-14 00:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Downloads\mbar-1.07.0.1007.exe
2013-11-14 00:15 - 2013-11-14 07:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 00:15 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1C5F0E2C.sys
2013-11-14 00:12 - 2013-11-14 00:13 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Desktop\mbar-1.07.0.1007.exe
2013-11-13 22:50 - 2013-11-13 22:50 - 00077319 _____ C:\Users\Jana\Downloads\Neues Textdokument.txt
2013-11-13 22:42 - 2013-11-13 22:42 - 00024287 _____ C:\Users\Jana\Downloads\Log Dateien.zip
2013-11-13 22:27 - 2013-11-13 22:27 - 00013279 _____ C:\Users\Jana\Downloads\log.zip
2013-11-13 21:52 - 2013-11-13 21:52 - 00142922 _____ C:\Users\Jana\Downloads\Ereignisse.txt
2013-11-13 21:45 - 2013-11-13 21:45 - 00262144 _____ C:\Windows\Minidump\111313-123100-01.dmp
2013-11-13 21:30 - 2013-11-13 21:30 - 00007841 _____ C:\Users\Jana\Downloads\gmer.txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00377856 _____ C:\Users\Jana\Downloads\loqoi3qj.exe
2013-11-13 21:05 - 2013-11-13 21:05 - 00000540 _____ C:\Users\Jana\Downloads\defogger_disable.log
2013-11-13 21:05 - 2013-11-13 21:05 - 00000168 _____ C:\Users\Jana\defogger_reenable
2013-11-13 21:04 - 2013-11-13 21:04 - 00050477 _____ C:\Users\Jana\Downloads\Defogger.exe
2013-11-13 20:53 - 2013-11-13 21:09 - 00033495 _____ C:\Users\Jana\Downloads\Addition.txt
2013-11-13 20:51 - 2013-11-14 17:26 - 00019677 _____ C:\Users\Jana\Downloads\FRST.txt
2013-11-13 20:51 - 2013-11-14 17:25 - 00000000 ____D C:\FRST
2013-11-13 15:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 15:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 15:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 15:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 15:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 15:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 15:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 15:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 15:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 15:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 15:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 15:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 15:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 15:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 15:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 15:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 15:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 15:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 15:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 15:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 15:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 15:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 15:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 15:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 15:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 15:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 15:14 - 2013-11-13 15:14 - 104010312 _____ C:\Windows\SysWOW64\�€
2013-11-11 22:12 - 2013-11-11 22:12 - 00001526 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-11-11 21:54 - 2013-11-14 07:30 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-11-11 21:54 - 2013-11-11 21:55 - 01793672 _____ (Adobe Systems, Incorporated) C:\Windows\SysWOW64\amtlib.dll
2013-11-11 21:11 - 2013-11-11 21:11 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-11 21:11 - 2013-11-11 21:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 21:10 - 2013-11-11 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 21:10 - 2013-11-11 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 21:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-11 21:09 - 2013-11-11 21:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-11 20:58 - 2013-11-11 20:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\FlashPlayer Install
2013-11-10 16:38 - 2013-11-13 15:26 - 00000000 ____D C:\Users\Jana\Desktop\Design
2013-11-06 12:48 - 2013-11-08 08:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:49 - 2013-11-08 16:14 - 00000000 ____D C:\Users\Jana\Desktop\7.semester
2013-10-23 20:28 - 2013-10-23 20:28 - 102674996 _____ C:\Windows\SysWOW64\죇賳K
2013-10-23 13:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-23 13:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-22 17:56 - 2013-11-13 15:17 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\WPF Toolkit
2013-10-20 22:23 - 2013-10-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-20 22:20 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression
2013-10-15 09:03 - 2013-10-15 15:02 - 101148298 _____ C:\Windows\SysWOW64\⽪쩝›
==================== One Month Modified Files and Folders =======
2013-11-14 17:27 - 2013-11-13 20:51 - 00019677 _____ C:\Users\Jana\Downloads\FRST.txt
2013-11-14 17:25 - 2013-11-13 20:51 - 00000000 ____D C:\FRST
2013-11-14 17:25 - 2011-08-10 16:51 - 00000000 ___RD C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 17:23 - 2010-11-21 04:47 - 00231732 _____ C:\Windows\PFRO.log
2013-11-14 17:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 17:23 - 2009-07-14 05:51 - 00141240 _____ C:\Windows\setupact.log
2013-11-14 17:22 - 2011-06-09 10:49 - 01743533 _____ C:\Windows\WindowsUpdate.log
2013-11-14 16:46 - 2013-11-14 16:46 - 00026756 _____ C:\ComboFix.txt
2013-11-14 16:46 - 2013-11-14 15:41 - 00000000 ____D C:\Qoobox
2013-11-14 16:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-14 16:44 - 2012-04-18 08:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 16:33 - 2013-11-14 16:33 - 05147957 ____R (Swearware) C:\Users\Jana\Desktop\ComboFix.exe
2013-11-14 15:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-14 15:56 - 2013-11-14 15:40 - 00000000 ____D C:\Windows\erdnt
2013-11-14 15:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:10 - 2013-11-14 15:09 - 01957794 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe
2013-11-14 14:25 - 2013-11-14 14:25 - 00000155 _____ C:\Users\Jana\Downloads\noautorun.reg
2013-11-14 14:19 - 2011-08-11 21:39 - 00000000 ____D C:\Users\Jana\Documents\FH Emden
2013-11-14 13:55 - 2013-11-14 13:55 - 00003349 _____ C:\Users\Jana\Downloads\JRT.txt
2013-11-14 13:48 - 2013-11-14 13:48 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 13:46 - 2013-11-14 13:46 - 01034531 _____ (Thisisu) C:\Users\Jana\Desktop\JRT.exe
2013-11-14 13:46 - 2013-11-14 13:46 - 00022698 _____ C:\Users\Jana\Downloads\AdwCleaner[S0].txt
2013-11-14 13:37 - 2013-11-14 13:35 - 00000000 ____D C:\AdwCleaner
2013-11-14 13:37 - 2011-08-11 16:20 - 00000000 ____D C:\ProgramData\ICQ
2013-11-14 13:37 - 2011-08-10 16:51 - 00000000 ____D C:\Users\Jana
2013-11-14 13:33 - 2013-11-14 13:33 - 01085542 _____ C:\Users\Jana\Desktop\adwcleaner.exe
2013-11-14 08:58 - 2013-11-14 07:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 08:58 - 2013-11-14 00:25 - 00000000 ____D C:\Users\Jana\Desktop\mbar
2013-11-14 07:59 - 2013-11-14 00:35 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 07:59 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 07:30 - 2013-11-11 21:54 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-11-14 04:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:06 - 2011-08-12 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:05 - 2013-08-20 08:50 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:03 - 2011-08-25 11:25 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 00:25 - 2013-11-14 00:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Downloads\mbar-1.07.0.1007.exe
2013-11-14 00:15 - 2013-11-14 00:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1C5F0E2C.sys
2013-11-14 00:13 - 2013-11-14 00:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Jana\Desktop\mbar-1.07.0.1007.exe
2013-11-13 22:50 - 2013-11-13 22:50 - 00077319 _____ C:\Users\Jana\Downloads\Neues Textdokument.txt
2013-11-13 22:42 - 2013-11-13 22:42 - 00024287 _____ C:\Users\Jana\Downloads\Log Dateien.zip
2013-11-13 22:27 - 2013-11-13 22:27 - 00013279 _____ C:\Users\Jana\Downloads\log.zip
2013-11-13 21:52 - 2013-11-13 21:52 - 00142922 _____ C:\Users\Jana\Downloads\Ereignisse.txt
2013-11-13 21:45 - 2013-11-13 21:45 - 00262144 _____ C:\Windows\Minidump\111313-123100-01.dmp
2013-11-13 21:45 - 2013-09-04 19:34 - 00000000 ____D C:\Windows\Minidump
2013-11-13 21:45 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 21:45 - 2009-07-14 05:45 - 05068392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-13 21:44 - 2013-09-04 19:34 - 820709658 _____ C:\Windows\MEMORY.DMP
2013-11-13 21:30 - 2013-11-13 21:30 - 00007841 _____ C:\Users\Jana\Downloads\gmer.txt
2013-11-13 21:09 - 2013-11-13 20:53 - 00033495 _____ C:\Users\Jana\Downloads\Addition.txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00377856 _____ C:\Users\Jana\Downloads\loqoi3qj.exe
2013-11-13 21:05 - 2013-11-13 21:05 - 00000540 _____ C:\Users\Jana\Downloads\defogger_disable.log
2013-11-13 21:05 - 2013-11-13 21:05 - 00000168 _____ C:\Users\Jana\defogger_reenable
2013-11-13 21:04 - 2013-11-13 21:04 - 00050477 _____ C:\Users\Jana\Downloads\Defogger.exe
2013-11-13 20:42 - 2011-06-09 20:41 - 03617538 _____ C:\Windows\system32\perfh007.dat
2013-11-13 20:42 - 2011-06-09 20:41 - 01120428 _____ C:\Windows\system32\perfc007.dat
2013-11-13 20:42 - 2009-07-14 06:13 - 00006686 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 15:26 - 2013-11-10 16:38 - 00000000 ____D C:\Users\Jana\Desktop\Design
2013-11-13 15:17 - 2013-10-22 17:56 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-13 15:17 - 2013-02-18 18:55 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 104010312 _____ C:\Windows\SysWOW64\�€
2013-11-11 22:28 - 2011-08-10 16:51 - 00117080 _____ C:\Users\Jana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 22:21 - 2011-04-06 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-11 22:20 - 2012-12-02 10:45 - 00000000 ____D C:\Program Files\Adobe
2013-11-11 22:12 - 2013-11-11 22:12 - 00001526 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-11-11 21:55 - 2013-11-11 21:54 - 01793672 _____ (Adobe Systems, Incorporated) C:\Windows\SysWOW64\amtlib.dll
2013-11-11 21:11 - 2013-11-11 21:11 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-11 21:11 - 2013-11-11 21:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes
2013-11-11 21:11 - 2013-11-11 21:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 21:10 - 2013-11-11 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-11 21:10 - 2013-11-11 21:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-11 20:58 - 2013-11-11 20:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\FlashPlayer Install
2013-11-11 15:41 - 2011-08-11 21:39 - 00000000 ____D C:\Users\Jana\Documents\bewerbung
2013-11-09 17:46 - 2012-03-13 22:47 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Autodesk
2013-11-09 17:46 - 2012-03-13 22:47 - 00000000 ____D C:\ProgramData\Autodesk
2013-11-09 17:44 - 2012-03-13 22:53 - 00000000 ____D C:\Program Files\Autodesk
2013-11-09 17:26 - 2012-05-05 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 16:14 - 2013-11-06 11:49 - 00000000 ____D C:\Users\Jana\Desktop\7.semester
2013-11-08 08:35 - 2013-11-06 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 22:46 - 2013-04-20 10:18 - 00001236 _____ C:\Users\Jana\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2013-11-06 22:46 - 2013-04-18 21:59 - 00001679 _____ C:\Users\Jana\Desktop\Adobe Illustrator CS6 (64 Bit).lnk
2013-10-31 13:25 - 2013-03-12 14:35 - 00000000 ____D C:\Users\Jana\Documents\Praktikum
2013-10-23 20:28 - 2013-10-23 20:28 - 102674996 _____ C:\Windows\SysWOW64\죇賳K
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Program Files (x86)\WPF Toolkit
2013-10-20 22:24 - 2013-10-20 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression
2013-10-20 22:23 - 2013-10-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-10-20 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-15 15:02 - 2013-10-15 09:03 - 101148298 _____ C:\Windows\SysWOW64\⽪쩝›
Files to move or delete:
====================
C:\Windows\System32\msiexec.exe /qn /x{voidguid}
Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\FlashPlayerMsj.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-14 04:22
==================== End Of Log ============================
|
|
14.11.2013, 23:52
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Einträge sind immer noch da. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2013, 08:05
| #27 |
| | Windows 7: Facebook.vbs auf Rechner und USB-StickCode:
ATTFilter 07:45:04.0841 5012 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:45:06.0853 5012 ============================================================
07:45:06.0853 5012 Current date / time: 2013/11/15 07:45:06.0853
07:45:06.0853 5012 SystemInfo:
07:45:06.0853 5012
07:45:06.0853 5012 OS Version: 6.1.7601 ServicePack: 1.0
07:45:06.0853 5012 Product type: Workstation
07:45:06.0853 5012 ComputerName: JANA-PC
07:45:06.0853 5012 UserName: Jana
07:45:06.0853 5012 Windows directory: C:\Windows
07:45:06.0853 5012 System windows directory: C:\Windows
07:45:06.0853 5012 Running under WOW64
07:45:06.0853 5012 Processor architecture: Intel x64
07:45:06.0853 5012 Number of processors: 4
07:45:06.0853 5012 Page size: 0x1000
07:45:06.0853 5012 Boot type: Normal boot
07:45:06.0853 5012 ============================================================
07:45:07.0758 5012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:45:07.0758 5012 ============================================================
07:45:07.0758 5012 \Device\Harddisk0\DR0:
07:45:07.0773 5012 MBR partitions:
07:45:07.0773 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:45:07.0773 5012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
07:45:07.0773 5012 ============================================================
07:45:07.0820 5012 C: <-> \Device\Harddisk0\DR0\Partition2
07:45:07.0820 5012 ============================================================
07:45:07.0820 5012 Initialize success
07:45:07.0820 5012 ============================================================
07:45:40.0159 6800 ============================================================
07:45:40.0159 6800 Scan started
07:45:40.0159 6800 Mode: Manual; SigCheck; TDLFS;
07:45:40.0159 6800 ============================================================
07:45:40.0736 6800 ================ Scan system memory ========================
07:45:40.0736 6800 System memory - ok
07:45:40.0736 6800 ================ Scan services =============================
07:45:40.0939 6800 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:45:41.0189 6800 1394ohci - ok
07:45:41.0298 6800 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:45:41.0345 6800 ACPI - ok
07:45:41.0391 6800 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:45:41.0516 6800 AcpiPmi - ok
07:45:41.0657 6800 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:45:41.0688 6800 AdobeARMservice - ok
07:45:41.0875 6800 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:45:41.0906 6800 AdobeFlashPlayerUpdateSvc - ok
07:45:41.0953 6800 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:45:42.0031 6800 adp94xx - ok
07:45:42.0062 6800 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:45:42.0140 6800 adpahci - ok
07:45:42.0171 6800 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:45:42.0187 6800 adpu320 - ok
07:45:42.0218 6800 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:45:42.0437 6800 AeLookupSvc - ok
07:45:42.0499 6800 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys
07:45:42.0655 6800 AFD - ok
07:45:42.0717 6800 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:45:42.0749 6800 agp440 - ok
07:45:42.0780 6800 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:45:42.0889 6800 ALG - ok
07:45:42.0936 6800 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:45:42.0967 6800 aliide - ok
07:45:42.0983 6800 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:45:42.0983 6800 amdide - ok
07:45:43.0014 6800 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:45:43.0076 6800 AmdK8 - ok
07:45:43.0107 6800 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:45:43.0154 6800 AmdPPM - ok
07:45:43.0232 6800 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:45:43.0279 6800 amdsata - ok
07:45:43.0310 6800 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:45:43.0341 6800 amdsbs - ok
07:45:43.0357 6800 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:45:43.0357 6800 amdxata - ok
07:45:43.0451 6800 [ 3EC77A3849350B40D2D9002BA560E554 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:45:43.0466 6800 AntiVirSchedulerService - ok
07:45:43.0513 6800 [ 1D6D44493488923CF6E82339E189EAD6 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:45:43.0529 6800 AntiVirService - ok
07:45:43.0591 6800 [ 6C5595EC0F009EF7D73EBBE11AA33C3D ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
07:45:43.0653 6800 AntiVirWebService - ok
07:45:43.0700 6800 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:45:43.0950 6800 AppID - ok
07:45:43.0997 6800 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:45:44.0075 6800 AppIDSvc - ok
07:45:44.0168 6800 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
07:45:44.0262 6800 Appinfo - ok
07:45:44.0309 6800 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
07:45:44.0355 6800 arc - ok
07:45:44.0371 6800 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:45:44.0402 6800 arcsas - ok
07:45:44.0527 6800 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:45:44.0605 6800 aspnet_state - ok
07:45:44.0636 6800 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:45:44.0699 6800 AsyncMac - ok
07:45:44.0745 6800 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:45:44.0777 6800 atapi - ok
07:45:44.0886 6800 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:45:45.0042 6800 athr - ok
07:45:45.0089 6800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:45:45.0213 6800 AudioEndpointBuilder - ok
07:45:45.0245 6800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:45:45.0291 6800 AudioSrv - ok
07:45:45.0385 6800 [ 0D5C96FD25D6455D97A5C4D7706DFAB1 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:45:45.0463 6800 avgntflt - ok
07:45:45.0541 6800 [ E26B3C8E9C3DDE047B32C5719955D715 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:45:45.0557 6800 avipbb - ok
07:45:45.0619 6800 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:45:45.0635 6800 avkmgr - ok
07:45:45.0666 6800 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:45:45.0791 6800 AxInstSV - ok
07:45:45.0884 6800 [ 9F4320BA8E7CE2342517B182A2F2C0E6 ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
07:45:45.0962 6800 azvusb - ok
07:45:46.0009 6800 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:45:46.0134 6800 b06bdrv - ok
07:45:46.0165 6800 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:45:46.0243 6800 b57nd60a - ok
07:45:46.0305 6800 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\drivers\b57xdbd.sys
07:45:46.0321 6800 b57xdbd - ok
07:45:46.0337 6800 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\drivers\b57xdmp.sys
07:45:46.0352 6800 b57xdmp - ok
07:45:46.0383 6800 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:45:46.0477 6800 BDESVC - ok
07:45:46.0524 6800 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:45:46.0633 6800 Beep - ok
07:45:46.0695 6800 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:45:46.0805 6800 BFE - ok
07:45:46.0851 6800 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
07:45:46.0945 6800 BITS - ok
07:45:46.0976 6800 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:45:47.0007 6800 blbdrive - ok
07:45:47.0054 6800 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:45:47.0132 6800 bowser - ok
07:45:47.0179 6800 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:45:47.0226 6800 BrFiltLo - ok
07:45:47.0257 6800 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:45:47.0273 6800 BrFiltUp - ok
07:45:47.0351 6800 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:45:47.0444 6800 BridgeMP - ok
07:45:47.0522 6800 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:45:47.0600 6800 Browser - ok
07:45:47.0616 6800 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:45:47.0709 6800 Brserid - ok
07:45:47.0741 6800 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:45:47.0787 6800 BrSerWdm - ok
07:45:47.0819 6800 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:45:47.0881 6800 BrUsbMdm - ok
07:45:47.0912 6800 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:45:47.0943 6800 BrUsbSer - ok
07:45:47.0990 6800 [ 520408CFDB56DE8CDB44B2F11B9C5B5C ] bScsiMSa C:\Windows\system32\drivers\bScsiMSa.sys
07:45:48.0021 6800 bScsiMSa - ok
07:45:48.0037 6800 [ 9F880F03F4A72215C8B77FD51322C297 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
07:45:48.0053 6800 bScsiSDa - ok
07:45:48.0068 6800 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:45:48.0115 6800 BTHMODEM - ok
07:45:48.0162 6800 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:45:48.0240 6800 bthserv - ok
07:45:48.0271 6800 catchme - ok
07:45:48.0287 6800 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:45:48.0349 6800 cdfs - ok
07:45:48.0411 6800 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:45:48.0458 6800 cdrom - ok
07:45:48.0521 6800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:45:48.0614 6800 CertPropSvc - ok
07:45:48.0645 6800 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
07:45:48.0708 6800 circlass - ok
07:45:48.0739 6800 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:45:48.0770 6800 CLFS - ok
07:45:48.0817 6800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:45:48.0848 6800 clr_optimization_v2.0.50727_32 - ok
07:45:48.0879 6800 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:45:48.0895 6800 clr_optimization_v2.0.50727_64 - ok
07:45:49.0035 6800 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:45:49.0160 6800 clr_optimization_v4.0.30319_32 - ok
07:45:49.0207 6800 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:45:49.0238 6800 clr_optimization_v4.0.30319_64 - ok
07:45:49.0285 6800 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
07:45:49.0332 6800 CmBatt - ok
07:45:49.0363 6800 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:45:49.0379 6800 cmdide - ok
07:45:49.0441 6800 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys
07:45:49.0488 6800 CNG - ok
07:45:49.0550 6800 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:45:49.0581 6800 Compbatt - ok
07:45:49.0613 6800 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:45:49.0675 6800 CompositeBus - ok
07:45:49.0706 6800 COMSysApp - ok
07:45:49.0722 6800 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:45:49.0753 6800 crcdisk - ok
07:45:49.0800 6800 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:45:49.0925 6800 CryptSvc - ok
07:45:49.0987 6800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:45:50.0127 6800 DcomLaunch - ok
07:45:50.0159 6800 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:45:50.0252 6800 defragsvc - ok
07:45:50.0283 6800 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:45:50.0330 6800 DfsC - ok
07:45:50.0424 6800 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
07:45:50.0455 6800 dg_ssudbus - ok
07:45:50.0502 6800 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:45:50.0595 6800 Dhcp - ok
07:45:50.0627 6800 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:45:50.0720 6800 discache - ok
07:45:50.0798 6800 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
07:45:50.0829 6800 Disk - ok
07:45:50.0861 6800 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:45:50.0939 6800 Dnscache - ok
07:45:51.0017 6800 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:45:51.0110 6800 dot3svc - ok
07:45:51.0173 6800 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:45:51.0251 6800 dot4 - ok
07:45:51.0282 6800 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:45:51.0313 6800 Dot4Print - ok
07:45:51.0344 6800 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
07:45:51.0407 6800 Dot4Scan - ok
07:45:51.0438 6800 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:45:51.0500 6800 dot4usb - ok
07:45:51.0547 6800 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:45:51.0625 6800 DPS - ok
07:45:51.0672 6800 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:45:51.0734 6800 drmkaud - ok
07:45:51.0828 6800 [ 4AB2A58816CC6BE771F1D8C768B804C5 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
07:45:51.0859 6800 DsiWMIService - ok
07:45:51.0921 6800 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:45:51.0953 6800 dtsoftbus01 - ok
07:45:52.0015 6800 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:45:52.0093 6800 DXGKrnl - ok
07:45:52.0124 6800 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:45:52.0218 6800 EapHost - ok
07:45:52.0327 6800 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:45:52.0483 6800 ebdrv - ok
07:45:52.0530 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe
07:45:52.0592 6800 EFS - ok
07:45:52.0655 6800 [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
07:45:52.0717 6800 EgisTec Ticket Service - ok
07:45:52.0795 6800 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:45:52.0935 6800 ehRecvr - ok
07:45:52.0951 6800 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:45:53.0013 6800 ehSched - ok
07:45:53.0091 6800 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:45:53.0138 6800 elxstor - ok
07:45:53.0232 6800 [ EB1C213A8550F066B2CCC29C9F41E2AE ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
07:45:53.0294 6800 ePowerSvc - ok
07:45:53.0310 6800 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:45:53.0357 6800 ErrDev - ok
07:45:53.0403 6800 [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD C:\Windows\system32\DRIVERS\ETD.sys
07:45:53.0419 6800 ETD - ok
07:45:53.0450 6800 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:45:53.0513 6800 EventSystem - ok
07:45:53.0559 6800 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:45:53.0637 6800 exfat - ok
07:45:53.0669 6800 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:45:53.0715 6800 fastfat - ok
07:45:53.0778 6800 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:45:53.0887 6800 Fax - ok
07:45:53.0918 6800 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
07:45:53.0965 6800 fdc - ok
07:45:54.0012 6800 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:45:54.0074 6800 fdPHost - ok
07:45:54.0090 6800 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:45:54.0121 6800 FDResPub - ok
07:45:54.0168 6800 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:45:54.0199 6800 FileInfo - ok
07:45:54.0215 6800 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:45:54.0277 6800 Filetrace - ok
07:45:54.0339 6800 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:45:54.0371 6800 FLEXnet Licensing Service - ok
07:45:54.0527 6800 [ ECC329F6104EE208C24C4A8C1B4A9D14 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:45:54.0605 6800 FLEXnet Licensing Service 64 - ok
07:45:54.0636 6800 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:45:54.0636 6800 flpydisk - ok
07:45:54.0667 6800 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:45:54.0714 6800 FltMgr - ok
07:45:54.0792 6800 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
07:45:54.0885 6800 FontCache - ok
07:45:54.0917 6800 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:45:54.0932 6800 FontCache3.0.0.0 - ok
07:45:54.0948 6800 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:45:54.0963 6800 FsDepends - ok
07:45:55.0104 6800 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
07:45:55.0135 6800 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
07:45:55.0135 6800 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
07:45:55.0197 6800 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:45:55.0244 6800 Fs_Rec - ok
07:45:55.0322 6800 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:45:55.0385 6800 fvevol - ok
07:45:55.0431 6800 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:45:55.0447 6800 gagp30kx - ok
07:45:55.0494 6800 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:45:55.0572 6800 gpsvc - ok
07:45:55.0619 6800 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
07:45:55.0650 6800 GREGService - ok
07:45:55.0681 6800 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:45:55.0743 6800 hcw85cir - ok
07:45:55.0775 6800 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:45:55.0853 6800 HdAudAddService - ok
07:45:55.0884 6800 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:45:55.0962 6800 HDAudBus - ok
07:45:55.0993 6800 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:45:56.0040 6800 HidBatt - ok
07:45:56.0071 6800 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:45:56.0118 6800 HidBth - ok
07:45:56.0149 6800 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
07:45:56.0165 6800 HidIr - ok
07:45:56.0196 6800 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
07:45:56.0274 6800 hidserv - ok
07:45:56.0305 6800 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:45:56.0336 6800 HidUsb - ok
07:45:56.0367 6800 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:45:56.0461 6800 hkmsvc - ok
07:45:56.0508 6800 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:45:56.0586 6800 HomeGroupListener - ok
07:45:56.0633 6800 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:45:56.0679 6800 HomeGroupProvider - ok
07:45:56.0804 6800 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:45:56.0835 6800 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:45:56.0835 6800 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:45:56.0882 6800 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:45:56.0913 6800 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:45:56.0913 6800 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:45:56.0960 6800 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:45:57.0007 6800 HpSAMD - ok
07:45:57.0101 6800 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:45:57.0163 6800 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
07:45:57.0163 6800 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
07:45:57.0210 6800 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:45:57.0288 6800 HTTP - ok
07:45:57.0335 6800 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:45:57.0335 6800 hwpolicy - ok
07:45:57.0350 6800 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:45:57.0366 6800 i8042prt - ok
07:45:57.0413 6800 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys
07:45:57.0428 6800 iaStor - ok
07:45:57.0475 6800 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:45:57.0506 6800 IAStorDataMgrSvc - ok
07:45:57.0584 6800 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:45:57.0631 6800 iaStorV - ok
07:45:57.0678 6800 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:45:57.0740 6800 idsvc - ok
07:45:58.0021 6800 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:45:58.0395 6800 igfx - ok
07:45:58.0458 6800 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:45:58.0489 6800 iirsp - ok
07:45:58.0551 6800 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll
07:45:58.0614 6800 IKEEXT - ok
07:45:58.0754 6800 [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:45:58.0848 6800 IntcAzAudAddService - ok
07:45:58.0895 6800 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:45:58.0910 6800 IntcDAud - ok
07:45:58.0941 6800 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:45:58.0957 6800 intelide - ok
07:45:58.0988 6800 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:45:59.0035 6800 intelppm - ok
07:45:59.0097 6800 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:45:59.0175 6800 IPBusEnum - ok
07:45:59.0207 6800 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:45:59.0253 6800 IpFilterDriver - ok
07:45:59.0300 6800 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:45:59.0409 6800 iphlpsvc - ok
07:45:59.0425 6800 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:45:59.0472 6800 IPMIDRV - ok
07:45:59.0487 6800 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:45:59.0534 6800 IPNAT - ok
07:45:59.0581 6800 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:45:59.0628 6800 IRENUM - ok
07:45:59.0643 6800 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:45:59.0659 6800 isapnp - ok
07:45:59.0675 6800 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:45:59.0706 6800 iScsiPrt - ok
07:45:59.0753 6800 [ 0469BFF65BBDEE9E46D0C45EE32A08BD ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
07:45:59.0768 6800 k57nd60a - ok
07:45:59.0768 6800 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:45:59.0784 6800 kbdclass - ok
07:45:59.0799 6800 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:45:59.0831 6800 kbdhid - ok
07:45:59.0877 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe
07:45:59.0893 6800 KeyIso - ok
07:45:59.0940 6800 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:45:59.0987 6800 KSecDD - ok
07:46:00.0018 6800 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:46:00.0033 6800 KSecPkg - ok
07:46:00.0080 6800 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:46:00.0174 6800 ksthunk - ok
07:46:00.0221 6800 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:46:00.0361 6800 KtmRm - ok
07:46:00.0408 6800 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:46:00.0501 6800 LanmanServer - ok
07:46:00.0533 6800 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:46:00.0626 6800 LanmanWorkstation - ok
07:46:00.0704 6800 [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
07:46:00.0735 6800 Live Updater Service - ok
07:46:00.0767 6800 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:46:00.0860 6800 lltdio - ok
07:46:00.0907 6800 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:46:01.0001 6800 lltdsvc - ok
07:46:01.0032 6800 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:46:01.0125 6800 lmhosts - ok
07:46:01.0172 6800 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:46:01.0188 6800 LMS - ok
07:46:01.0250 6800 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:46:01.0281 6800 LSI_FC - ok
07:46:01.0297 6800 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:46:01.0313 6800 LSI_SAS - ok
07:46:01.0313 6800 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:46:01.0328 6800 LSI_SAS2 - ok
07:46:01.0344 6800 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:46:01.0359 6800 LSI_SCSI - ok
07:46:01.0391 6800 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:46:01.0469 6800 luafv - ok
07:46:01.0531 6800 [ 701223C663019B62029FAB1A2385EE81 ] LUMDriver C:\Windows\system32\drivers\LUMDriver.sys
07:46:01.0547 6800 LUMDriver - ok
07:46:01.0625 6800 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:46:01.0656 6800 MBAMProtector - ok
07:46:01.0781 6800 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:46:01.0812 6800 MBAMScheduler - ok
07:46:01.0843 6800 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:46:01.0874 6800 MBAMService - ok
07:46:01.0905 6800 McAfee SiteAdvisor Service - ok
07:46:02.0061 6800 [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
07:46:02.0077 6800 McComponentHostService - ok
07:46:02.0108 6800 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:46:02.0155 6800 Mcx2Svc - ok
07:46:02.0186 6800 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
07:46:02.0202 6800 megasas - ok
07:46:02.0249 6800 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:46:02.0295 6800 MegaSR - ok
07:46:02.0311 6800 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:46:02.0327 6800 MEIx64 - ok
07:46:02.0389 6800 Microsoft SharePoint Workspace Audit Service - ok
07:46:02.0451 6800 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:46:02.0545 6800 MMCSS - ok
07:46:02.0623 6800 [ 5289F0F94D6FE072D3DC72EA17DF57E9 ] mod7700 C:\Windows\system32\Drivers\dvb7700all.sys
07:46:02.0779 6800 mod7700 ( UnsignedFile.Multi.Generic ) - warningf
07:46:02.0779 6800 mod7700 - detected UnsignedFile.Multi.Generic (1)
07:46:02.0810 6800 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:46:02.0904 6800 Modem - ok
07:46:02.0951 6800 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:46:03.0013 6800 monitor - ok
07:46:03.0060 6800 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:46:03.0091 6800 mouclass - ok
07:46:03.0138 6800 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:46:03.0185 6800 mouhid - ok
07:46:03.0216 6800 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:46:03.0231 6800 mountmgr - ok
07:46:03.0372 6800 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:46:03.0403 6800 MozillaMaintenance - ok
07:46:03.0450 6800 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:46:03.0497 6800 mpio - ok
07:46:03.0512 6800 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:46:03.0559 6800 mpsdrv - ok
07:46:03.0606 6800 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:46:03.0699 6800 MpsSvc - ok
07:46:03.0731 6800 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:46:03.0762 6800 MRxDAV - ok
07:46:03.0793 6800 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:46:03.0855 6800 mrxsmb - ok
07:46:03.0871 6800 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:46:03.0902 6800 mrxsmb10 - ok
07:46:03.0918 6800 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:46:03.0933 6800 mrxsmb20 - ok
07:46:03.0949 6800 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:46:03.0965 6800 msahci - ok
07:46:04.0011 6800 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:46:04.0043 6800 msdsm - ok
07:46:04.0058 6800 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:46:04.0074 6800 MSDTC - ok
07:46:04.0074 6800 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:46:04.0136 6800 Msfs - ok
07:46:04.0230 6800 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:46:04.0277 6800 mshidkmdf - ok
07:46:04.0308 6800 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:46:04.0308 6800 msisadrv - ok
07:46:04.0339 6800 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:46:04.0401 6800 MSiSCSI - ok
07:46:04.0417 6800 msiserver - ok
07:46:04.0542 6800 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:46:04.0760 6800 MSKSSRV - ok
07:46:04.0838 6800 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:46:04.0916 6800 MSPCLOCK - ok
07:46:04.0963 6800 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:46:05.0025 6800 MSPQM - ok
07:46:05.0072 6800 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:46:05.0119 6800 MsRPC - ok
07:46:05.0150 6800 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:46:05.0166 6800 mssmbios - ok
07:46:05.0306 6800 MSSQL$SQLEXPRESS - ok
07:46:05.0369 6800 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:46:05.0415 6800 MSSQLServerADHelper - ok
07:46:05.0478 6800 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:46:05.0556 6800 MSTEE - ok
07:46:05.0571 6800 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:46:05.0634 6800 MTConfig - ok
07:46:05.0681 6800 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:46:05.0712 6800 Mup - ok
07:46:05.0774 6800 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
07:46:05.0790 6800 mwlPSDFilter - ok
07:46:05.0805 6800 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
07:46:05.0805 6800 mwlPSDNServ - ok
07:46:05.0821 6800 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
07:46:05.0852 6800 mwlPSDVDisk - ok
07:46:05.0883 6800 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:46:05.0946 6800 napagent - ok
07:46:06.0008 6800 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:46:06.0071 6800 NativeWifiP - ok
07:46:06.0164 6800 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:46:06.0227 6800 NDIS - ok
07:46:06.0258 6800 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:46:06.0289 6800 NdisCap - ok
07:46:06.0320 6800 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:46:06.0351 6800 NdisTapi - ok
07:46:06.0367 6800 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:46:06.0429 6800 Ndisuio - ok
07:46:06.0445 6800 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:46:06.0507 6800 NdisWan - ok
07:46:06.0554 6800 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:46:06.0648 6800 NDProxy - ok
07:46:06.0710 6800 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:46:06.0757 6800 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:46:06.0757 6800 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:46:06.0788 6800 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:46:06.0882 6800 NetBIOS - ok
07:46:06.0913 6800 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:46:06.0960 6800 NetBT - ok
07:46:06.0991 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe
07:46:07.0007 6800 Netlogon - ok
07:46:07.0038 6800 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:46:07.0116 6800 Netman - ok
07:46:07.0225 6800 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:46:07.0319 6800 NetMsmqActivator - ok
07:46:07.0350 6800 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:46:07.0365 6800 NetPipeActivator - ok
07:46:07.0381 6800 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:46:07.0459 6800 netprofm - ok
07:46:07.0506 6800 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:46:07.0521 6800 NetTcpActivator - ok
07:46:07.0537 6800 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:46:07.0537 6800 NetTcpPortSharing - ok
07:46:07.0599 6800 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:46:07.0631 6800 nfrd960 - ok
07:46:07.0677 6800 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:46:07.0724 6800 NlaSvc - ok
07:46:07.0771 6800 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:46:07.0849 6800 Npfs - ok
07:46:07.0880 6800 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:46:07.0927 6800 nsi - ok
07:46:07.0943 6800 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:46:07.0989 6800 nsiproxy - ok
07:46:08.0067 6800 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:46:08.0161 6800 Ntfs - ok
07:46:08.0208 6800 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
07:46:08.0239 6800 NTI IScheduleSvc - ok
07:46:08.0255 6800 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
07:46:08.0270 6800 NTIDrvr - ok
07:46:08.0286 6800 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:46:08.0348 6800 Null - ok
07:46:08.0723 6800 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:46:09.0113 6800 nvlddmkm - ok
07:46:09.0128 6800 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
07:46:09.0144 6800 nvpciflt - ok
07:46:09.0206 6800 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:46:09.0222 6800 nvraid - ok
07:46:09.0284 6800 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:46:09.0331 6800 nvstor - ok
07:46:09.0409 6800 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
07:46:09.0471 6800 NVSvc - ok
07:46:09.0596 6800 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:46:09.0674 6800 nvUpdatusService - ok
07:46:09.0705 6800 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:46:09.0721 6800 nv_agp - ok
07:46:09.0752 6800 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:46:09.0752 6800 ohci1394 - ok
07:46:09.0846 6800 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:46:09.0877 6800 ose64 - ok
07:46:10.0111 6800 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:46:10.0298 6800 osppsvc - ok
07:46:10.0329 6800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:46:10.0392 6800 p2pimsvc - ok
07:46:10.0408 6800 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:46:10.0423 6800 p2psvc - ok
07:46:10.0454 6800 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
07:46:10.0454 6800 Parport - ok
07:46:10.0517 6800 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:46:10.0548 6800 partmgr - ok
07:46:10.0564 6800 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:46:10.0595 6800 PcaSvc - ok
07:46:10.0595 6800 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:46:10.0626 6800 pci - ok
07:46:10.0642 6800 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:46:10.0657 6800 pciide - ok
07:46:10.0673 6800 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:46:10.0688 6800 pcmcia - ok
07:46:10.0720 6800 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:46:10.0735 6800 pcw - ok
07:46:10.0751 6800 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:46:10.0813 6800 PEAUTH - ok
07:46:10.0922 6800 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:46:10.0985 6800 PerfHost - ok
07:46:11.0063 6800 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:46:11.0203 6800 pla - ok
07:46:11.0266 6800 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:46:11.0359 6800 PlugPlay - ok
07:46:11.0453 6800 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:46:11.0484 6800 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:46:11.0484 6800 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:46:11.0515 6800 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:46:11.0578 6800 PNRPAutoReg - ok
07:46:11.0609 6800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:46:11.0624 6800 PNRPsvc - ok
07:46:11.0656 6800 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:46:11.0734 6800 PolicyAgent - ok
07:46:11.0765 6800 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:46:11.0812 6800 Power - ok
07:46:11.0858 6800 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:46:11.0936 6800 PptpMiniport - ok
07:46:11.0968 6800 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
07:46:11.0999 6800 Processor - ok
07:46:12.0046 6800 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:46:12.0092 6800 ProfSvc - ok
07:46:12.0124 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
07:46:12.0139 6800 ProtectedStorage - ok
07:46:12.0186 6800 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:46:12.0264 6800 Psched - ok
07:46:12.0326 6800 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:46:12.0420 6800 ql2300 - ok
07:46:12.0451 6800 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:46:12.0467 6800 ql40xx - ok
07:46:12.0498 6800 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:46:12.0529 6800 QWAVE - ok
07:46:12.0529 6800 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:46:12.0576 6800 QWAVEdrv - ok
07:46:12.0607 6800 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:46:12.0685 6800 RasAcd - ok
07:46:12.0732 6800 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:46:12.0779 6800 RasAgileVpn - ok
07:46:12.0810 6800 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:46:12.0857 6800 RasAuto - ok
07:46:12.0888 6800 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:46:12.0950 6800 Rasl2tp - ok
07:46:12.0982 6800 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:46:13.0075 6800 RasMan - ok
07:46:13.0091 6800 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:46:13.0138 6800 RasPppoe - ok
07:46:13.0153 6800 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:46:13.0231 6800 RasSstp - ok
07:46:13.0262 6800 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:46:13.0340 6800 rdbss - ok
07:46:13.0356 6800 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:46:13.0418 6800 rdpbus - ok
07:46:13.0450 6800 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:46:13.0481 6800 RDPCDD - ok
07:46:13.0496 6800 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:46:13.0528 6800 RDPENCDD - ok
07:46:13.0543 6800 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:46:13.0606 6800 RDPREFMP - ok
07:46:13.0684 6800 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:46:13.0746 6800 RdpVideoMiniport - ok
07:46:13.0808 6800 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:46:13.0871 6800 RDPWD - ok
07:46:13.0918 6800 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:46:13.0949 6800 rdyboost - ok
07:46:13.0980 6800 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:46:14.0058 6800 RemoteAccess - ok
07:46:14.0105 6800 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:46:14.0183 6800 RemoteRegistry - ok
07:46:14.0198 6800 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:46:14.0276 6800 RpcEptMapper - ok
07:46:14.0308 6800 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:46:14.0354 6800 RpcLocator - ok
07:46:14.0386 6800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:46:14.0432 6800 RpcSs - ok
07:46:14.0448 6800 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:46:14.0542 6800 rspndr - ok
07:46:14.0557 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe
07:46:14.0573 6800 SamSs - ok
07:46:14.0588 6800 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:46:14.0604 6800 sbp2port - ok
07:46:14.0651 6800 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:46:14.0729 6800 SCardSvr - ok
07:46:14.0744 6800 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:46:14.0791 6800 scfilter - ok
07:46:14.0838 6800 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:46:14.0916 6800 Schedule - ok
07:46:14.0947 6800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:46:14.0978 6800 SCPolicySvc - ok
07:46:14.0994 6800 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
07:46:15.0025 6800 sdbus - ok
07:46:15.0072 6800 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:46:15.0134 6800 SDRSVC - ok
07:46:15.0166 6800 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:46:15.0259 6800 secdrv - ok
07:46:15.0275 6800 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:46:15.0322 6800 seclogon - ok
07:46:15.0353 6800 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
07:46:15.0415 6800 SENS - ok
07:46:15.0462 6800 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:46:15.0556 6800 SensrSvc - ok
07:46:15.0571 6800 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
07:46:15.0618 6800 Serenum - ok
07:46:15.0649 6800 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
07:46:15.0696 6800 Serial - ok
07:46:15.0743 6800 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:46:15.0805 6800 sermouse - ok
07:46:15.0836 6800 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:46:15.0883 6800 SessionEnv - ok
07:46:15.0930 6800 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:46:15.0992 6800 sffdisk - ok
07:46:15.0992 6800 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:46:16.0024 6800 sffp_mmc - ok
07:46:16.0024 6800 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:46:16.0055 6800 sffp_sd - ok
07:46:16.0055 6800 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:46:16.0070 6800 sfloppy - ok
07:46:16.0133 6800 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:46:16.0195 6800 SharedAccess - ok
07:46:16.0242 6800 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:46:16.0336 6800 ShellHWDetection - ok
07:46:16.0382 6800 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:46:16.0429 6800 SiSRaid2 - ok
07:46:16.0445 6800 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:46:16.0460 6800 SiSRaid4 - ok
07:46:16.0570 6800 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
07:46:16.0679 6800 SkypeUpdate - ok
07:46:16.0710 6800 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:46:16.0741 6800 Smb - ok
07:46:16.0788 6800 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:46:16.0835 6800 SNMPTRAP - ok
07:46:16.0897 6800 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:46:16.0928 6800 spldr - ok
07:46:16.0991 6800 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:46:17.0038 6800 Spooler - ok
07:46:17.0147 6800 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:46:17.0334 6800 sppsvc - ok
07:46:17.0350 6800 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:46:17.0381 6800 sppuinotify - ok
07:46:17.0490 6800 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:46:17.0521 6800 SQLBrowser - ok
07:46:17.0552 6800 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:46:17.0568 6800 SQLWriter - ok
07:46:17.0599 6800 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:46:17.0677 6800 srv - ok
07:46:17.0708 6800 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:46:17.0771 6800 srv2 - ok
07:46:17.0802 6800 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:46:17.0833 6800 srvnet - ok
07:46:17.0880 6800 [ 52D6F40B50ECFC051979FEC68E74F0F8 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
07:46:17.0896 6800 ssadbus - ok
07:46:17.0927 6800 [ D6CFD3B2EABCF9327DE39C62BABFA1E3 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
07:46:17.0942 6800 ssadmdfl - ok
07:46:17.0958 6800 [ 5EB01E6148742C3EC2185AC92F6D16FD ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
07:46:17.0989 6800 ssadmdm - ok
07:46:18.0020 6800 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:46:18.0098 6800 SSDPSRV - ok
07:46:18.0098 6800 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:46:18.0130 6800 SstpSvc - ok
07:46:18.0176 6800 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
07:46:18.0192 6800 ssudmdm - ok
07:46:18.0223 6800 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
07:46:18.0239 6800 ss_bbus - ok
07:46:18.0286 6800 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
07:46:18.0317 6800 ss_bmdfl - ok
07:46:18.0332 6800 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
07:46:18.0364 6800 ss_bmdm - ok
07:46:18.0395 6800 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:46:18.0410 6800 stexstor - ok
07:46:18.0442 6800 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\drivers\serscan.sys
07:46:18.0504 6800 StillCam - ok
07:46:18.0582 6800 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:46:18.0691 6800 stisvc - ok
07:46:18.0738 6800 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:46:18.0754 6800 swenum - ok
07:46:18.0941 6800 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:46:18.0988 6800 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
07:46:18.0988 6800 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
07:46:19.0034 6800 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:46:19.0159 6800 swprv - ok
07:46:19.0206 6800 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:46:19.0315 6800 SysMain - ok
07:46:19.0331 6800 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:46:19.0346 6800 TabletInputService - ok
07:46:19.0362 6800 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:46:19.0393 6800 TapiSrv - ok
07:46:19.0409 6800 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:46:19.0440 6800 TBS - ok
07:46:19.0534 6800 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:46:19.0705 6800 Tcpip - ok
07:46:19.0783 6800 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:46:19.0830 6800 TCPIP6 - ok
07:46:19.0892 6800 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:46:19.0939 6800 tcpipreg - ok
07:46:19.0955 6800 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:46:20.0017 6800 TDPIPE - ok
07:46:20.0064 6800 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:46:20.0111 6800 TDTCP - ok
07:46:20.0126 6800 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:46:20.0173 6800 tdx - ok
07:46:20.0204 6800 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:46:20.0220 6800 TermDD - ok
07:46:20.0267 6800 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:46:20.0345 6800 TermService - ok
07:46:20.0360 6800 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:46:20.0376 6800 Themes - ok
07:46:20.0407 6800 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:46:20.0470 6800 THREADORDER - ok
07:46:20.0470 6800 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:46:20.0516 6800 TrkWks - ok
07:46:20.0594 6800 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:46:20.0641 6800 TrustedInstaller - ok
07:46:20.0704 6800 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:46:20.0782 6800 tssecsrv - ok
07:46:20.0844 6800 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:46:20.0906 6800 TsUsbFlt - ok
07:46:20.0969 6800 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:46:21.0031 6800 TsUsbGD - ok
07:46:21.0078 6800 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:46:21.0140 6800 tunnel - ok
07:46:21.0187 6800 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
07:46:21.0203 6800 TurboB - ok
07:46:21.0250 6800 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
07:46:21.0281 6800 TurboBoost - ok
07:46:21.0296 6800 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:46:21.0312 6800 uagp35 - ok
07:46:21.0328 6800 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
07:46:21.0359 6800 UBHelper - ok
07:46:21.0374 6800 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:46:21.0437 6800 udfs - ok
07:46:21.0484 6800 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:46:21.0499 6800 UI0Detect - ok
07:46:21.0530 6800 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:46:21.0562 6800 uliagpkx - ok
07:46:21.0577 6800 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:46:21.0624 6800 umbus - ok
07:46:21.0671 6800 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:46:21.0702 6800 UmPass - ok
07:46:21.0874 6800 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:46:21.0967 6800 UNS - ok
07:46:22.0014 6800 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:46:22.0123 6800 upnphost - ok
07:46:22.0139 6800 [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:46:22.0186 6800 usbccgp - ok
07:46:22.0217 6800 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:46:22.0295 6800 usbcir - ok
07:46:22.0326 6800 [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:46:22.0342 6800 usbehci - ok
07:46:22.0373 6800 [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:46:22.0435 6800 usbhub - ok
07:46:22.0466 6800 [ 9406D801042FAF859CF81B2C886413DC ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:46:22.0482 6800 usbohci - ok
07:46:22.0513 6800 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:46:22.0576 6800 usbprint - ok
07:46:22.0622 6800 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\drivers\usbscan.sys
07:46:22.0654 6800 usbscan - ok
07:46:22.0732 6800 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:46:22.0810 6800 USBSTOR - ok
07:46:22.0841 6800 [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:46:22.0856 6800 usbuhci - ok
07:46:22.0888 6800 [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:46:22.0934 6800 usbvideo - ok
07:46:22.0950 6800 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:46:22.0997 6800 UxSms - ok
07:46:23.0028 6800 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe
07:46:23.0044 6800 VaultSvc - ok
07:46:23.0075 6800 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:46:23.0106 6800 vdrvroot - ok
07:46:23.0137 6800 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:46:23.0215 6800 vds - ok
07:46:23.0246 6800 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:46:23.0293 6800 vga - ok
07:46:23.0309 6800 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:46:23.0371 6800 VgaSave - ok
07:46:23.0402 6800 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:46:23.0434 6800 vhdmp - ok
07:46:23.0465 6800 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:46:23.0496 6800 viaide - ok
07:46:23.0527 6800 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:46:23.0558 6800 volmgr - ok
07:46:23.0574 6800 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:46:23.0590 6800 volmgrx - ok
07:46:23.0605 6800 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:46:23.0636 6800 volsnap - ok
07:46:23.0652 6800 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:46:23.0668 6800 vsmraid - ok
07:46:23.0746 6800 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:46:23.0902 6800 VSS - ok
07:46:23.0933 6800 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:46:23.0995 6800 vwifibus - ok
07:46:24.0026 6800 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:46:24.0073 6800 vwififlt - ok
07:46:24.0104 6800 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
07:46:24.0120 6800 vwifimp - ok
07:46:24.0167 6800 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:46:24.0229 6800 W32Time - ok
07:46:24.0260 6800 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:46:24.0292 6800 WacomPen - ok
07:46:24.0323 6800 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:46:24.0370 6800 WANARP - ok
07:46:24.0385 6800 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:46:24.0416 6800 Wanarpv6 - ok
07:46:24.0494 6800 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:46:24.0635 6800 wbengine - ok
07:46:24.0666 6800 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:46:24.0697 6800 WbioSrvc - ok
07:46:24.0728 6800 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:46:24.0775 6800 wcncsvc - ok
07:46:24.0806 6800 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:46:24.0884 6800 WcsPlugInService - ok
07:46:24.0916 6800 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
07:46:24.0947 6800 Wd - ok
07:46:24.0978 6800 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:46:25.0056 6800 Wdf01000 - ok
07:46:25.0087 6800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:46:25.0243 6800 WdiServiceHost - ok
07:46:25.0259 6800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:46:25.0274 6800 WdiSystemHost - ok
07:46:25.0306 6800 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
07:46:25.0321 6800 WebClient - ok
07:46:25.0337 6800 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:46:25.0399 6800 Wecsvc - ok
07:46:25.0430 6800 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:46:25.0446 6800 wercplsupport - ok
07:46:25.0477 6800 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:46:25.0524 6800 WerSvc - ok
07:46:25.0555 6800 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:46:25.0602 6800 WfpLwf - ok
07:46:25.0618 6800 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:46:25.0633 6800 WIMMount - ok
07:46:25.0649 6800 WinDefend - ok
07:46:25.0664 6800 WinHttpAutoProxySvc - ok
07:46:25.0742 6800 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:46:25.0805 6800 Winmgmt - ok
07:46:25.0867 6800 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:46:25.0976 6800 WinRM - ok
07:46:26.0054 6800 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:46:26.0101 6800 WinUsb - ok
07:46:26.0117 6800 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:46:26.0210 6800 Wlansvc - ok
07:46:26.0273 6800 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:46:26.0288 6800 wlcrasvc - ok
07:46:26.0398 6800 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:46:26.0507 6800 wlidsvc - ok
07:46:26.0538 6800 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:46:26.0585 6800 WmiAcpi - ok
07:46:26.0616 6800 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:46:26.0647 6800 wmiApSrv - ok
07:46:26.0678 6800 WMPNetworkSvc - ok
07:46:26.0710 6800 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:46:26.0788 6800 WPCSvc - ok
07:46:26.0803 6800 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:46:26.0819 6800 WPDBusEnum - ok
07:46:26.0850 6800 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:46:26.0928 6800 ws2ifsl - ok
07:46:26.0959 6800 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
07:46:27.0006 6800 wscsvc - ok
07:46:27.0006 6800 WSearch - ok
07:46:27.0115 6800 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:46:27.0240 6800 wuauserv - ok
07:46:27.0287 6800 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:46:27.0380 6800 WudfPf - ok
07:46:27.0412 6800 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:46:27.0474 6800 WUDFRd - ok
07:46:27.0505 6800 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:46:27.0552 6800 wudfsvc - ok
07:46:27.0614 6800 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:46:27.0724 6800 WwanSvc - ok
07:46:27.0739 6800 ================ Scan global ===============================
07:46:27.0770 6800 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:46:27.0786 6800 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
07:46:27.0802 6800 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
07:46:27.0833 6800 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:46:27.0848 6800 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:46:27.0864 6800 [Global] - ok
07:46:27.0864 6800 ================ Scan MBR ==================================
07:46:27.0880 6800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:46:28.0316 6800 \Device\Harddisk0\DR0 - ok
07:46:28.0316 6800 ================ Scan VBR ==================================
07:46:28.0316 6800 [ 90CDC8B2CF06CD04525E537B3B346840 ] \Device\Harddisk0\DR0\Partition1
07:46:28.0316 6800 \Device\Harddisk0\DR0\Partition1 - ok
07:46:28.0363 6800 [ 801B94022DA07D6F0CE74C6533548B50 ] \Device\Harddisk0\DR0\Partition2
07:46:28.0363 6800 \Device\Harddisk0\DR0\Partition2 - ok
07:46:28.0363 6800 ============================================================
07:46:28.0363 6800 Scan finished
07:46:28.0363 6800 ============================================================
07:46:28.0379 3128 Detected object count: 8
07:46:28.0379 3128 Actual detected object count: 8
08:01:17.0658 3128 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0658 3128 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0658 3128 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0658 3128 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0674 3128 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0674 3128 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0674 3128 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0674 3128 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0674 3128 mod7700 ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0674 3128 mod7700 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0674 3128 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0674 3128 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0674 3128 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0674 3128 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:17.0689 3128 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
08:01:17.0689 3128 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:01:21.0012 5376 Deinitialize success
|
|
15.11.2013, 10:24
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Ich seh da nichts.... Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2013, 11:29
| #29 |
| | Windows 7: Facebook.vbs auf Rechner und USB-Stick Das Programm ist leider abgestürzt und wurde beendet. |
|
15.11.2013, 11:34
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Facebook.vbs auf Rechner und USB-Stick Versuch es im abgesicherten Modus mit Netzwerktreibern mal zu starten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7: Facebook.vbs auf Rechner und USB-Stick |
| adblock, akamai, antivir, antivirus, avira, avira searchfree toolbar, cid, defender, desktop, excel, farbar, farbar recovery scan tool, fehler, firefox, flash player, home, homepage, launch, mozilla, msiexec.exe, performance, plug-in, prozess, realtek, registry, security, server, services.exe, siteadvisor, software, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
