| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojWare.JS.Agent.IL in AdAware eingenistet?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2013, 19:36
| #1 |
| |  TrojWare.JS.Agent.IL in AdAware eingenistet? Hallo, ich habe mir evtl. o.g. Schädling eingefangen, der sich anscheinend in AdAware eingenistet hat. Über welchen Weg ich ihn bekommen habe, weiss ich nicht, aber außer Surfen fällt mir nichts ein. Hatte zwar auch noch ein Torrent-Programm installiert, aber seit einiger Zeit nicht genutzt (habe es jetzt auch deinstalliert, da ich es nicht mehr brauche). Beim normalen Nutzen des PCs wird die Malware regelmäßig neu gefunden und in die Quarantäne verschoben, aber beim kompletten Scan taucht er in starker Zahl wieder auf. (Comodo Internet Security Premium). "AdAware Free Antivirus" findet den Trojaner gar nicht. Bei Comodo heißt die Malware stets "TrojWare.JS.Agent.IL@296967884", aber wird in Dateien mit solchen Dateinamen gefunden: C:\Users\Frank\AppData\Local\adaware\data\130425171830-f.list C:\Users\Frank\AppData\Local\adaware\data\130425154609-f.list C:\Users\Frank\AppData\Local\adaware\data\130425151520-f.list (aber auch schon in C:\Users\Frank\AppData\Local\adaware\data\temp.zip oder in den Temporary Internet Files) Die Frage ist jetzt natürlich, ob sich da ein Programm bei AdAware eingenistet hat oder ob das nur ein Fehlalarm von Comodo ist! Habe über Google leider keine Hinweise gefunden, dass jemand solch ein Problem schonmal hatte. Mein erster Gedanke ist natürlich einfach AdAware zu deinstallieren, aber wollte da jetzt erst eine Expertenmeinung hören. Habe die geforderten Programme runtergeladen und Tests ausgeführt. Folgend die Ergebnisse: OTL.txt Code:
ATTFilter OTL logfile created on: 25.04.2013 18:18:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,44% Memory free 7,87 Gb Paging File | 6,17 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,72 Gb Total Space | 20,77 Gb Free Space | 31,60% Space Free | Partition Type: NTFS Drive D: | 400,04 Gb Total Space | 119,48 Gb Free Space | 29,87% Space Free | Partition Type: NTFS Drive F: | 488,28 Gb Total Space | 318,49 Gb Free Space | 65,23% Space Free | Partition Type: NTFS Drive G: | 443,23 Gb Total Space | 376,17 Gb Free Space | 84,87% Space Free | Partition Type: NTFS Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.25 18:06:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2013.02.01 13:00:34 | 000,903,712 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe ========== Modules (No Company Name) ========== MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - [2013.04.03 12:50:29 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.08 01:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.08 01:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011.12.19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (SbHips) DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.08.13 14:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.04.18 22:57:00 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{FEFBE52C-63DB-4926-9BA7-73792F09AFE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AF 85 A5 B5 3E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92&q={searchTerms} IE - HKCU\..\SearchScopes\{FEFBE52C-63DB-4926-9BA7-73792F09AFE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Privitize VPN" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92" FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9 FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: autoproxy@gaixixon:0.1 FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "50.22.88.80" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1www.sportstreams.eu," FF - prefs.js..network.proxy.socks: " " FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "129.10.120.194" FF - prefs.js..network.proxy.ssl_port: 3124 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaultenginename: "Privitize VPN" FF - prefs.js..browser.search.defaultengine: "Privitize VPN" FF - prefs.js..browser.search.order.1: "Privitize VPN" FF - prefs.js..keyword.URL: "hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.30 22:29:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 12:50:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 12:50:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.31 00:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2012.07.14 11:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions [2012.05.31 00:44:56 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.05.31 00:44:56 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2012.05.31 00:44:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.31 00:44:53 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.05.31 00:44:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\ich@maltegoetz.de [2012.07.14 11:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\cnyiga8c.default\extensions\staged [2012.08.19 22:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\znnduw6f.default\extensions [2012.08.19 22:22:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\znnduw6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.15 13:24:24 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.31 00:15:50 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.07.14 11:30:31 | 000,743,290 | ---- | M] () (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.01.03 13:51:36 | 000,002,036 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\alle-preise---guenstigerde.xml [2008.04.20 11:50:14 | 000,001,504 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\imdb.xml [2009.12.12 11:25:16 | 000,001,699 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\metager.xml [2012.12.03 18:41:06 | 000,002,029 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\Searchab.xml [2008.04.20 11:49:12 | 000,001,032 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\wikipedia-eng.xml [2010.01.30 20:54:14 | 000,001,720 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\cnyiga8c.default\searchplugins\youtube-videosuche.xml [2012.05.30 22:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://searchab.com/?aff=7&uid=73a74663-0554-11e2-9f86-00140b4f5e92 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Frank\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\ CHR - Extension: Media Hint = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\ CHR - Extension: YouTube = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Chrome YouTube Downloader = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0\ CHR - Extension: Google-Suche = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Flash Video Downloader = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh\2.3.5_0\ CHR - Extension: Print Friendly & PDF = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0\ CHR - Extension: Google Mail = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB7CCAD-C5BB-4F8F-86C4-73FC0AF0ECFE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A395D61-EAB7-4E22-B1B7-3AD99A8EE19B}: DhcpNameServer = 192.168.0.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\DSA [2013.04.09 18:55:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\Heldenverwaltung [2013.04.09 18:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2013.04.09 18:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heldenverwaltung [2013.04.09 18:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heldenverwaltung [2013.04.03 12:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.04.25 18:16:19 | 000,000,000 | ---- | M] () -- C:\Users\Frank\defogger_reenable [2013.04.25 18:11:42 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job [2013.04.25 13:17:17 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2013.04.25 09:45:07 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 09:45:07 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 09:38:36 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.25 09:37:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.25 09:37:12 | 3168,387,072 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 09:19:36 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job [2013.04.25 09:16:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.25 09:16:29 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.25 09:16:29 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.25 09:16:29 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.25 09:16:29 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.22 09:06:01 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.04.25 18:16:19 | 000,000,000 | ---- | C] () -- C:\Users\Frank\defogger_reenable [2012.12.07 12:55:32 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.15 19:06:00 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.08.11 16:12:31 | 000,004,608 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.21 08:18:27 | 000,619,611 | ---- | C] () -- C:\Users\Frank\gutschein AL.odg [2012.06.07 13:27:33 | 000,182,936 | ---- | C] () -- C:\Windows\hpoins52.dat [2012.06.07 13:27:33 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat [2012.05.31 00:10:31 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.05.31 00:10:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.05.31 00:10:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.31 00:10:29 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.05.28 15:35:24 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.05.28 15:35:19 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2012.05.28 15:35:19 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.05.28 15:35:16 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.18 01:30:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\aacs [2012.09.22 17:34:50 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ad-Aware Antivirus [2013.04.23 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\avidemux [2012.08.12 11:23:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Canneverbe Limited [2013.01.10 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox [2012.11.14 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2012.08.19 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.13 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FileZilla [2012.06.22 07:01:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Foxit Software [2012.09.25 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Helios [2012.05.31 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView [2013.02.19 13:30:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Jumping Bytes [2013.04.17 09:22:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mp3tag [2012.05.31 00:44:56 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org [2013.01.16 02:00:28 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PDF reDirect [2013.01.16 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\pdfforge [2012.12.25 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ProtectDISC [2012.05.31 00:44:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird [2012.10.30 04:21:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tipard Studio [2012.11.15 19:06:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Tobit [2013.04.25 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 18:18:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,44% Memory free
7,87 Gb Paging File | 6,17 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,72 Gb Total Space | 20,77 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 400,04 Gb Total Space | 119,48 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 318,49 Gb Free Space | 65,23% Space Free | Partition Type: NTFS
Drive G: | 443,23 Gb Total Space | 376,17 Gb Free Space | 84,87% Space Free | Partition Type: NTFS
Computer Name: FRANK-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04288D56-2926-4EC7-B31E-91354349A8CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{22EB20FD-0E8F-4ADD-ABA1-3FCCA3E2C54C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2397D942-D3C1-40A5-83BD-4E26D48F0D87}" = rport=138 | protocol=17 | dir=out | app=system |
"{276332E4-DEEC-4C5D-9ACE-175564C4888E}" = lport=445 | protocol=6 | dir=in | app=system |
"{315E3352-9857-4021-869D-560709B229FE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{321828EB-3507-4C1F-978E-322E73F9EC37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{484E16DF-F845-446E-98F8-CB20398D3CA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B823A7F-5C0C-401D-A6DF-45399BE574EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{53C258AE-F5FD-404C-9D4A-F7EA75640F38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{667637C4-59B0-4C31-B525-3413CA11A732}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A36EE98-B275-4E96-BBC1-14DAC7D54EAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A5C08AF-53D4-4FCC-AC5B-12B92269D37F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{811234D1-9F54-4CB7-8BFC-F4677E9B1866}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A278523-C97A-478A-8A47-F9D1C8F2883E}" = rport=445 | protocol=6 | dir=out | app=system |
"{95061ACE-C3D0-40C5-9568-D8F99EDFE9D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE3F877C-79E7-4ED3-865D-F6CF6CFE4732}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B865E3F3-45B1-42C0-A5D7-0BCE3911FBFA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA0D77F5-7E60-44A0-8EA3-2A025CCE1341}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDA09BE6-3ED9-42E4-B3E9-4D60C1F5B493}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEDA8A94-C4D5-43A3-A6F3-FA3A9EE827B4}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC58E8D1-A9A1-41B0-BFEE-10E74CE4E3CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E588CC75-F041-414B-95C0-5A7CA126A49A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{EB96CEC4-C1B9-469A-98CA-ABA7FBC9BE17}" = lport=138 | protocol=17 | dir=in | app=system |
"{F00944A0-70CF-4AB9-A514-144EC4364C10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3855546-F21C-4DF0-B778-4CB6F68CA271}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EC0D31B-0914-4C11-8481-5D551A446BEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1447AE84-0015-40D9-B060-98AFC456F007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15A45B97-831C-4CEE-BDE6-BFF4F7D0BF3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16606B72-EF05-4362-BEF5-B960BFB6E2D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16F2AF85-9ED2-4447-9EAB-588A08DCEA02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1947EB47-18B8-499B-BFCE-38F0531C0774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2202B289-80D3-4859-A391-C4751DAB6D0B}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{26E2DB5A-CAF0-49EF-B6DC-E7B1C6746F28}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A5CC726-D4C9-4FB7-9610-90B7209C48F9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30489E78-5F45-4FC3-B045-5B48254BE6A2}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{35B607D7-1438-42B9-8331-F7767F6F4EDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3813C4F1-60A5-4EC1-A5A2-A3CCF1A54AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C3826B6-B16F-4A90-9A00-819663C4CDDA}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{3F4DE65F-7E1B-4051-BAA3-5F41EC84C845}" = protocol=6 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
"{407CFB43-AB9B-4C43-BBEF-3AC36E55AC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41B64AAB-B383-4B8F-957E-B2B10475A003}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{42A33DBF-AAF0-44C6-BC00-C4BDB4963635}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42B882AF-67C0-42FD-AF30-78FB7F00A2FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E47E3B8-EBB3-4851-A308-968A1D28E620}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{519BE72F-8CE4-4810-B56F-132836518711}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{529EFF65-39F0-4BEA-9F76-AF7D49D9ACAD}" = protocol=17 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
"{80D106D1-916D-4692-8137-D9264454EA58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82795D85-BEA4-4BE8-BEFF-0ADCA3E9E69C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{893B80D7-7244-4099-8F30-175136E01B27}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{8B766E7C-526E-4F75-A403-BC7185991003}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9F7E4431-4641-4220-91AE-6C005203660B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2C0BF4F-4EE1-44AF-B3F2-2A3ED3382AED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B040E63E-24CA-4A3A-B0AA-320C24662D13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B381626D-9EFC-4BF7-AE26-69E2EF62599A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C14A4CA0-FD99-45AC-9998-A42075F7D5A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3714C97-29C3-4AD6-93E9-023D0B836E4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C6C8F3C7-4E61-4CC4-BE21-A9E3ACB532C5}" = protocol=6 | dir=out | app=system |
"{D1C45CC6-CA23-4D2D-A409-CFEAB0840FF1}" = dir=in | app=c:\users\frank\appdata\local\temp\7zs0eee\setup\hpznui40.exe |
"{E1DC8DEF-8130-4D82-82E8-E4E128A5CF88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED41C5C7-64D6-414B-9429-C3A374898477}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{1D8BFC47-CFB5-49F7-B143-A140AC780081}C:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{36DF016C-2127-4535-9190-E87A461CEBEF}C:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\frank\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1195D119-F740-478E-81C0-981BB0658F92}" = PureSync
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{765BF404-2FEE-492B-9E7F-A55143796EF1}" = Geheimakte 3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A68317E2-08D1-40d1-A705-01A2B166A286}_is1" = Tipard MKV Video Converter 6.1.26
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avidemux 2.6 (64-bit)" = Avidemux 2.6
"C1A5C95D-9302-2943-7B988D72298F" = Heldenverwaltung
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.6.0
"Foxit Reader_is1" = Foxit Reader
"Free Studio_is1" = Free Studio version 5.7.7.1031
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.8.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"PDF Blender" = PDF Blender
"PDF reDirect" = PDF reDirect (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PureSync" = PureSync 3.7.2
"Sam and Max - Im Theater Des Teufels" = Sam and Max - Im Theater Des Teufels
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"VLC media player" = VLC media player 2.0.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2013 05:05:24 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
Zeitstempel: 0x510ba012 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73f14f0d ID des fehlerhaften
Prozesses: 0xeb0 Startzeit der fehlerhaften Anwendung: 0x01ce26dc0c3d647f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: a10b5484-92cf-11e2-baf9-00140b4f5e92
Error - 22.03.2013 21:15:43 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
Zeitstempel: 0x510ba012 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73f14f0d ID des fehlerhaften
Prozesses: 0x17a0 Startzeit der fehlerhaften Anwendung: 0x01ce27638403b3b0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 2e69edc6-9357-11e2-baf9-00140b4f5e92
Error - 23.03.2013 21:34:03 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SBAMSvc.exe, Version: 5.0.5116.0,
Zeitstempel: 0x4eef7ad0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xf2c Startzeit der fehlerhaften Anwendung: 0x01ce26dc0e0d90d4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e83c4cd7-9422-11e2-baf9-00140b4f5e92
Error - 26.03.2013 19:29:07 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.03.2013 19:32:20 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
Zeitstempel: 0x510ba012 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73834f0d ID des fehlerhaften
Prozesses: 0xe28 Startzeit der fehlerhaften Anwendung: 0x01ce2a79a1e07eaa Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 66b836fa-966d-11e2-9122-00140b4f5e92
Error - 29.03.2013 06:13:33 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
Zeitstempel: 0x510ba012 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73834f0d ID des fehlerhaften
Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01ce2c65c1dcc77f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 4f24f76f-9859-11e2-9122-00140b4f5e92
Error - 30.03.2013 16:17:07 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2013 03:06:40 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2013 03:15:45 | Computer Name = Frank-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PureSync.exe, Version: 3.7.0.2415,
Zeitstempel: 0x510ba012 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x74984f0d ID des fehlerhaften
Prozesses: 0xf00 Startzeit der fehlerhaften Anwendung: 0x01ce3f282164b123 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PureSync\PureSync.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 72bc7df9-ab1c-11e2-b4b6-00140b4f5e92
Error - 25.04.2013 03:39:04 | Computer Name = Frank-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.04.2013 22:08:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 22:20:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 22:32:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 22:44:52 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 22:56:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 23:08:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 24.04.2013 23:44:53 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 25.04.2013 10:33:02 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 25.04.2013 10:45:03 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 25.04.2013 10:57:03 | Computer Name = Frank-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
< End of report >
Hier die Windows-Nachricht nach dem Neustart: Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 109
BCP1: A3A039D8AAD1266E
BCP2: B3B7465EFD4F6110
BCP3: FFFFF800040E0080
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\042513-27518-01.dmp
C:\Users\Frank\AppData\Local\Temp\WER-46004-0.sysdata.xml
Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407
Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt
Schonmal vielen Dank für eure Mühe. Ich hoffe, euch nicht zu viele Umstände zu machen!  Ciao Frank Geändert von Hennes2000 (25.04.2013 um 19:57 Uhr) |
|
25.04.2013, 22:48
| #2 |
| /// Malwareteam / Visitor  | TrojWare.JS.Agent.IL in AdAware eingenistet? Hallo Frank ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste in deiner nächsten Antwort:
|
|
25.04.2013, 23:59
| #3 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Schonmal vielen Dank für die schnelle Antwort und die weiteren Instruktionen, aber leider kann ich nicht viel vorzeigen...
__________________Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at 0:39:09,27.
Running in: Normal Mode No Internet Access Detected
==== Older Logs ======================
C:\zoek-results26.04.2013-0030.log 267 bytes
zoek.hta failed by unknown error.
Restart computer, and try again.
If this error returns, use another tool.
Dafür zeigt mir seit dem (vor)letzten Neustart nun auch AdAware Bedrohungen an. Um genau zu sein 4 mal die gleiche: "Trojan.Win32.Generic!BT", jeweils in Quarantäne gestellt. Dafür hat Comodo seit heute nachmittag keine neue Bedrohung gemeldet. Auch wenn ich glaube, dass das jetzt nicht zur Freudennachricht taugt...  .Hoffe einfach mal, dass du da noch ne andere Idee hast! Ciao (und gute Nacht) Frank |
|
26.04.2013, 00:07
| #4 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Versuch es noch einmal mit nur diese Optionen angehakt:
Gruß Smeenk |
|
26.04.2013, 01:23
| #5 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Da du schon so lange aufgeblieben bist, um mir zu antworten habe ich das auch gemacht. Habe zwar noch eine Windows-Fehlermeldung bekommen (s. anhängendes Bild), ich konnte jedoch auf "Ausführen" klicken und es lief. Hier das Log: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at 1:35:57,96.
Running in: Normal Mode No Internet Access Detected
==== Older Logs ======================
C:\zoek-results26.04.2013-0030.log 267 bytes
C:\zoek-results26.04.2013-0041.log 357 bytes
C:\zoek-results26.04.2013-0042.log 403 bytes
C:\zoek-results26.04.2013-0116.log 336 bytes
C:\zoek-results26.04.2013-0128.log 382 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2150396499-982110081-1011283770-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default
user.js not found
---- Lines conduit removed from prefs.js ----
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
---- Lines conduit modified from prefs.js ----
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__0151_.backup
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default
user.js not found
---- Lines conduit removed from prefs.js ----
---- Lines conduit modified from prefs.js ----
---- Lines ask.com removed from prefs.js ----
---- Lines ask.com modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__0151_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\searchplugins\Searchab.xml" deleted
"C:\Users\Frank\AppData\Roaming\aacs\KEYDB.cfg" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\atl100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\BrowserHelpersInstaller.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVDVideoSoft.Resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DvsService.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSUpdate.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\mfc100u.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\mfcm100u.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\msvcp100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\msvcr100.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\Newtonsoft.Json.Net20.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PrerequisiteCheck.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tier0-pinv-1.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tier0.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ytgroovlc.exe" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\SubscriptionOffer.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVDVideoSoft.AppFx.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVDVideoSoft.Resources.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\DVSSysReport.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\PrerequisiteCheck.resources.dll" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT\SubscriptionOffer.resources.dll" not deleted
"C:\Users\Frank\AppData\Roaming\aacs" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" not deleted
"C:\Users\Frank\AppData\Roaming\pdfforge" deleted
"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\extensions\staged" deleted
"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default\conduit" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\de-DE" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\el-GR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\es-ES" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\fr-FR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\it-IT" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ja-JP" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\nl-NL" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pl-PL" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-BR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\pt-PT" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\ru-RU" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\tr-TR" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS" not deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\zh-CHT" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Frank\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-04-22 06:49:29 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2013-04-22 06:49:28 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-04-22 06:49:28 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2013-04-22 06:49:28 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-04-22 06:49:27 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-04-22 06:49:26 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-04-22 06:49:24 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-04-22 06:46:18 2E56BA5BC215B2AED2B790D42D8C1739 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-04-22 06:46:16 40169F9AE27BB73F2CB8C7D11A7A2AC2 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-04-22 06:46:15 507183B4FCB535A7A973427D1F367CA8 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-04-22 06:46:11 C720BD3BDE2C9A1BFC4476F6D3A4B64D 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-04-22 06:46:09 FC5BBA40E667D20126D91BD6A790705B 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-22 06:46:09 69EDE878C3891E7796D46B7E552330B1 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-04-22 06:46:07 4E7F83E1F6AEFA38E270EA7353D6911E 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-04-22 06:46:06 CA78BA218B423C7F22B14906308B8B02 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-04-22 06:46:03 9DE04A790F697432871E88BB77EEBCF5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-04-22 06:46:01 C5B6468422DB1C8AA36C32CBB0197E5E 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-04-22 06:46:00 7E6052699CAF18ADEDD846D44ECCE81F 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-04-22 06:46:00 26DB6CB9BC434ABA1169B3051E6AB4F2 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-04-22 06:45:57 9BDDA34DC4890169DE5BA21134B33EFB 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-04-22 06:45:57 4BE468D2EE9CC59CB8F666949CD37CD5 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-04-22 06:45:51 658EBC74BD38D16805648C4775F7FA82 12324352 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-04-22 06:45:47 DFE118C95C6571B87D1923DAB3FA0A77 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-04-22 06:41:26 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\SysWOW64\UIAnimation.dll
2013-04-22 06:41:26 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-22 06:41:20 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll
2013-04-22 06:41:17 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-22 06:41:17 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-22 06:41:17 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-22 06:41:17 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\SysWOW64\d3d10_1.dll
2013-04-22 06:41:17 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-22 06:41:16 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
2013-04-22 06:41:15 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-22 06:41:15 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-22 06:41:15 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-22 06:41:15 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-22 06:41:15 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-22 06:41:15 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-22 06:41:14 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\SysWOW64\d3d10core.dll
2013-04-22 06:41:14 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\SysWOW64\dxgi.dll
2013-04-22 06:41:14 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\SysWOW64\d3d10level9.dll
2013-04-22 06:41:13 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-22 06:41:13 7ACDFB4CC67F4993DF0E0731576309B2 1504768 ----a-w- C:\Windows\SysWOW64\d3d11.dll
2013-04-22 06:41:12 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\SysWOW64\d3d10.dll
2013-04-22 06:41:11 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\SysWOW64\XpsPrint.dll
2013-04-22 06:41:11 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll
2013-04-22 06:41:10 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-22 06:41:09 3BCECD87AB4E6743BFB45B352AD1A529 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-22 06:41:08 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll
2013-04-22 06:38:55 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-04-22 06:38:53 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-04-22 06:38:52 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-22 06:49:34 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-22 06:49:34 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2013-04-22 06:49:33 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2013-04-22 06:49:29 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2013-04-22 06:49:29 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2013-04-22 06:49:29 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2013-04-22 06:49:27 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2013-04-22 06:49:27 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2013-04-22 06:49:27 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2013-04-22 06:49:27 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2013-04-22 06:49:27 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll
2013-04-22 06:49:27 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe
2013-04-22 06:49:26 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\Sysnative\mstsc.exe
2013-04-22 06:49:25 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2013-04-22 06:49:24 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\Sysnative\mstscax.dll
2013-04-22 06:46:18 5281583B59E5FDB6D55E33B0906D0BFC 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-04-22 06:46:17 AC3FF334360EC9E25C9B794DC37399DC 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-04-22 06:46:10 737DF2559F880FEC73AA831C8AC8FC4A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-04-22 06:46:10 15F628A67C9C88502107320E3206982F 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-04-22 06:46:09 566BDBDF479261EA6555B422573BCB95 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-04-22 06:46:06 D3A6792AED4841B4D055C7C80C815BB7 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-04-22 06:46:05 B54C6B8CBF6F556C9930110164EB63E4 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-04-22 06:46:05 2A0AD3BE38087708D03F4A1A80A1C655 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-04-22 06:46:04 12F5FB993723BF607370C9B74EC32BF6 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-04-22 06:46:01 A4F6142CABA82FB7293ECE5FF864B440 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-04-22 06:46:01 A13792C4E26F54181B9E9B5B0C958B22 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-04-22 06:45:59 A072A3C7FD6247F1446D26A6929BDFD7 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-04-22 06:45:59 76D2D5929F5901392703C5F709AC277A 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-04-22 06:45:58 8D4DEA45FCDF9FCFD9E31232A07E6EF9 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-04-22 06:45:50 1154FEFC73880A2EF44295EF0DBDC59F 17817088 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-04-22 06:45:48 652B60C9C4D5391FF0970B9086702E8F 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-04-22 06:41:26 E8EEA503870CB6A6DC4E09A2433DF33E 2776576 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll
2013-04-22 06:41:26 04CB7C8FDC6D9640DD82A527208F72C4 221184 ----a-w- C:\Windows\Sysnative\UIAnimation.dll
2013-04-22 06:41:20 893E8C1E4A1263EDDB1A6922D0E32201 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll
2013-04-22 06:41:17 F5CEF064C7E6D95DA86B9D064A56A969 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-22 06:41:17 F49E92B50CED5C9F1725D3C0329FD933 10752 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-22 06:41:17 AFC3DB5C6EB8CA8017DDB81D6C0AD02A 9728 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-22 06:41:17 9AE80F6A66B30E3ED8CDF858CF28B11B 194560 ----a-w- C:\Windows\Sysnative\d3d10_1.dll
2013-04-22 06:41:17 64A4AB126E24FD3F58EBE64852773DB5 2560 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-22 06:41:16 C498EF41B93986BCBD483597573EB96D 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
2013-04-22 06:41:16 6F623BD09CBB4C3F97374F12976E5EA5 522752 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll
2013-04-22 06:41:15 FB4045578F5180BDB1963AB352B78548 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-22 06:41:15 9108540E866F75C7AF2B91DD921A8091 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-22 06:41:15 9094039A00485F71C4DE64BF51F64C46 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-22 06:41:15 72723D3E4781BADC62C3180C137E7B23 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-22 06:41:15 0E6FBF19D9DFBB77316C23DF91F8A101 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-22 06:41:14 8DFB5752FCE145A6B295093C0A8BE131 363008 ----a-w- C:\Windows\Sysnative\dxgi.dll
2013-04-22 06:41:14 3834316FE8A653227282196525E07DFE 648192 ----a-w- C:\Windows\Sysnative\d3d10level9.dll
2013-04-22 06:41:13 AFB73882AE41E1629A63E6713FE30FB9 296960 ----a-w- C:\Windows\Sysnative\d3d10core.dll
2013-04-22 06:41:13 63F72417CA38D8FC8F53709649B589E3 333312 ----a-w- C:\Windows\Sysnative\d3d10_1core.dll
2013-04-22 06:41:12 B2CA1AC17E78D986B22FD6C2261CD84F 1238528 ----a-w- C:\Windows\Sysnative\d3d10.dll
2013-04-22 06:41:12 448B02AD260EC3E1E892FCE6DFDDEEBD 1887232 ----a-w- C:\Windows\Sysnative\d3d11.dll
2013-04-22 06:41:11 FA428BDBCFAB9DC3D58F0BD2CCD50EA2 1682432 ----a-w- C:\Windows\Sysnative\XpsPrint.dll
2013-04-22 06:41:10 F1C19F0AA151B90A7416FA1D50DDB582 245248 ----a-w- C:\Windows\Sysnative\WindowsCodecsExt.dll
2013-04-22 06:41:10 C4C183E6551084039EC862DA1C945E3D 1175552 ----a-w- C:\Windows\Sysnative\FntCache.dll
2013-04-22 06:41:10 63BB89DED1E9104E68D33E54DE4D340D 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll
2013-04-22 06:41:09 BDDF242A49E7B7DC5CCEC291BCE53ACB 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll
2013-04-22 06:41:09 7E8A672B7B06A6EB11960C22E0360C59 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll
2013-04-22 06:38:56 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-04-22 06:38:54 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2013-04-24 06:26:11 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-22 06:49:31 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys
2013-04-22 06:49:31 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2013-04-22 06:49:31 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2013-04-22 06:38:55 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-04-22 06:38:55 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-04-10 19:26:23 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-04-09 16:55:36 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2013-04-09 16:54:37 -------- d-----w- C:\Program Files (x86)\Heldenverwaltung
2013-04-03 10:50:20 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
======= C: =====
====== C:\Users\Frank\AppData\Roaming ======
====== C:\Users\Frank ======
2013-04-25 16:16:19 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Frank\defogger_reenable
2013-04-09 16:55:46 -------- d-----w- C:\Users\Frank\Heldenverwaltung
2013-04-09 16:55:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heldenverwaltung
====== C: exe-files ==
2013-04-25 16:06:58 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Frank\Desktop\gmer_2.1.19163.exe
2013-04-25 16:06:22 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Frank\Desktop\OTL.exe
2013-04-25 16:00:51 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Frank\Desktop\Defogger.exe
2013-04-22 06:49:34 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-22 06:49:27 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-04-22 06:49:27 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\System32\wksprt.exe
2013-04-22 06:49:26 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2013-04-22 06:49:26 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-04-22 06:46:10 15F628A67C9C88502107320E3206982F 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-22 06:46:09 FC5BBA40E667D20126D91BD6A790705B 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-22 06:46:08 32732CEDE2A1106B736EF3D84054EE04 757376 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-04-22 06:46:08 25B53709A37C3FD814B68EA0A92D18F9 763520 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2013-04-25 23:14:26 AE8F0A61FB3CE83DC847CB0A4134F25B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$I2CQ2E6.zip
2013-04-25 23:13:40 C1F0ED3EE76539543F5270330946EDEA 1263335 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$R2CQ2E6.zip
2013-04-25 22:59:57 5A8B4FE88C1F93573291074AF3433091 2485 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425225709-l[1].zip
2013-04-25 22:59:57 112C06EC6FBA8397B2C41E779B655F3F 164 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425225709-m[1].zip
2013-04-25 22:47:53 CE71B4A48B6A3C9542FA96FE8285FE60 388 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425222622-m[1].zip
2013-04-25 22:47:53 0F22430FBDB80AF0B543D0E49C716024 872 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425222622-l[1].zip
2013-04-25 22:25:32 1105FB88BB113B77E1C6F103C0D4A22C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$I1J44QM.zip
2013-04-25 22:23:26 9443C1028C3782B945070D50C20A7060 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$IE82ENE.zip
2013-04-25 22:16:06 F07D06CF01B3D51952B16CB85EDF7DED 3709324 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$RE82ENE.zip
2013-04-25 22:16:06 C1F0ED3EE76539543F5270330946EDEA 1263335 ----a-w- C:\$Recycle.Bin\S-1-5-21-2150396499-982110081-1011283770-1000\$R1J44QM.zip
2013-04-25 22:14:34 C8F8A8471EBF7846C5F7CFAB3C08B097 558 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425215535-m[1].zip
2013-04-25 22:14:34 AA8BA96AC9E3DE1678CF0DA1BE1B1E0A 2609 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425215535-l[1].zip
2013-04-25 22:14:34 26C28277C4529A05D8A4BDB8521CA2BE 781 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425212449-l[1].zip
2013-04-25 22:14:34 1CC98062264FD45439D5B117DA8157FF 2593 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425212449-m[1].zip
2013-04-25 22:14:33 EA1449775F36FA951B493FB0E57E4E2D 1449 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425202315-l[1].zip
2013-04-25 22:14:33 DAF82CCD83CBA1CF29D44A0C019A843A 935 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425195228-l[1].zip
2013-04-25 22:14:33 A378B76EC19BA933F9B9BEB2F99FBFA8 342 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425195228-m[1].zip
2013-04-25 22:14:33 93923E1C8832657FE8B7D86E8ACA33F6 202 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425205403-m[1].zip
2013-04-25 22:14:33 7022504A971458561EB63EB0D502DE51 3815 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425205403-l[1].zip
2013-04-25 22:14:33 59040F2F531C1976C935E302A93A728F 574 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425202315-m[1].zip
2013-04-25 22:14:33 4CBCCA99116AC0F03569B6C567EB9E57 1106 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425192141-m[1].zip
2013-04-25 22:14:32 B1A146D23BF372D85C076917EC2FE611 1427 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425192141-l[1].zip
2013-04-25 19:00:29 938ABEDC6F4E970863E95A0CA148AB91 572 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425185052-l[1].zip
2013-04-25 19:00:29 13EFB8EB444FC0A571E437FA30BA9547 470 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425185052-m[1].zip
2013-04-25 18:23:48 7C1236B120E8E7BE18766D4857005DF8 493 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425182005-l[1].zip
2013-04-25 18:23:48 40CB773EFC1FCD715006D2483B4B4AF6 825 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425182005-m[1].zip
2013-04-25 17:51:37 554FB3A528122E6481DFC68C13B795D9 254117 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425174919-f[1].zip
2013-04-25 17:43:29 6EE833B390AAB76764C19BC0E15EC74D 254840 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425171830-f[1].zip
2013-04-25 15:50:22 E4C7BEF39BA9101503F5252459DBF13A 252558 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425154609-f[1].zip
2013-04-25 15:50:22 112C06EC6FBA8397B2C41E779B655F3F 164 ----a-w- C:\Users\Frank\AppData\Local\adaware\data\temp.zip
2013-04-25 15:25:49 0C441DF1F9150A45E6B8F9E862711A46 252652 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425151520-f[1].zip
2013-04-25 14:49:38 D761425110B9030C7914726D121DF63C 251075 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425144433-f[1].zip
2013-04-25 14:21:29 58DDAB28255D7A4C391F461785E7036B 250617 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425141345-f[1].zip
2013-04-25 12:49:27 CBF9C44A4C35599989CA8BDA97DDC586 77 ----a-w- C:\Users\Frank\AppData\Local\Temp\utt93A.tmp.bat
2013-04-25 12:46:46 8238AFEC910B6A5BEB61EFCEC87BF499 250985 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425124125-f[1].zip
2013-04-25 11:26:20 FBEC8AD7A31D90757A6B21742167ACB7 1896 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425110907-m[1].zip
2013-04-25 11:26:19 E370930E9F9C6D1A7F324242AB05F0F4 751 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425100738-l[1].zip
2013-04-25 11:26:19 CCC0BC0E8CC014ED51DEA804BAAB7AE2 1707 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425100738-m[1].zip
2013-04-25 11:26:19 B2BE438053EEC6C8692852C9B5AA60EE 164 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425103820-l[1].zip
2013-04-25 11:26:19 AD641FC4F9DD41861E1EEEFD0DC26D91 186 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425103820-m[1].zip
2013-04-25 11:26:19 17CC25B5C9DC5C50EA0886B888B02C62 543 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NI43PN\130425110907-l[1].zip
2013-04-25 09:50:00 F9C42A90F90C309C0CF4D9B4BED3F017 224 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425093651-l[1].zip
2013-04-25 09:50:00 CEF4B87256C4A1EA1429DA539F284C58 164 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBIFJODC\130425093651-m[1].zip
2013-04-25 09:50:00 59A49205A817C631D82182507CC56FF5 553 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SVYFFX2\130425090602-m[1].zip
2013-04-25 09:50:00 17DE76A1E1F4F3B0BDC08F3BDCB7ACB2 674 ----a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS9UN7CD\130425090602-l[1].zip
2013-04-24 06:26:11 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-22 06:49:31 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2013-04-22 06:49:31 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-04-22 06:49:31 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-04-22 06:38:55 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-04-22 06:38:55 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2150396499-982110081-1011283770-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PureSync"="C:\Program Files (x86)\PureSync\PureSyncTray.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PureSync"="C:\Program Files (x86)\PureSync\PureSyncTray.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Frank\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Frank\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]
==== Startup Folders ======================
2013-03-08 10:14:50 1235 ----a-w- C:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job --a------ C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [06.09.2012 21:50]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job --a------ [Undertermined Task]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\cnyiga8c.default
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Ad-Aware Security Toolbar - %ProfilePath%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
- CookieCuller - %ProfilePath%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Frank\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[14.11.2012 02:00]
ProxTube - Frank - Default\Extensions\aakchaleigkohafkfjfjbblobjifikek
Awesome Screenshot: Capture Annotate - Frank - Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce
Media Hint - Frank - Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja
YouTube - Frank - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Chrome YouTube Downloader - Frank - Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja
Google Search - Frank - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Flash Video Downloader - Frank - Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh
Print Friendly & PDF - Frank - Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Gmail - Frank - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{FEFBE52C-63DB-4926-9BA7-73792F09AFE4} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11THS47M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76S0WPBT will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMZ0HD2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU7Q7UE8 will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B02RT71 will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SH3EOLL will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN0A0Q3I will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPJHB2P3 will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1742PZ9M will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4FKOXDWX will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWQS74WO will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7SWKT2Y will be deleted at reboot
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Frank\AppData\Local\Mozilla\Firefox\Profiles\cnyiga8c.default\Cache emptied successfully
C:\users\Frank\AppData\Local\Mozilla\Firefox\Profiles\znnduw6f.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
C:\users\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
Dann bin ich mal gespannt, was du jetzt rausfindest. Gute Nacht (jetzt aber wirklich) Frank |
|
26.04.2013, 07:21
| #6 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Der Skriptfehler wird wahrscheinlich verursacht weil Zoek versucht Systemwiederherstellung zu aktivieren. Sieht aus dass sich da ein Problem vor tut. Scan mit Combofix
|
|
26.04.2013, 08:45
| #7 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? So richtig leicht scheint es für keines der Programme zu sein. Hatte Fehlermeldungen zu Hauf. Hier eine Kurzansicht: - Unable to create file C:\Windows\Hiv-backup\ERDNT.INF - Error saving file C:\Windows\erdnt\Hiv-backup\SYSTEM Continue with next file? - Die gleiche Meldung mit folgenden Pfaden: C:\Windows\erdnt\Hiv-backup\SOFTWARE C:\Windows\erdnt\Hiv-backup\DEFAULT C:\Windows\erdnt\Hiv-backup\SECURITY C:\Windows\erdnt\Hiv-backup\SAM C:\Windows\erdnt\Hiv-backup\BCD Danach nochmal die "Unable to create"-Meldung mit den Pfaden C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT C:\Windows\erdnt\Hiv-backup\Users\00000004\NTUSER.DAT Habe alle Anfragen immer mit "Ja" bzw. "Weiter" beantwortet. Am Ende öffnete sich ein Texteingabefeld mit der Meldung, dass die c.bat nicht gefunden oder falsch geschrieben sei (s. angehängter Screenshot) Eine C:\Combofix.txt wurde nicht erstellt (auch nicht nach Neustart). Dafür eine Datei mit Namen Start_cmd mit folgendem Inhalt: Code:
ATTFilter PEV -k * -preg"\\(cmd\.exe|cmd\.3XE|Nircmd\.3XE)$"
IF EXIST C:\32788R22FWJFW\Start_dat EXIT
ECHO.>C:\32788R22FWJFW\Start_dat
ATTRIB -H -S "C:\32788R22FWJFW\*"
MOVE /Y "C:\32788R22FWJFW\*" "C:\ComboFix"
RD /S/Q "C:\32788R22FWJFW"
START "." /d"C:\ComboFix" "C:\ComboFix\CF31550.3XE" /k c.bat
DEL /A/F C:\Start_.cmd C:\Bug.txt
|
|
26.04.2013, 10:58
| #8 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Anscheinend ist hier mehr los  Versuchen wir etwas anderes: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
26.04.2013, 14:25
| #9 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Habe erstmal MBar ausgeführt. Habe anfangs die eine Frage bekommen (siehe angehängtes Bild), die ich (dem Hinweis entsprechend) mit "Nein" beantwortet. Gefunden hat das Programm anschließend nichts. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.26.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]
26.04.2013 15:12:11
mbar-log-2013-04-26 (15-12-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29089
Time elapsed: 29 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
TDSSKiller war dafür erfolgreicher beim Suchen: Code:
ATTFilter 15:27:30.0189 3372 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:27:30.0418 3372 ============================================================
15:27:30.0418 3372 Current date / time: 2013/04/26 15:27:30.0418
15:27:30.0418 3372 SystemInfo:
15:27:30.0418 3372
15:27:30.0418 3372 OS Version: 6.1.7601 ServicePack: 1.0
15:27:30.0418 3372 Product type: Workstation
15:27:30.0419 3372 ComputerName: FRANK-PC
15:27:30.0419 3372 UserName: Frank
15:27:30.0419 3372 Windows directory: C:\Windows
15:27:30.0419 3372 System windows directory: C:\Windows
15:27:30.0419 3372 Running under WOW64
15:27:30.0419 3372 Processor architecture: Intel x64
15:27:30.0419 3372 Number of processors: 2
15:27:30.0419 3372 Page size: 0x1000
15:27:30.0419 3372 Boot type: Normal boot
15:27:30.0419 3372 ============================================================
15:27:32.0745 3372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:33.0017 3372 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:33.0042 3372 ============================================================
15:27:33.0042 3372 \Device\Harddisk0\DR0:
15:27:33.0042 3372 MBR partitions:
15:27:33.0042 3372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8372000
15:27:33.0042 3372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8372800, BlocksNum 0x32013000
15:27:33.0043 3372 \Device\Harddisk1\DR1:
15:27:33.0043 3372 MBR partitions:
15:27:33.0043 3372 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D090000
15:27:33.0043 3372 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675000
15:27:33.0043 3372 ============================================================
15:27:33.0078 3372 C: <-> \Device\Harddisk0\DR0\Partition1
15:27:33.0117 3372 D: <-> \Device\Harddisk0\DR0\Partition2
15:27:33.0144 3372 F: <-> \Device\Harddisk1\DR1\Partition1
15:27:33.0178 3372 G: <-> \Device\Harddisk1\DR1\Partition2
15:27:33.0178 3372 ============================================================
15:27:33.0178 3372 Initialize success
15:27:33.0178 3372 ============================================================
15:28:08.0220 4984 ============================================================
15:28:08.0220 4984 Scan started
15:28:08.0221 4984 Mode: Manual; SigCheck; TDLFS;
15:28:08.0221 4984 ============================================================
15:28:08.0844 4984 ================ Scan system memory ========================
15:28:08.0844 4984 System memory - ok
15:28:08.0845 4984 ================ Scan services =============================
15:28:09.0055 4984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:28:09.0322 4984 1394ohci - ok
15:28:09.0401 4984 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
15:28:09.0539 4984 acedrv11 - ok
15:28:09.0634 4984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:28:09.0694 4984 ACPI - ok
15:28:09.0748 4984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:28:09.0873 4984 AcpiPmi - ok
15:28:09.0993 4984 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:28:10.0082 4984 Ad-Aware Service - ok
15:28:10.0199 4984 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:10.0248 4984 AdobeARMservice - ok
15:28:10.0308 4984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:28:10.0398 4984 adp94xx - ok
15:28:10.0442 4984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:28:10.0514 4984 adpahci - ok
15:28:10.0546 4984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:28:10.0616 4984 adpu320 - ok
15:28:10.0660 4984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:28:10.0885 4984 AeLookupSvc - ok
15:28:10.0925 4984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:28:11.0048 4984 AFD - ok
15:28:11.0091 4984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:28:11.0146 4984 agp440 - ok
15:28:11.0195 4984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:28:11.0305 4984 ALG - ok
15:28:11.0355 4984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:28:11.0408 4984 aliide - ok
15:28:11.0423 4984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:28:11.0476 4984 amdide - ok
15:28:11.0524 4984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:28:11.0617 4984 AmdK8 - ok
15:28:11.0628 4984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:28:11.0711 4984 AmdPPM - ok
15:28:11.0760 4984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:28:11.0819 4984 amdsata - ok
15:28:11.0845 4984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:28:11.0908 4984 amdsbs - ok
15:28:11.0927 4984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:28:11.0981 4984 amdxata - ok
15:28:12.0025 4984 [ 48F957A11AF8B8278C4A38EEEDDD49B9 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:28:12.0081 4984 ApfiltrService - ok
15:28:12.0129 4984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:28:12.0394 4984 AppID - ok
15:28:12.0436 4984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:28:12.0571 4984 AppIDSvc - ok
15:28:12.0633 4984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:28:12.0755 4984 Appinfo - ok
15:28:12.0802 4984 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:12.0852 4984 Apple Mobile Device - ok
15:28:12.0900 4984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:28:12.0956 4984 arc - ok
15:28:12.0967 4984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:28:13.0027 4984 arcsas - ok
15:28:13.0067 4984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:13.0197 4984 AsyncMac - ok
15:28:13.0234 4984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:28:13.0290 4984 atapi - ok
15:28:13.0358 4984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:13.0566 4984 AudioEndpointBuilder - ok
15:28:13.0629 4984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:28:13.0758 4984 AudioSrv - ok
15:28:13.0819 4984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:28:13.0947 4984 AxInstSV - ok
15:28:13.0999 4984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:28:14.0113 4984 b06bdrv - ok
15:28:14.0161 4984 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:14.0240 4984 b57nd60a - ok
15:28:14.0281 4984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:28:14.0370 4984 BDESVC - ok
15:28:14.0400 4984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:28:14.0538 4984 Beep - ok
15:28:14.0654 4984 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:28:14.0799 4984 BFE - ok
15:28:14.0856 4984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:28:15.0025 4984 BITS - ok
15:28:15.0066 4984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:15.0146 4984 blbdrive - ok
15:28:15.0213 4984 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:28:15.0282 4984 Bonjour Service - ok
15:28:15.0330 4984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:28:15.0430 4984 bowser - ok
15:28:15.0464 4984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:28:15.0541 4984 BrFiltLo - ok
15:28:15.0579 4984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:28:15.0648 4984 BrFiltUp - ok
15:28:15.0659 4984 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:28:15.0793 4984 BridgeMP - ok
15:28:15.0860 4984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:28:15.0933 4984 Browser - ok
15:28:15.0970 4984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:28:16.0071 4984 Brserid - ok
15:28:16.0081 4984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:16.0159 4984 BrSerWdm - ok
15:28:16.0194 4984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:16.0271 4984 BrUsbMdm - ok
15:28:16.0281 4984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:16.0356 4984 BrUsbSer - ok
15:28:16.0366 4984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:28:16.0443 4984 BTHMODEM - ok
15:28:16.0493 4984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:28:16.0620 4984 bthserv - ok
15:28:16.0662 4984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:28:16.0797 4984 cdfs - ok
15:28:16.0847 4984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:28:16.0914 4984 cdrom - ok
15:28:16.0961 4984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:28:17.0109 4984 CertPropSvc - ok
15:28:17.0164 4984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:28:17.0253 4984 circlass - ok
15:28:17.0290 4984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:28:17.0355 4984 CLFS - ok
15:28:17.0435 4984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:17.0493 4984 clr_optimization_v2.0.50727_32 - ok
15:28:17.0581 4984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:17.0634 4984 clr_optimization_v2.0.50727_64 - ok
15:28:17.0716 4984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:17.0802 4984 clr_optimization_v4.0.30319_32 - ok
15:28:17.0844 4984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:17.0889 4984 clr_optimization_v4.0.30319_64 - ok
15:28:17.0931 4984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:18.0004 4984 CmBatt - ok
15:28:18.0151 4984 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:28:18.0308 4984 cmdAgent - ok
15:28:18.0349 4984 [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
15:28:18.0390 4984 cmderd - ok
15:28:18.0427 4984 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
15:28:18.0490 4984 cmdGuard - ok
15:28:18.0516 4984 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
15:28:18.0558 4984 cmdHlp - ok
15:28:18.0607 4984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:28:18.0661 4984 cmdide - ok
15:28:18.0712 4984 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:28:18.0820 4984 CNG - ok
15:28:18.0880 4984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:28:18.0932 4984 Compbatt - ok
15:28:18.0964 4984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:19.0039 4984 CompositeBus - ok
15:28:19.0057 4984 COMSysApp - ok
15:28:19.0082 4984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:28:19.0136 4984 crcdisk - ok
15:28:19.0188 4984 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:28:19.0266 4984 CryptSvc - ok
15:28:19.0325 4984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:28:19.0490 4984 DcomLaunch - ok
15:28:19.0549 4984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:28:19.0709 4984 defragsvc - ok
15:28:19.0779 4984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:28:19.0911 4984 DfsC - ok
15:28:19.0953 4984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:28:20.0047 4984 Dhcp - ok
15:28:20.0069 4984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:28:20.0205 4984 discache - ok
15:28:20.0247 4984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:28:20.0301 4984 Disk - ok
15:28:20.0333 4984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:28:20.0433 4984 Dnscache - ok
15:28:20.0491 4984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:28:20.0619 4984 dot3svc - ok
15:28:20.0702 4984 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:28:20.0781 4984 Dot4 - ok
15:28:20.0803 4984 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:28:20.0885 4984 Dot4Print - ok
15:28:20.0904 4984 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:28:20.0984 4984 dot4usb - ok
15:28:21.0024 4984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:28:21.0150 4984 DPS - ok
15:28:21.0177 4984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:28:21.0262 4984 drmkaud - ok
15:28:21.0321 4984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:28:21.0420 4984 DXGKrnl - ok
15:28:21.0476 4984 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
15:28:21.0558 4984 e1yexpress - ok
15:28:21.0611 4984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:28:21.0768 4984 EapHost - ok
15:28:21.0951 4984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:28:22.0246 4984 ebdrv - ok
15:28:22.0279 4984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:28:22.0366 4984 EFS - ok
15:28:22.0456 4984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:28:22.0613 4984 ehRecvr - ok
15:28:22.0649 4984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:28:22.0723 4984 ehSched - ok
15:28:22.0784 4984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:28:22.0873 4984 elxstor - ok
15:28:22.0919 4984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:28:22.0990 4984 ErrDev - ok
15:28:23.0068 4984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:28:23.0210 4984 EventSystem - ok
15:28:23.0276 4984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:28:23.0406 4984 exfat - ok
15:28:23.0442 4984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:28:23.0587 4984 fastfat - ok
15:28:23.0658 4984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:28:23.0798 4984 Fax - ok
15:28:23.0827 4984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:28:23.0905 4984 fdc - ok
15:28:23.0941 4984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:28:24.0059 4984 fdPHost - ok
15:28:24.0072 4984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:28:24.0201 4984 FDResPub - ok
15:28:24.0240 4984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:28:24.0295 4984 FileInfo - ok
15:28:24.0304 4984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:28:24.0439 4984 Filetrace - ok
15:28:24.0474 4984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:28:24.0535 4984 flpydisk - ok
15:28:24.0625 4984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:28:24.0694 4984 FltMgr - ok
15:28:24.0775 4984 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:28:24.0927 4984 FontCache - ok
15:28:24.0974 4984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:25.0232 4984 FontCache3.0.0.0 - ok
15:28:25.0282 4984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:28:25.0337 4984 FsDepends - ok
15:28:25.0371 4984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:28:25.0424 4984 Fs_Rec - ok
15:28:25.0478 4984 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:28:25.0550 4984 fvevol - ok
15:28:25.0612 4984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:28:25.0667 4984 gagp30kx - ok
15:28:25.0706 4984 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:28:25.0750 4984 GEARAspiWDM - ok
15:28:25.0812 4984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:28:26.0003 4984 gpsvc - ok
15:28:26.0020 4984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:28:26.0096 4984 hcw85cir - ok
15:28:26.0145 4984 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:26.0240 4984 HdAudAddService - ok
15:28:26.0275 4984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:26.0339 4984 HDAudBus - ok
15:28:26.0370 4984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:28:26.0456 4984 HidBatt - ok
15:28:26.0474 4984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:28:26.0556 4984 HidBth - ok
15:28:26.0604 4984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:28:26.0671 4984 HidIr - ok
15:28:26.0709 4984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:28:26.0843 4984 hidserv - ok
15:28:26.0913 4984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:28:26.0975 4984 HidUsb - ok
15:28:27.0004 4984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:28:27.0158 4984 hkmsvc - ok
15:28:27.0225 4984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:28:27.0306 4984 HomeGroupListener - ok
15:28:27.0335 4984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:28:27.0413 4984 HomeGroupProvider - ok
15:28:27.0462 4984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:28:27.0520 4984 HpSAMD - ok
15:28:27.0662 4984 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:28:28.0296 4984 HPSLPSVC - ok
15:28:28.0354 4984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:28:28.0539 4984 HTTP - ok
15:28:28.0583 4984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:28:28.0637 4984 hwpolicy - ok
15:28:28.0667 4984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:28.0732 4984 i8042prt - ok
15:28:28.0785 4984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:28:28.0848 4984 iaStorV - ok
15:28:28.0914 4984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:29.0037 4984 idsvc - ok
15:28:29.0342 4984 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:28:29.0941 4984 igfx - ok
15:28:29.0992 4984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:28:30.0049 4984 iirsp - ok
15:28:30.0110 4984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:28:30.0309 4984 IKEEXT - ok
15:28:30.0359 4984 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
15:28:30.0411 4984 inspect - ok
15:28:30.0527 4984 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:28:30.0657 4984 IntcAzAudAddService - ok
15:28:30.0689 4984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:28:30.0744 4984 intelide - ok
15:28:30.0779 4984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:28:30.0844 4984 intelppm - ok
15:28:30.0872 4984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:28:31.0012 4984 IPBusEnum - ok
15:28:31.0057 4984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:31.0179 4984 IpFilterDriver - ok
15:28:31.0244 4984 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:28:31.0374 4984 iphlpsvc - ok
15:28:31.0403 4984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:28:31.0484 4984 IPMIDRV - ok
15:28:31.0505 4984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:28:31.0637 4984 IPNAT - ok
15:28:31.0710 4984 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:28:31.0828 4984 iPod Service - ok
15:28:31.0858 4984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:28:31.0932 4984 IRENUM - ok
15:28:31.0948 4984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:28:32.0001 4984 isapnp - ok
15:28:32.0042 4984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:28:32.0112 4984 iScsiPrt - ok
15:28:32.0134 4984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:32.0188 4984 kbdclass - ok
15:28:32.0231 4984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:32.0300 4984 kbdhid - ok
15:28:32.0324 4984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:28:32.0387 4984 KeyIso - ok
15:28:32.0428 4984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:28:32.0486 4984 KSecDD - ok
15:28:32.0539 4984 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:28:32.0600 4984 KSecPkg - ok
15:28:32.0645 4984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:28:32.0772 4984 ksthunk - ok
15:28:32.0841 4984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:28:33.0010 4984 KtmRm - ok
15:28:33.0060 4984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:28:33.0201 4984 LanmanServer - ok
15:28:33.0241 4984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:33.0389 4984 LanmanWorkstation - ok
15:28:33.0519 4984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:28:33.0652 4984 lltdio - ok
15:28:33.0706 4984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:28:33.0859 4984 lltdsvc - ok
15:28:33.0903 4984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:28:34.0044 4984 lmhosts - ok
15:28:34.0110 4984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:28:34.0169 4984 LSI_FC - ok
15:28:34.0190 4984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:28:34.0248 4984 LSI_SAS - ok
15:28:34.0275 4984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:28:34.0333 4984 LSI_SAS2 - ok
15:28:34.0354 4984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:28:34.0413 4984 LSI_SCSI - ok
15:28:34.0439 4984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:28:34.0575 4984 luafv - ok
15:28:34.0620 4984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:28:34.0704 4984 Mcx2Svc - ok
15:28:34.0723 4984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:28:34.0778 4984 megasas - ok
15:28:34.0830 4984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:28:34.0899 4984 MegaSR - ok
15:28:34.0942 4984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:28:35.0075 4984 MMCSS - ok
15:28:35.0126 4984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:28:35.0262 4984 Modem - ok
15:28:35.0315 4984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:28:35.0395 4984 monitor - ok
15:28:35.0430 4984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:28:35.0483 4984 mouclass - ok
15:28:35.0522 4984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:28:35.0599 4984 mouhid - ok
15:28:35.0632 4984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:28:35.0688 4984 mountmgr - ok
15:28:35.0745 4984 [ 9CE4C8A46B585EB5103EFE5FDEF3703F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:28:35.0803 4984 MozillaMaintenance - ok
15:28:35.0847 4984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:28:35.0909 4984 mpio - ok
15:28:35.0940 4984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:28:36.0064 4984 mpsdrv - ok
15:28:36.0129 4984 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:28:36.0289 4984 MpsSvc - ok
15:28:36.0322 4984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:28:36.0409 4984 MRxDAV - ok
15:28:36.0449 4984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:36.0552 4984 mrxsmb - ok
15:28:36.0599 4984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:36.0671 4984 mrxsmb10 - ok
15:28:36.0724 4984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:36.0788 4984 mrxsmb20 - ok
15:28:36.0812 4984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:28:36.0866 4984 msahci - ok
15:28:36.0897 4984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:28:36.0958 4984 msdsm - ok
15:28:36.0985 4984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:28:37.0067 4984 MSDTC - ok
15:28:37.0095 4984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:28:37.0224 4984 Msfs - ok
15:28:37.0251 4984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:28:37.0385 4984 mshidkmdf - ok
15:28:37.0404 4984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:28:37.0457 4984 msisadrv - ok
15:28:37.0504 4984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:28:37.0634 4984 MSiSCSI - ok
15:28:37.0644 4984 msiserver - ok
15:28:37.0684 4984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:28:37.0821 4984 MSKSSRV - ok
15:28:37.0875 4984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:38.0008 4984 MSPCLOCK - ok
15:28:38.0018 4984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:28:38.0171 4984 MSPQM - ok
15:28:38.0237 4984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:28:38.0306 4984 MsRPC - ok
15:28:38.0338 4984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:38.0389 4984 mssmbios - ok
15:28:38.0415 4984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:28:38.0550 4984 MSTEE - ok
15:28:38.0582 4984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:28:38.0649 4984 MTConfig - ok
15:28:38.0694 4984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:28:38.0748 4984 Mup - ok
15:28:38.0794 4984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:28:38.0942 4984 napagent - ok
15:28:39.0003 4984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:28:39.0095 4984 NativeWifiP - ok
15:28:39.0155 4984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:28:39.0239 4984 NDIS - ok
15:28:39.0255 4984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:28:39.0382 4984 NdisCap - ok
15:28:39.0410 4984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:39.0532 4984 NdisTapi - ok
15:28:39.0549 4984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:39.0695 4984 Ndisuio - ok
15:28:39.0740 4984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:39.0883 4984 NdisWan - ok
15:28:39.0913 4984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:28:40.0053 4984 NDProxy - ok
15:28:40.0123 4984 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:28:40.0163 4984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:40.0163 4984 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:40.0199 4984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:28:40.0335 4984 NetBIOS - ok
15:28:40.0367 4984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:28:40.0497 4984 NetBT - ok
15:28:40.0512 4984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:28:40.0571 4984 Netlogon - ok
15:28:40.0649 4984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:28:40.0811 4984 Netman - ok
15:28:40.0890 4984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:28:41.0048 4984 netprofm - ok
15:28:41.0076 4984 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:41.0352 4984 NetTcpPortSharing - ok
15:28:41.0604 4984 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:28:42.0010 4984 netw5v64 - ok
15:28:42.0066 4984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:28:42.0121 4984 nfrd960 - ok
15:28:42.0198 4984 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:28:42.0277 4984 NlaSvc - ok
15:28:42.0356 4984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:28:42.0481 4984 Npfs - ok
15:28:42.0515 4984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:28:42.0641 4984 nsi - ok
15:28:42.0673 4984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:28:42.0802 4984 nsiproxy - ok
15:28:42.0938 4984 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:28:43.0124 4984 Ntfs - ok
15:28:43.0158 4984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:28:43.0288 4984 Null - ok
15:28:43.0740 4984 [ CBC377A32C076FD7EA2AFED9445FF6E7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:28:44.0663 4984 nvlddmkm - ok
15:28:44.0696 4984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:28:44.0729 4984 nvraid - ok
15:28:44.0766 4984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:28:44.0829 4984 nvstor - ok
15:28:44.0864 4984 [ BAAE8AB3DA201F265C914210D1284E1F ] nvsvc C:\Windows\system32\nvvsvc.exe
15:28:44.0920 4984 nvsvc - ok
15:28:44.0955 4984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:28:45.0022 4984 nv_agp - ok
15:28:45.0037 4984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:28:45.0101 4984 ohci1394 - ok
15:28:45.0156 4984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:28:45.0262 4984 p2pimsvc - ok
15:28:45.0299 4984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:28:45.0387 4984 p2psvc - ok
15:28:45.0416 4984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:28:45.0491 4984 Parport - ok
15:28:45.0520 4984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:28:45.0578 4984 partmgr - ok
15:28:45.0641 4984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:28:45.0726 4984 PcaSvc - ok
15:28:45.0749 4984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:28:45.0813 4984 pci - ok
15:28:45.0833 4984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:28:45.0886 4984 pciide - ok
15:28:45.0926 4984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:28:45.0991 4984 pcmcia - ok
15:28:46.0016 4984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:28:46.0071 4984 pcw - ok
15:28:46.0105 4984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:28:46.0277 4984 PEAUTH - ok
15:28:46.0413 4984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:28:46.0692 4984 PerfHost - ok
15:28:46.0781 4984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:28:47.0015 4984 pla - ok
15:28:47.0085 4984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:28:47.0199 4984 PlugPlay - ok
15:28:47.0285 4984 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:28:47.0329 4984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:47.0329 4984 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:47.0372 4984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:28:47.0447 4984 PNRPAutoReg - ok
15:28:47.0485 4984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:28:47.0552 4984 PNRPsvc - ok
15:28:47.0666 4984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:28:47.0857 4984 PolicyAgent - ok
15:28:47.0903 4984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:28:48.0036 4984 Power - ok
15:28:48.0134 4984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:28:48.0256 4984 PptpMiniport - ok
15:28:48.0313 4984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:28:48.0394 4984 Processor - ok
15:28:48.0434 4984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:28:48.0524 4984 ProfSvc - ok
15:28:48.0543 4984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:48.0604 4984 ProtectedStorage - ok
15:28:48.0666 4984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:28:48.0803 4984 Psched - ok
15:28:48.0943 4984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:28:49.0141 4984 ql2300 - ok
15:28:49.0165 4984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:28:49.0224 4984 ql40xx - ok
15:28:49.0261 4984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:28:49.0355 4984 QWAVE - ok
15:28:49.0378 4984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:28:49.0461 4984 QWAVEdrv - ok
15:28:49.0729 4984 [ 138F7963118EC710C348819C08F72230 ] Radio.fx D:\Tobit Radio.fx\Server\rfx-server.exe
15:28:49.0970 4984 Radio.fx - ok
15:28:50.0022 4984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:28:50.0144 4984 RasAcd - ok
15:28:50.0186 4984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:28:50.0309 4984 RasAgileVpn - ok
15:28:50.0364 4984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:28:50.0504 4984 RasAuto - ok
15:28:50.0554 4984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:50.0706 4984 Rasl2tp - ok
15:28:50.0756 4984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:28:50.0894 4984 RasMan - ok
15:28:50.0947 4984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:51.0080 4984 RasPppoe - ok
15:28:51.0137 4984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:28:51.0271 4984 RasSstp - ok
15:28:51.0342 4984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:28:51.0492 4984 rdbss - ok
15:28:51.0508 4984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:28:51.0592 4984 rdpbus - ok
15:28:51.0626 4984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:51.0754 4984 RDPCDD - ok
15:28:51.0825 4984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:28:51.0953 4984 RDPENCDD - ok
15:28:52.0008 4984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:28:52.0130 4984 RDPREFMP - ok
15:28:52.0204 4984 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:28:52.0291 4984 RdpVideoMiniport - ok
15:28:52.0330 4984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:28:52.0426 4984 RDPWD - ok
15:28:52.0471 4984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:28:52.0534 4984 rdyboost - ok
15:28:52.0601 4984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:28:52.0730 4984 RemoteAccess - ok
15:28:52.0778 4984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:28:52.0917 4984 RemoteRegistry - ok
15:28:53.0019 4984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:28:53.0141 4984 RpcEptMapper - ok
15:28:53.0208 4984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:28:53.0286 4984 RpcLocator - ok
15:28:53.0334 4984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:28:53.0468 4984 RpcSs - ok
15:28:53.0532 4984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:28:53.0700 4984 rspndr - ok
15:28:53.0730 4984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:28:53.0788 4984 SamSs - ok
15:28:53.0965 4984 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:28:54.0142 4984 SBAMSvc - ok
15:28:54.0219 4984 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
15:28:54.0264 4984 sbapifs - ok
15:28:54.0318 4984 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
15:28:54.0373 4984 SbFw - ok
15:28:54.0412 4984 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
15:28:54.0459 4984 SBFWIMCL - ok
15:28:54.0473 4984 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
15:28:54.0516 4984 SBFWIMCLMP - ok
15:28:54.0547 4984 [ B671EEF468D13016B9286F5835A06AE1 ] SbHips C:\Windows\system32\drivers\sbhips.sys
15:28:54.0600 4984 SbHips - ok
15:28:54.0647 4984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:28:54.0707 4984 sbp2port - ok
15:28:54.0742 4984 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
15:28:54.0787 4984 SBRE - ok
15:28:54.0806 4984 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
15:28:54.0853 4984 sbwtis - ok
15:28:54.0897 4984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:28:55.0031 4984 SCardSvr - ok
15:28:55.0077 4984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:28:55.0204 4984 scfilter - ok
15:28:55.0266 4984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:28:55.0486 4984 Schedule - ok
15:28:55.0516 4984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:28:55.0631 4984 SCPolicySvc - ok
15:28:55.0687 4984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:28:55.0780 4984 SDRSVC - ok
15:28:55.0829 4984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:28:55.0968 4984 secdrv - ok
15:28:56.0036 4984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:28:56.0158 4984 seclogon - ok
15:28:56.0214 4984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:28:56.0356 4984 SENS - ok
15:28:56.0467 4984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:28:56.0564 4984 SensrSvc - ok
15:28:56.0643 4984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:28:56.0715 4984 Serenum - ok
15:28:56.0744 4984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:28:56.0821 4984 Serial - ok
15:28:56.0834 4984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:28:56.0912 4984 sermouse - ok
15:28:56.0982 4984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:28:57.0120 4984 SessionEnv - ok
15:28:57.0132 4984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:28:57.0201 4984 sffdisk - ok
15:28:57.0262 4984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:28:57.0344 4984 sffp_mmc - ok
15:28:57.0360 4984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:28:57.0432 4984 sffp_sd - ok
15:28:57.0462 4984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:28:57.0536 4984 sfloppy - ok
15:28:57.0615 4984 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:28:57.0780 4984 SharedAccess - ok
15:28:57.0878 4984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:28:58.0011 4984 ShellHWDetection - ok
15:28:58.0047 4984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:28:58.0102 4984 SiSRaid2 - ok
15:28:58.0138 4984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:28:58.0194 4984 SiSRaid4 - ok
15:28:58.0231 4984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:28:58.0360 4984 Smb - ok
15:28:58.0414 4984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:28:58.0497 4984 SNMPTRAP - ok
15:28:58.0523 4984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:28:58.0578 4984 spldr - ok
15:28:58.0643 4984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:28:58.0733 4984 Spooler - ok
15:28:58.0874 4984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:28:59.0096 4984 sppsvc - ok
15:28:59.0127 4984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:28:59.0255 4984 sppuinotify - ok
15:28:59.0308 4984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:28:59.0428 4984 srv - ok
15:28:59.0462 4984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:28:59.0556 4984 srv2 - ok
15:28:59.0591 4984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:28:59.0658 4984 srvnet - ok
15:28:59.0716 4984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:28:59.0843 4984 SSDPSRV - ok
15:28:59.0878 4984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:00.0008 4984 SstpSvc - ok
15:29:00.0077 4984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:29:00.0130 4984 stexstor - ok
15:29:00.0162 4984 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:29:00.0239 4984 StillCam - ok
15:29:00.0311 4984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:00.0450 4984 stisvc - ok
15:29:00.0484 4984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:29:00.0536 4984 swenum - ok
15:29:00.0628 4984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:29:00.0829 4984 swprv - ok
15:29:00.0913 4984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:29:01.0125 4984 SysMain - ok
15:29:01.0169 4984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:01.0265 4984 TabletInputService - ok
15:29:01.0295 4984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:01.0462 4984 TapiSrv - ok
15:29:01.0486 4984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:29:01.0613 4984 TBS - ok
15:29:01.0722 4984 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:01.0899 4984 Tcpip - ok
15:29:01.0992 4984 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:02.0112 4984 TCPIP6 - ok
15:29:02.0215 4984 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:02.0276 4984 tcpipreg - ok
15:29:02.0328 4984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:02.0424 4984 TDPIPE - ok
15:29:02.0460 4984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:02.0525 4984 TDTCP - ok
15:29:02.0607 4984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:02.0729 4984 tdx - ok
15:29:02.0767 4984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:29:02.0822 4984 TermDD - ok
15:29:02.0880 4984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:29:03.0067 4984 TermService - ok
15:29:03.0086 4984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:29:03.0162 4984 Themes - ok
15:29:03.0179 4984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:03.0300 4984 THREADORDER - ok
15:29:03.0340 4984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:29:03.0475 4984 TrkWks - ok
15:29:03.0535 4984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:03.0662 4984 TrustedInstaller - ok
15:29:03.0703 4984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:03.0837 4984 tssecsrv - ok
15:29:03.0894 4984 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:29:03.0981 4984 TsUsbFlt - ok
15:29:04.0028 4984 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:29:04.0087 4984 TsUsbGD - ok
15:29:04.0132 4984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:04.0261 4984 tunnel - ok
15:29:04.0290 4984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:29:04.0347 4984 uagp35 - ok
15:29:04.0389 4984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:04.0522 4984 udfs - ok
15:29:04.0640 4984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:04.0726 4984 UI0Detect - ok
15:29:04.0763 4984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:04.0819 4984 uliagpkx - ok
15:29:04.0883 4984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:29:04.0963 4984 umbus - ok
15:29:04.0976 4984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:29:05.0046 4984 UmPass - ok
15:29:05.0096 4984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:29:05.0242 4984 upnphost - ok
15:29:05.0295 4984 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:29:05.0382 4984 usbaudio - ok
15:29:05.0425 4984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:05.0507 4984 usbccgp - ok
15:29:05.0608 4984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:29:05.0680 4984 usbcir - ok
15:29:05.0708 4984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:29:05.0783 4984 usbehci - ok
15:29:05.0835 4984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:05.0927 4984 usbhub - ok
15:29:05.0974 4984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:06.0040 4984 usbohci - ok
15:29:06.0099 4984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:29:06.0184 4984 usbprint - ok
15:29:06.0250 4984 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:29:06.0318 4984 usbscan - ok
15:29:06.0348 4984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:06.0427 4984 USBSTOR - ok
15:29:06.0474 4984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:06.0543 4984 usbuhci - ok
15:29:06.0629 4984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:29:06.0769 4984 UxSms - ok
15:29:06.0820 4984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:29:06.0878 4984 VaultSvc - ok
15:29:06.0929 4984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:29:06.0982 4984 vdrvroot - ok
15:29:07.0032 4984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:29:07.0209 4984 vds - ok
15:29:07.0233 4984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:07.0302 4984 vga - ok
15:29:07.0320 4984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:07.0455 4984 VgaSave - ok
15:29:07.0490 4984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:29:07.0556 4984 vhdmp - ok
15:29:07.0604 4984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:07.0659 4984 viaide - ok
15:29:07.0673 4984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:07.0729 4984 volmgr - ok
15:29:07.0760 4984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:07.0835 4984 volmgrx - ok
15:29:07.0866 4984 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:07.0936 4984 volsnap - ok
15:29:07.0982 4984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:29:08.0043 4984 vsmraid - ok
15:29:08.0128 4984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:29:08.0367 4984 VSS - ok
15:29:08.0387 4984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:29:08.0466 4984 vwifibus - ok
15:29:08.0508 4984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:29:08.0641 4984 W32Time - ok
15:29:08.0704 4984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:29:08.0776 4984 WacomPen - ok
15:29:08.0828 4984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:08.0966 4984 WANARP - ok
15:29:08.0979 4984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:09.0094 4984 Wanarpv6 - ok
15:29:09.0188 4984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:29:09.0371 4984 wbengine - ok
15:29:09.0407 4984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:09.0496 4984 WbioSrvc - ok
15:29:09.0568 4984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:09.0667 4984 wcncsvc - ok
15:29:09.0691 4984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:09.0791 4984 WcsPlugInService - ok
15:29:09.0833 4984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:29:09.0887 4984 Wd - ok
15:29:09.0948 4984 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:10.0067 4984 Wdf01000 - ok
15:29:10.0101 4984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:10.0240 4984 WdiServiceHost - ok
15:29:10.0253 4984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:10.0330 4984 WdiSystemHost - ok
15:29:10.0367 4984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:29:10.0467 4984 WebClient - ok
15:29:10.0497 4984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:10.0646 4984 Wecsvc - ok
15:29:10.0700 4984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:10.0826 4984 wercplsupport - ok
15:29:10.0892 4984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:11.0015 4984 WerSvc - ok
15:29:11.0078 4984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:11.0198 4984 WfpLwf - ok
15:29:11.0254 4984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:11.0309 4984 WIMMount - ok
15:29:11.0327 4984 WinDefend - ok
15:29:11.0353 4984 WinHttpAutoProxySvc - ok
15:29:11.0413 4984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:11.0548 4984 Winmgmt - ok
15:29:11.0700 4984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:11.0933 4984 WinRM - ok
15:29:12.0023 4984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:12.0174 4984 Wlansvc - ok
15:29:12.0198 4984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:29:12.0260 4984 WmiAcpi - ok
15:29:12.0305 4984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:12.0384 4984 wmiApSrv - ok
15:29:12.0443 4984 WMPNetworkSvc - ok
15:29:12.0480 4984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:12.0559 4984 WPCSvc - ok
15:29:12.0581 4984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:12.0655 4984 WPDBusEnum - ok
15:29:12.0691 4984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:12.0812 4984 ws2ifsl - ok
15:29:12.0832 4984 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:29:12.0914 4984 wscsvc - ok
15:29:12.0928 4984 WSearch - ok
15:29:13.0060 4984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:13.0202 4984 wuauserv - ok
15:29:13.0255 4984 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:13.0336 4984 WudfPf - ok
15:29:13.0395 4984 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:13.0477 4984 WUDFRd - ok
15:29:13.0527 4984 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:13.0611 4984 wudfsvc - ok
15:29:13.0659 4984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:13.0748 4984 WwanSvc - ok
15:29:13.0779 4984 ================ Scan global ===============================
15:29:13.0844 4984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:13.0892 4984 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:29:13.0914 4984 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:29:13.0952 4984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:13.0987 4984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:13.0998 4984 [Global] - ok
15:29:13.0999 4984 ================ Scan MBR ==================================
15:29:14.0019 4984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:29:14.0527 4984 \Device\Harddisk0\DR0 - ok
15:29:14.0534 4984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:29:14.0878 4984 \Device\Harddisk1\DR1 - ok
15:29:14.0879 4984 ================ Scan VBR ==================================
15:29:14.0885 4984 [ 756AC5B371C9FAF69D6F7172119E9CDE ] \Device\Harddisk0\DR0\Partition1
15:29:14.0888 4984 \Device\Harddisk0\DR0\Partition1 - ok
15:29:14.0935 4984 [ 856A7711EE9BA389A5014FFD3B9A3891 ] \Device\Harddisk0\DR0\Partition2
15:29:14.0938 4984 \Device\Harddisk0\DR0\Partition2 - ok
15:29:14.0945 4984 [ 0C84BD2881D4CBFF104220F5756590AA ] \Device\Harddisk1\DR1\Partition1
15:29:14.0948 4984 \Device\Harddisk1\DR1\Partition1 - ok
15:29:14.0974 4984 [ 252E3CD0B287BF44C14E5C31AB6D36AB ] \Device\Harddisk1\DR1\Partition2
15:29:14.0977 4984 \Device\Harddisk1\DR1\Partition2 - ok
15:29:14.0978 4984 ============================================================
15:29:14.0978 4984 Scan finished
15:29:14.0978 4984 ============================================================
15:29:15.0006 3508 Detected object count: 2
15:29:15.0006 3508 Actual detected object count: 2
15:29:38.0242 3508 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:38.0243 3508 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:38.0248 3508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:38.0248 3508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Hennes2000 (26.04.2013 um 14:31 Uhr) |
|
26.04.2013, 15:13
| #10 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Es ist mir immer noch nicht klar ob da wirklich etwas schlimmes los is. Versuch Combofix zu drehen im Abgesicherten Modus: Starten des Computers im abgesicherten Modus |
|
26.04.2013, 16:00
| #11 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Im abgesicherten Modus war es deutlich erfolgreicher! Zwar hat er gemeckert, dass Comodo und AdAware auf wären, aber das nahm er auch an nachdem ich alle Dienste im Task-Manager geschlossen hatte. Er hat mir das auch nur noch mitgeteilt und die Prüfung so oder so begonnen. War eher eine Information als eine Frage. Hier die ComboFix.txt: Code:
ATTFilter ComboFix 13-04-25.01 - Frank 26.04.2013 16:42:08.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4029.3395 [GMT 2:00]
ausgeführt von:: c:\users\Frank\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-26 bis 2013-04-26 ))))))))))))))))))))))))))))))
.
.
2013-04-25 23:50 . 2013-04-26 00:03 -------- d-----w- C:\zoek
2013-04-25 22:29 . 2013-04-25 22:29 -------- d-----w- c:\windows\SysWow64\zoek
2013-04-24 06:26 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 06:46 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-22 06:45 . 2013-02-22 06:15 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-04-22 06:45 . 2013-02-22 06:15 816640 ----a-w- c:\windows\system32\jscript.dll
2013-04-22 06:45 . 2013-02-22 06:13 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-04-22 06:45 . 2013-02-22 06:21 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-04-22 06:45 . 2013-02-22 03:39 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-04-22 06:45 . 2013-02-22 03:38 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-04-22 06:45 . 2013-02-22 06:22 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-04-22 06:45 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-22 06:45 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-22 06:38 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-22 06:38 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-22 06:38 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-22 06:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-22 06:38 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-22 06:38 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-22 06:38 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-10 19:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 19:26 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:26 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 19:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 19:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 16:55 . 2013-04-09 16:55 -------- d-----w- c:\users\Frank\Heldenverwaltung
2013-04-09 16:55 . 2013-04-09 16:55 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2013-04-09 16:54 . 2013-04-09 16:54 -------- d-----w- c:\program files (x86)\Heldenverwaltung
2013-04-03 10:50 . 2013-04-03 10:51 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 06:51 . 2012-05-31 00:21 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-23 16:32 . 2013-03-23 16:32 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 16:32 . 2012-11-18 11:55 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-23 16:32 . 2012-11-18 11:55 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 12:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 12:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 12:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-15 08:39 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2013-02-01 903712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
R3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-07 22736]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 19:50]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150396499-982110081-1011283770-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-04-09 265216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-22 16336416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\znnduw6f.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-26 16:48:15
ComboFix-quarantined-files.txt 2013-04-26 14:48
.
Vor Suchlauf: 8 Verzeichnis(se), 22.170.013.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 23.869.890.560 Bytes frei
.
- - End Of File - - 8CA77EAA1AF1AD0078DDAF0B1C2227D7
|
|
26.04.2013, 17:25
| #12 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter C:\Users\Frank\AppData\Local\adaware\data;vs
Poste mir das neue Log von Zoek. |
|
26.04.2013, 19:11
| #13 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Log ist zu lang zum Posten und zu groß zum Anhängen als log-Datei (250k). Hänge es deshalb als Zip an. |
|
26.04.2013, 19:38
| #14 |
| /// Malwareteam / Visitor | TrojWare.JS.Agent.IL in AdAware eingenistet? Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter type C:\Users\Frank\AppData\Local\adaware\data\130426071018-l.list>>log.txt;b
Poste mir das neue Log von Zoek. |
|
26.04.2013, 19:59
| #15 |
| | TrojWare.JS.Agent.IL in AdAware eingenistet? Neu Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by Frank on 26.04.2013 at 20:43:28,76.
Running in: Normal Mode No Internet Access Detected
==== Batch Command(s) Run By Tool======================
222.236.44.17/%7eimapseoul/paypal.com/paypal
88.208.233.253/.ep/ep.htm
abpersonaltraining.com/wp-admin/includes/www.nwolb.com/1_source.php?https://www.nwolb.com/default.aspx?refererident=77c0acc69d1e33f28a475882ff386cf92095694f&cookieid=193636&noscr=false&cookiecheck=2012-04-03t04:20:14
bani-net-azi.ro/wp-content/themes/pure-line/library/functions/uco/index2.html
bapmaquinaria.com.mx/components/paypal/www.paypal.comuscgi-binwebscrcmd=_login-submit/64769abc949c993962025ce7e0d4c4ac/
bapmaquinaria.com.mx/components/paypal/www.paypal.comuscgi-binwebscrcmd=_login-submit/6d9fe19b2827c85e16acd86e7ed581ad/
customer.service.confirm.paypal.com.cgi.bin.webscr.cmd.login.submit.dispatch.9267d8.80a1a67d8.db167d8.4e635267d8.80a17d67d80a13faee6d6767d8.110b67d8.e98767asdsa4c752sd467d8.granciasi67d8.das67d8.fitnessmodels.com.br/logto/a91de16884f606f37dc89ba01e9bf719/
dl.dropboxusercontent.com/u/59315736/client.exe
dl.dropboxusercontent.com/u/74470609/photoinstrument.exe
downloads.ptf.com/stor2/0/219/itunes.exe
downloads.ptf.com/stor2/36/36238/tncremont.exe
elcirculocafe.com.ar/caixaeconomica.php
fc13.userfiles.me/f/081054214170194092147237205234222076180092231059/1366222422/34922013/0/269632a286f976f8c14873345fd989a6/aktivacija_windows_7_loader-spaces.ru.exe
ictjournal.co.uk/secure-code4/security/login.php
jifrex.com/dorc/asmon/sbn/per.dery/m/icus.php
mezonbarboza.com.br/cgi-sys/suspendedpage.cgi?url=hxxp://www.cyberlink.com/english/download/affiliate.jsp?clid=2581_-1_20_enu-02-2013-apr-gb-aboutcl_0&redirecturl=hxxp://www.cyberlink.com/english/companybg/company_bg.jsp?utm_campaign=edm%26utm_
paypal.com.cgi-bin-webscr-cmd-login-submit-dispatch-536616.9315cf1b2a6612a663.d3fa66.2f7415cf1b7415c885d8.0a8e28ee8d19.5a579f1b.lihakoe.co.za/cgibin/confirm/processing/cmd=/47a351c140256a21e7b229c0c346ba5b/
redirecionamentofaturazero.com/copa/cielo/cadastro.php
rosebeanevents.com/blog/wp-includes/text/diff/engine/rino/login/secure-code117/security/login.php
simeuqueroseguro.site11.com/promocoes/vouchers/cadastro/usernovo2013edit01cadastro338413/index.shtml
utgw42sw8.hdmediastore.com/logo.png
www.burracoweb.it/tw.exe
www.cebit.at/teamviewerqs.exe
www.dbdpix.20megsfree.com/marriagemindedpeoplemeet.html
www.falcogames.com/distributives/forestlifesetup.exe
www.falcogames.com/distributives/seaattacksetup.exe
www.falcogames.com/distributives/xoloxsetup.exe
www.m8000.com.br/emerson1/emerson1/link.php?m=100416&n=90&l=15&f=h
 Und weil ich nicht will, dass es untergeht wiederhole ich mich auch gerne: Danke für die Mühen.  |
|
| Themen zu TrojWare.JS.Agent.IL in AdAware eingenistet? |
| 7-zip, ad-aware, adaware, application/pdf:, bluescreen, bonjour, comodo internet security, converter, desktop, downloader, error, fehlalarm, firefox, flash player, google, hilfreich, home, install.exe, js.agent.il, logfile, malware, minidump, mp3, ntdll.dll, plug-in, problem, realtek, scan, schädling, security, server, software, svchost.exe, trojaner, windows, youtube downloader |
WARNUNG an die MITLESER: 
Linear-Darstellung
